Since this is a new page for me, I will only have the current virus as I call it "Facebook ncsjapi32.exe virus". As time goes on, I'll be adding fixes for viruses that I run across that do not yet have a lot of help on the internet.
How it started:
User got an email from facebook telling them to click on a link. The link then brought them to what looked like a youtube.com page. It then asked them to download and install a program to view the page (never a good idea). This was in a Windows XP platform.
After a while, they started to get an error massage "Runtime Error 21 (followed by some numbers)". You can move the mouse around but can't click on anything.
Step 1: Download a program called "autorun" at http://technet.microsoft.com/en-us/sysinternals/bb963902.aspx or from my site here. You may need another PC to download it and you may have to use some external device like a zip drive or card reader to install it on your PC. Run autorun in safe mode and search for splm. Delete any related items it finds. If you can't get it to work, move on to the next step but come back to this step once your PC is running a little better.
Info: The files you need to delete are hidden from view in the directory called c:\windows\system32\splm . You need to un-hide them using the attrib command. The files are:
There is also a file called ncsjapi32.exe with a bunch of numbers and letters behind it. This files was under C:\windows\prefetch. To delete these files follow step #2.
Step 2: Restart your PC. Try ctrl, alt + del. Click on end task to end the error 21 messages. Then click on shutdown within the same screen and click on restart. If that doesn't work, turn off the power to the PC and restart your PC that way. As it restarts, press the F8 key to get into safe mode with command prompt. Once you get the C:\ prompt
type: cd\ (press enter key)
type: cd c:\windows\system32\splm (press enter key)
type: attrib -h (press enter key)
type: Del *.* (press enter key)
type: y (to confirm deleting files)
type: cd.. (press enter key)
type: rd splm (press enter key).
type: \cd (press enter key)
type: cd c:\windows\prefetch (press enter key)
type: del ncsjapi32*.* (press enter key).
Now type: exit (press enter key) and press ctrl, alt +del key to bring up the shutdown menu. Click on restart. Once the PC restarts, run step 1 if you didn't get it work the first time. Update your anti-virus program and run a full scan. You can also get to a DOS screen in Windows XP or Vista, by clicking on Start, Run and then type CMD and click on OK.
Here is some more help on the subject of the "Show hidden files" in windows not working: http://www.technize.com:80/2007/05/13/show-hidden-files-and-folders-not-working/
That should do it for this one....good luck and don't click on anything someone sends you that you're not sure about....just say no.