Expert: Carolyn Meinel - 8/6/2004

Question
Hello!

Running Windows 98
Computer is s-l-o-w
System resources 63% free at start up
Too many programs running in the background?

MY TEMP FIX
ctrl-alt-delete and remove one program at a time, additional system resources are freed up / computer runs faster

THE PROBLEM:
Start/Run/Msconfig/OK - The system configuration utility window appears just briefly and disappears.  I think I need to get into the Start-Up tab of this window in order to disable some of the background programs that are running.  (Regedit window also disappears)

ADDITIONAL INFO.
I have Zone Alarm Free version
I ran Ad-Aware 6.0
I ran Trend Micro's housecall which flags out "WORM_SPYBOT.MR"
I'm unable to delete this guy.  

Is this my problem?


Answer
Clearly you have done the right things to get rid of ordinary spyware. Your Trend Micro scan was an excellent move as it identified your attacking program.

The bad news is that the WORM_SPYBOT class of Trojans are rare, but quite dangerous. They spread via Kazaa and mIRC, open a back door into your computer, and alert crminals to the fact that it has this back door open. In a case like this, the criminals could have already done just about anything to your computer to make it almost impossible to get rid of them.

I'm sorry to say that the only way to be certain to eradicate this worm and any other programs the criminals may have installed through their back door is to back up your data, reformat the hard drive and reinstall. You should be careful to only reinstall programs from the original media (CD, etc.) on which they came. In the case of any downloaded files, they could have become infected by copies of the Trojan. So you would have to wait until you have every protection in place before downloading any programs.

When reinstalling, before getting back online, first be sure to install a firewall (in Windows XP, enable the firewall on your Internet connection). Then install your antivirus program, then get online to update your antivirus and Windows. Only after this is it safe (OK, kind of safe) to load your data backups. To be safer, it would be a good idea to not use peer-to-peer file swapping programs, and not acept file transfers via IRC or instant messaging, as WORM_SPYBOT is just one of many dangerous Trojans passed around this way.

If you have been doing online banking or using your credit card over the Internet, you may be in danger of becoming a victim of financial fraud. To be safe, you should check the balances of your credit card(s) and bank accounts. Even if nothing has happened, it may just be that the criminals haven't gotten around to stealing from you yet.

You can solve this problem by getting a new credit card number issued and changing your bank login info (via phone, not online).