Win32.WinAd Virus Help.



Harry6775
07-09-2005, 10:48 PM
My virus scan has pickend up and delete the virus Win32.WinAd. However it
had already deleted a system file, \autoexec.nt, I was wondering if anyone
knows how to restore that system file.

David H. Lipman
07-09-2005, 10:48 PM
From: "Harry6775" <Harry6775@discussions.microsoft.com>

| My virus scan has pickend up and delete the virus Win32.WinAd. However it
| had already deleted a system file, \autoexec.nt, I was wondering if anyone
| knows how to restore that system file.


AUTOEXEC.NT Fix Method 1:
copy; c:\windows\repair\autoexec.nt
to
c:\windows\system32

AUTOEXEC.NT FIX Method 2:
Go to; Start --> Run
enter; cmd.exe

{ assuming the WinXP CDROM disk is in drive "D:" }
In the Command Prompt enter...
expand D:\i386\autoexec.nt_ %windir%\system32\autoexec.nt

Since there are many forms of malware that will cause this kind of problem with AUTOEXEC.NT,
please perform the following...

Dump the contents of the IE Temporary Internet Folder cache (TIF)
Start --> Settings --> Control Panel --> Internet Options --> Delete Files

Dump the contents of the Mozilla FireFox Cache { if you use FireFox }
Tools --> Options --> Privacy --> Cache --> Clear

1) Download the TrendMicro Sysclean Front End

Download the utility SYSCLEAN_FE at the following URL --
http://www.ik-cs.com/got-a-virus.htm
SYSCLEAN_FE automates the download and execution process of the Trend Sysclean Package.
Direct URL --
http://www.ik-cs.com/programs/virtools/Sysclean_FE.exe

2) Execute; SYSCLEAN_FE.EXE
Choose; Unzip
Choose; Close

Execute; c:\sysclean\SYSCLEAN_FE.BAT
{ or Double-click on 'SYSCLEAN_FE Link' in c:\sysclean }
when you get to the menu dhoose [1] so you can boot into Safe Mode.

3) Disable System Restore
http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm

4) Reboot your PC into Safe Mode and shutdown as many applications as possible.

5) Execute; c:\sysclean\SYSCLEAN_FE.BAT
{ or Double-click on 'SYSCLEAN_FE Link' in c:\sysclean }
Choose [2] on the menu and let SYCLEAN.COM scan your computer.

6) Restart your PC and perform a "final" Full Scan of your platform
Execute; c:\sysclean\SYSCLEAN_FE.BAT
{ or Double-click on 'SYSCLEAN_FE Link' in c:\sysclean }
Choose [2] on the menu and let SYCLEAN.COM scan your computer.

7) Re-enable System Restore and re-apply any System Restore preferences,
(e.g. HD space to use suggested 400 ~ 600MB),

8) Reboot your PC.

9) Create a new Restore point

* * Please report back your results * *


--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm


Win32.WinAd Virus Help.