Multiple viruses found in my comp, IRC Trojan, dunno what to do?

Discussion in 'Windows Desktop Systems' started by _DM_, Mar 1, 2003.

  1. _DM_

    _DM_ OSNN Senior Addict

    Messages:
    475
    WTF viruses found inside my computer? Wtf is this ****?!
    Virus? wtf do these do ?

    -IRC Trojan found at C:\windows\system32\kernel32.exe

    -Backdoor.Y3KRat.16 found at C:\WINDOWS\SYSTEM32\MSSCMC32.EXE

    -W32.HLLP.Handy

    How the hell can i do a system restore?
    Do i need a firewall?
    I got norton alrdy. But not check scan all files (ENTIRE COMPUTER)
    WTF DO I DO?! This is getting me scared man. I cant afford to get a nother computer! What do i do?!
     
  2. NetRyder

    NetRyder Tech Junkie Folding Team

    Messages:
    13,256
    Location:
    New York City
    Relax ... you don't need to buy a new computer because of a virus outbreak :D

    Just run a full system scan with Norton and clean out all the viruses. Make sure you've updated to the latest virus definitions.

    But with all those viruses lurking around, I'd probably just format the hard drive and do a clean install.
     
  3. Kr0m

    Kr0m Moderator

    Messages:
    1,390
    Location:
    Turtle Island
    Info on the trojan can be found here: http://www.computing.net/windowsxp/wwwboard/forum/52105.html
    "KERNEL32.EXE is a Back door Trojan and just by deleting the file will not get rid of it because of WinXPs "System Restore" and the Trojan can be in your Backup files...
    Do this before you run your Updated Virus Scanner:

    Disable "System Restore". How to do This:

    1. Right click the My Computer icon on the Desktop and click on Properties.
    2. Click on the System Restore tab.
    3. Put a check mark next to 'Turn off System Restore on All Drives'.
    4. Click the 'OK' button.
    5. You will be prompted to restart the computer. Click Yes.

    Next::

    Find and stop the KERNEL32.EXE process using Windows Task Manager. How to do this:

    Press: Ctrl + Alt + Del.
    Select the "Processes" Tab.
    Find the KERNEL32.EXE process, Select it and click on "End Process".

    Next:
    Run an Updated Virus Scanner Utility. If that does not pick it up, Use another Virus Scanner.

    After you containd this Trojan, don't forget to turn on your "System Restore" if you do use it.
    To re-enable "System Restore", follow the steps above, (1 to 5), and on step 3, remove the check mark next to 'Turn off System Restore on All Drives'"


    Info on the Backdoor file here:

    http://securityresponse.symantec.com/avcenter/venc/data/backdoor.y3krat.16.html


    Info on W32.HLLP.Handy here: http://securityresponse.symantec.com/avcenter/venc/data/w32.hllp.handy.html


    A couple of free online scanners: Panda and Trend Micro
     
  4. Kr0m

    Kr0m Moderator

    Messages:
    1,390
    Location:
    Turtle Island
    Yeah, I was going to suggest the same, if it were me, I would.

    By the looks of it the info on these bugs, they are Kazaa related(big surpise). Hopefully he'll learn his lesson and A: Keep a trustworthy virus scanner up to date. or B: ditch Kazaa or C: Keep other people away from his machine. or D: All the above.
     
  5. _DM_

    _DM_ OSNN Senior Addict

    Messages:
    475
    Hey my norton said it automatically deleted
    Backdoor.Y3KRat.16 C:\WINDOWS\SYSTEM32\MSSCMC32.EXE

    But
    W32.HLLP.Handy keeps on spreading in my kaaza files and my documenst file but i deletyed my kaaza files. Norton delets the virus. But keeps on spreading and norton delets it and does the same thing over and over. How do i completely stop it? I use scan whole comp right?

    and for the irc trojan i cant find kernel32.exe in my proccess tab when i press alt ctrl and tab. is that a good sign? repair kernel32.exe. so i guess i'll just have to run a full system scan. if that doesnt work my last option is to use system restore if that works.
     
