Tech Support banner

Status
Not open for further replies.
1 - 13 of 13 Posts

·
Registered
Joined
·
26 Posts
Discussion Starter #1
I Have several problems that are driving me nuts since I have been unsuccessful in trying to remedy them on my own.
First off I have a Dell Dimension XPS T450 running Win98 with 128 Ram. I was recently infected with the vbs loveletter worm ( I think From Kazaa) I don not know if this will have any bearing on my main problem. ( Icleaned out the virus by the way)

In System Properties/ Device manager, I have the exclamation point on processor support under system devices. Properties for this tell me:

The NTKERN.VXD device loader(s) for this device could not load the device driver (code 2)

Yeah I tried updating the driver. I do not have a disk to extract the file from. I do have a Win98 SE OEM disk I borrowed but havent had any luck using that ( I may be doing it wrong)

It may or may not be of consequence, but since i have found ntkern mention quite often in regards to Iomega Zip drives ( I have one, it does not show up under my computer but does show up under system properties as working properly) I also do not have an installation disk for the zip drive.

Any ideas??

Oh yeah one more thing....since my vbs worm some of my mp3 file are marked as system files in file properties and therefor will not show up when i scan my computer for media. Just a bit of an annoyance. How can I uncheck that box??

Thanx so much you wonderful tech gods.
 

·
Watching from the shadows
Joined
·
1,143 Posts
To tell you to truth I would just reload but make sure you delete all partions then turn the computer off for about 5 min before you reload this will kill the virus or any traces of it as well as if it jumps to the memory the 5 minute will let the memory disipate thus allowing the virus to be completely dead. With as much problems you are having the easiest fix is to reload sorry.
 

·
Registered
Joined
·
26 Posts
Discussion Starter #4
Do You Mean reload Windows? I would but I dont have a compatible disk ( I got the computer for free, it had been previously been used in an office) I am confident that the virus is eliminated. I Dont wanna go buy a disk (whine)!
 

·
Registered
Joined
·
286 Posts
I don't know what virus scanning program you use but, it sounds like you didn't get rid of the virus completly. Unless you're really sure you got rid of everything you might want to recheck all the things that the virus effects. Click here to read McAfee's desription of this virus

Hope this helps.

twas
 

·
Registered
Joined
·
26 Posts
Discussion Starter #6
Nah i double checked. To be specific I had the VBS.LoveLetter.as. I found it with Norton Antivirus. The funny thing is I dont remember any email as described (oh yeah the link you provided...mcafee was mispelled...just in case you pass that on again)
But would processor support and zip drive be affected? According to the details the only files that seem to be affected are mp3 and jpg files...
 

·
Registered
Joined
·
1,691 Posts
Welcome to the board,


The NTKERN.VXD device loader(s) for this device could not load the device driver (code 2)
This error code means : "The system cannot find the file specified." A key in your registry might have been corrupted of files dependent on this may be missing or improperly associated.

Try running "sfc /scannow" from the command line and see if it flags anything. Also does this error you get only occur at startup? And if so does it occur at every startup?

post back and let us know.
 

·
Registered
Joined
·
26 Posts
Discussion Starter #8
ViciousMelon said:
In System Properties/ Device manager, I have the exclamation point on processor support under system devices. Properties for this tell me:

The NTKERN.VXD device loader(s) for this device could not load the device driver (code 2)




[/B]
I do not get any error messages regarding this driver. I did get a BSOD saying: An Exception 0E has occurred at 0028:d0d2971f in VxD ---. This was called from 0028:c183fe04 in VxD --- I do not know if this is due to that driver. I will try what you suggested and let you know what happens.
 

·
Registered
Joined
·
852 Posts
Ok- look for this directory (a long shot but some oem's did it this way) c:\windows\system\options\cabs. Or do a general search for a directory called "cabs". This is where they loaded windows from! It has the entire windows setup in it, just find the setup.exe or install.exe in that directory and run it. It will re-load windows. (If it is there!)
 

·
Registered
Joined
·
26 Posts
Discussion Starter #10
Okay, Im familiar with that. Had to reload windows acouple months ago. I didnt even think of doing that! Duh. On A good note i fixed my flickering and my zip drive is back. And the new Real One Player finds my mp3's showing as system files. So lets hope this problem is also fixed...i will let you know Thanks again.
 

·
Registered
Joined
·
286 Posts
ViciousMelon,

Sorry your still having problems with this. Let me try one more time, hope it won't waste too much of you time to read this:

If the user runs the attachment the worm runs using the Windows Scripting Host program. This is not normally present on Windows 95 or Windows NT unless Internet Explorer 5 is installed.

When the worm is first run it drops copies of itself and writes an .HTM file in the following places :

WINDOWS\SYSTEM\MSKERNEL32.VBS
WINDOWS\WIN32DLL.VBS
WINDOWS\SYSTEM\LOVE-LETTER-FOR-YOU.TXT.VBS
WINDOWS\SYSTEM\LOVE-LETTER-FOR-YOU.HTM

It also adds the registry keys :

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\
MSKernel32=WINDOWS\SYSTEM\MSKernel32.vbs

HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices\
Win32DLL=WINDOWS\Win32DLL.vbs

in order to run the worm at system startup.

This worm searches all drives connected to the host system and replaces the following files:

*.JPG
*.JPEG

with copies of itself and it adds the extension .VBS to the original filename. So PICT.JPG would be replaced with PICT.JPG.VBS and this would contain the worm.


The worm also overwrites the following files:

*.VBS
*.VBE
*.JS
*.JSE
*.CSS
*.WSH
*.SCT
*.HTA

with copies of itself and renames the files to *.VBS.

This virus locates instances of the following file types:

*.MP3
*.MP2

and if found, makes them hidden and copies itself as these filenames except with .VBS extension. For instance, if file exists as "2PAC.MP3", this now becomes a hidden file and the virus is copied as "2PAC.MP3.VBS".

The worm creates a file 'LOVE-LETTER-FOR-YOU.HTM' which contains the worm and this is then sent to the IRC channels if the mIRC client is installed. This is accomplished by the worm replacing the file SCRIPT.INI.

After a short delay the worm uses Microsoft Outlook to send copies of itself to all entries in the address book. The mails will be of the same format as the original mail.

This worm also has another trick up it's sleeve in that it tries to download and install an executable file called WIN-BUGSFIX.EXE from the Internet. This exe file is a password stealing program that will email any cached passwords to the mail address [email protected]

twas
 

Attachments

·
Registered
Joined
·
26 Posts
Discussion Starter #13
:rolleyes:

Thank you Twas But as I said before I know I had the worm. I caught it quickly and cleaned it out. Its gone. Really. I have rad a few things about the worm and i really do not remember reading anything about this worm affecting processor support or VxD files. If Im wrong about this please let me know. I would think that if this was a known effect something would have popped up in all my searching.
 
1 - 13 of 13 Posts
Status
Not open for further replies.
Top