hello there!

yesterday i had a virus called "IBM00003.EXE" or something on my computer, my AVG detected it and deleted it

scaned my system again, nothing, no virus.

but now when i log in to my windows account it says "Loading your personal settings" but it takes AGES until im on my dektop, normally it takes like 2-3 seconds, now it takes 10 or more

then when im finally there on my desktop i get the following error message (see attachment)

i googled for "ibm00003.exe" and the only good site i found was this one:
http://www.superadblocker.com/definition/ibm00003/

installed it but it didnt find anything!

the virus is gone but still there/wants to open and i think thats why it takes so long to log in

Also checked my startup, nothing "strange" there!

Their is still a program hook in the registry that needs cleaning.

You can use >Startup Control Panel (http://www.mlin.net/StartupCPL.shtml)< to see if you can disable it using that (once installed - it resides as an Icon in Control Panel)!

Or use >RegCleaner (http://www.worldstart.com/weekly-download/archives/reg-cleaner4.3.htm)<, I describe the best way to use it >Here (http://www.sysopt.com/forum/showpost.php?p=1336396&postcount=5) <

good luck! :t

BTW: I hope you remembered to disable your system restore files whilst cleaning the virus. ;)

thanks for the reply

BTW: I hope you remembered to disable your system restore files whilst cleaning the virus. ;)

yes, did that!


there is nothing in the control panel! i used reg cleaner and had some files and "cleaned" them, now there is nothing

restarted comp, same problem! still have it

there were 8 ignored entries in reg cleaner, you said its besser not to touch them!? and how do i see them because they dont show up in the list

should i delete these 8 ignored entries too?

RegCleaner
Options>Registry Cleanup>Ignore List!

It's probably best to make a new Restore Point before you deselect anything though.
________________________

StartUpCPL
when I said look for the Icon in Control Panel - I meant the Icon for the "StartupCPL" program I linked to.

http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?ID=47759

AVG just deleted the .exe file but it didn't remove all of the trojan. Run several AV and trojan scans from safe mode. Look in the Sysopt arsenal for tools : http://www.sysopt.com/forum/showthread.php?t=161595

hm i really dont get it

checked my system with loads of anti virus, anti trojans and anti spyware programs

never found anything

i might just give up, in 1 month im getting a new prozessor and motherboard anywhere and then i have to install windows again . . .

You might have to manually check the directories that are mentioned in the CA link ?

http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?ID=47759

what a nasty virus

"got" him

searched again for ibm..... in the registry

i deleted everything but still the login took ages

always when i searched it found "explorer.exe" . . . i didnt get that because it had nothing to do with ibm00003 . . . i pressed "modify" on the file . . . it said explorer.exe, then there were LOADS of spaces and in the end it said C:\.....\ibm00003.exe

shud have realeased it earlier

but thanks rocket and strawbs for the help :t

There are two things you need.

CounterSpy (forget M$ effort)

http://www.sunbelt-software.com/CounterSpy.cfm

and NOD32

http://www.eset.com/home/home.htm

Then you can relax, assuming you have a firewall router and a software firewall like ZoneAlarm Pro.

Hi, I had (or still have) this type of trojan - ibm00003.exe.
My PC worked very wrong and slowly... some programs didn't function as well as USB ports...

1) I deleted this file from MS-DOS through program manager "M602", because in WIN98SE it was inpossible
2) You are right, it disturb the startup of Windows, in spite of the fact it was deleted and there was no record in register, so I copy exe file of Notepad to trojan location (because it has minimum influence on RAM, so it can be some other exe file, it depends on you) and rename it into "ibm00003.exe", so I cheated the trojan...

Since, the system works as before, however I must close the Notepad at every StatUp...
Sorry for my English, Ivan from the Czech rep.

http://www.sunbelt-software.com/CounterSpy.cfm

and NOD32

http://www.eset.com/home/home.htm

These are fully functional trialware versions. Use them and say goodbye to your problem.

Update the signitures before scanning.