  6. _DM_

    _DM_ OSNN Senior Addict

    Messages:
    475

    Well i got a new Norton Firewall 2003 just right now. That will protect me from anything like, hackers, comp viruses, etc etc muahaha. :D
     
  7. Kr0m

    Kr0m Moderator

    Messages:
    1,390
    Location:
    Turtle Island
    heh, let me guess, from Kazaa? erm, nevermind, don't answer that! :p

    PS, Knowledge will protect you more than any program ever will. (And throw in some paranoia)
     
  8. WiredBrain

    WiredBrain Guest

    First, let me tell you one thing: Your PC was infected by trojans and not viruses.

    Second, firewall can't help you if you're infected with trojans because they can easily bypass it unless you're using hardware firewall.

    Backdoor.Y3KRat.16 is a trojan called Y3k and Rat is Remote Administration Tool.

    IRC Trojan is a trojan used to launch DDOS (Distributed Denial of Service) and spread through IRC.

    There are trojans that are written specifically to infect all the files in Kazaa Shared Folder.

    Lastly, formatting your PC is the best solution and stop chatting on IRC.
     
  9. toxicity

    toxicity Guest

    yes. format. the best virus cleaner. no software needed.
     
  10. _DM_

    _DM_ OSNN Senior Addict

    Messages:
    475
    ok.:confused:
     
  11. _DM_

    _DM_ OSNN Senior Addict

    Messages:
    475
    how about system restore?

    oh nm i deleted all of the viruses now i just did a full system scan for viruse and deleted the whole thing. so no worries thnxs for the help.:D

    i removed
    -JS.Trojan
    -W32.HLLP.Handy
    -Backdoor.Sdbot
    -Backdoor.Y3KRat.16
     
  12. Kr0m

    Kr0m Moderator

    Messages:
    1,390
    Location:
    Turtle Island
    Hey now, all Backdoors can't be that bad, they're used to create warez servers too! :p
     
  13. _DM_

    _DM_ OSNN Senior Addict

    Messages:
    475
    ok with all viruses gone whenever i start up my comp and the comps starts loading the desktop and icons a message pops up, its says missing file C:\WINDOWS\SYSTEM32\MSSCMC32.EXE
    then a second message pops out Blah blah blah C:\WINDOWS\SYSTEM32\MSSCMC32.EXE or delet it in the regedit.
    the message keeps poping whenever starting my comp, how do i stop this?
     
  14. _DM_

    _DM_ OSNN Senior Addict

    Messages:
    475
    ok sorry for double posting again.
    i just got rid of the message i deleted the MSSCMC32.EXE in the regedit and i deleted this thing called run MSSCMC32.EXE. so i'm all good now:D
     
  15. damnyank

    damnyank I WILL NOT FORGET 911

    Messages:
    2,359
    Location:
    Petal, Mississippi
    I hope you followed KrOm's excellent advise in regards to System Restore.

    You must get rid of all the old restore points as they may be infected with a virus/trojan and if you do not get rid of the old ones and do a restore - you will reintroduce whatever you had before! The restore points are located in a hidden folder and NAV does not scan the System Volume Information folder - it is excluded as a default in the system scan!

    What KrOm told you is the easiest way to purge the old restore points. Just one addition (if I may KrOm): after restarting computer, go back and enable system restore
     
  16. G-Money

    G-Money Big Air

    Messages:
    569
    Location:
    Springfield Mo
    Just format your drive and re-install Windows and your problem is fixed !!!

    If I get a virus, booooooom. Format, re-install. I dont waste my time chasing a virus around my computer !

    I can format and install and be back up and running in less then a hour !!!

    Try it ... :happy:
     
  17. Iceman

    Iceman Moderator

    Messages:
    2,695

    LMAO

    [​IMG]
     
  18. Nick M

    Nick M Moderator

    Messages:
    3,961
    Sorry, but I can't not laugh, I've never seen anyone as scared over a few viruses as you :)

    If you're really paranoid, just clean install. :p
     
  19. damnyank

    damnyank I WILL NOT FORGET 911

    Messages:
    2,359
    Location:
    Petal, Mississippi
    Hey Famine - isn't that a bit like shooting the cow if it produces sour milk and getting a new one?????

    In lieu of trying to help the poor cow get over it's sickness??:D :D
     
  20. WiredBrain

    WiredBrain Guest

    I think McAfee is much better than Norton 'coz it scans the restore points too.

    Important: Having an up-to-date antivirus does not mean that you're safe because existing viruses and trojans can be modified to make it impossible for AV to detect them.