virus trouble... need assistance



dizz@canada.com
07-10-2005, 12:30 AM
I recently was infected with a computer virus. Norton AntiVirus 2003
initially caught the virus and it supposedly deleted it, so I was not
concerned with the message details. However, almost immediately after
receiving the message I realized the virus was not completely removed.
A DOS window popped up two or three times and then Norton shutdown. I
tried opening Norton again but it would not open. I then tried
uninstalling and reinstalling but it would not reinstall. I tried the
Windows Update site and the page shows no conent. Any ideas on how to
identify the virus so I can take steps to remove it?

I'm running Windows XP Pro with SP1.

Thanks

Doug Knox MS-MVP
07-10-2005, 12:30 AM
Reboot your computer in Safe Mode. Press the F8 key between the BIOS post screen and XP actually beginning to load. The timing can be a bit tricky. Then scan your system for virus's from within Safe Mode.

--
Doug Knox, MS-MVP Windows Media Center\Windows Powered Smart Display\Security
Win 95/98/Me/XP Tweaks and Fixes
http://www.dougknox.com
--------------------------------
Per user Group Policy Restrictions for XP Home and XP Pro
http://www.dougknox.com/xp/utils/xp_securityconsole.htm
--------------------------------
Please reply only to the newsgroup so all may benefit.
Unsolicited e-mail is not answered.

<dizz@canada.com> wrote in message news:1116219116.638197.180520@f14g2000cwb.googlegroups.com...
>I recently was infected with a computer virus. Norton AntiVirus 2003
> initially caught the virus and it supposedly deleted it, so I was not
> concerned with the message details. However, almost immediately after
> receiving the message I realized the virus was not completely removed.
> A DOS window popped up two or three times and then Norton shutdown. I
> tried opening Norton again but it would not open. I then tried
> uninstalling and reinstalling but it would not reinstall. I tried the
> Windows Update site and the page shows no conent. Any ideas on how to
> identify the virus so I can take steps to remove it?
>
> I'm running Windows XP Pro with SP1.
>
> Thanks
>

Kelly
07-10-2005, 12:30 AM
Hi,

1. Don't depend on Norton, ever!

2. Run Ad-Aware SE, Spybot, CWShredder and HijackThis:
http://www.majorgeeks.com/downloads31.html

Note: Update the first two programs, once installed, before running.

3. Free Online Virus Scan
http://housecall.trendmicro.com/housecall/start_corp.asp

4. In most cases without using third party, this takes three steps.

1. Start/Run/Regedit

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run

Gain the exact path.
Note: Save these two to regedit favorites.

2. Start/Run/Msconfig/Startup

Gain the exact path.

3. Follow the path via Windows Explorer.

Leave/have all three windows opened, now open the Task Manager.

Once knowing the exact path, end the process via the Task Manager, then
delete the entry via Windows Explorer. From there, delete the run command
from both regedit and msconfig. With regedit still open, hit F5. If it
replaces itself, you didn't do it in a timely manner or you didn't follow
the exact placement path.

Note: In some cases, depending, you will be allowed to rename the .exe via
safe mode and then delete.

Good luck and keep us posted!


--

All the Best,
Kelly (MS-MVP)

Troubleshooting Windows XP
http://www.kellys-korner-xp.com


<dizz@canada.com> wrote in message
news:1116219116.638197.180520@f14g2000cwb.googlegroups.com...
>I recently was infected with a computer virus. Norton AntiVirus 2003
> initially caught the virus and it supposedly deleted it, so I was not
> concerned with the message details. However, almost immediately after
> receiving the message I realized the virus was not completely removed.
> A DOS window popped up two or three times and then Norton shutdown. I
> tried opening Norton again but it would not open. I then tried
> uninstalling and reinstalling but it would not reinstall. I tried the
> Windows Update site and the page shows no conent. Any ideas on how to
> identify the virus so I can take steps to remove it?
>
> I'm running Windows XP Pro with SP1.
>
> Thanks
>

David H. Lipman
07-10-2005, 12:30 AM
From: <dizz@canada.com>

| I recently was infected with a computer virus. Norton AntiVirus 2003
| initially caught the virus and it supposedly deleted it, so I was not
| concerned with the message details. However, almost immediately after
| receiving the message I realized the virus was not completely removed.
| A DOS window popped up two or three times and then Norton shutdown. I
| tried opening Norton again but it would not open. I then tried
| uninstalling and reinstalling but it would not reinstall. I tried the
| Windows Update site and the page shows no conent. Any ideas on how to
| identify the virus so I can take steps to remove it?
|
| I'm running Windows XP Pro with SP1.
|
| Thanks

Dump the contents of the IE Temporary Internet Folder cache (TIF)
Start --> Settings --> Control Panel --> Internet Options --> Delete Files

Dump the contents of the Mozilla FireFox Cache { if you use FireFox }
Tools --> Options --> Privacy --> Cache --> Clear


Download CLEAN.EXE from the URL --
http://www.ik-cs.com/programs/virtools/clean.exe

It is a self-extracting ZIP file that contains the Kixtart Script Interpreter
{ http://kixtart.org Kixtart is CareWare } three batch files, two Kixtart scripts, two Link
(.lnk) files and a PDF instruction file.

GETFILES.BAT -- For downloading (FTP) the files needed to run the McAfee Command Line
Scanner. If you are using Windows XP, you may have to disable the Windows XP FireWall to
allow the FTP utility to download the needed files

CLEAN.BAT -- For running within Windows after running c:\mcafee\GetFiles.BAT. If you choose
to scan again at a future date, run this batch file. It will automatically check the date
of the McAfee DAT files and if it is a couple of days old, it will download (FTP) the latest
signature files and install them before performing the scan.

DOSCLEAN.BAT -- For use on a Win9x/ME PC or on a Win2K/WinXP PC that is using FAT32 after
you have booted from an Emergency Boot Disk or DOS disk and have already executed;
c:\mcafee\GetFiles.BAT from within Windows. DOS disk boot images can be obtained from;
http://www.bootdisk.com/bootdisk.htm

I need you to perform the following...

Execute; CLEAN.EXE
Choose; Unzip
Choose; Close

Execute; c:\mcafee\GetFiles.BAT
{ or Double-click on 'GetFiles Link' in c:\mcafee }

Reboot the PC into Safe Mode [F8 key during boot]

Shutdown as many applications as possible !
It would also help for you to read - "How to perform a clean boot in Windows XP"
http://support.microsoft.com/kb/310353

Execute; c:\mcafee\CLEAN.BAT
{ or Double-click on 'Clean Link' in c:\mcafee }

A final report in HTML format called C:\mcafee\ScanReport.HTML will be generated. At the
end of the scan, it will be displayed in your browser (Opera, FireFox or Internet Explorer).
It is suggested that you move the report out of c:\mcafee before performing another scan.
It would be a good idea to scan in Safe Mode and in Normal Mode and save a copy of the HTML
report for each session.


--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm


virus trouble... need assistance