quick question about a virus I have. (or dont)

Discussion in 'Windows Desktop Systems' started by Codasmd, May 25, 2002.

  1. Codasmd

    Codasmd Old School XPeriencer

    Messages:
    495
    Location:
    Los Angeles, CA.
    Hey,

    I ran a virus scan from pcpitstop.com and it found The W32/Weird.10240.A Virus.

    It said it "was found in file C:\System Volume Information\_restore{F2ED29EC-FC8D-4AD0-BC24-D3CFCC320FF0}\RP34\A0004047.exe"

    ...so I installed norton antivirus2002, ran it, and norton doesn't see it.

    Any ideas on how to get rid of it or why norton can't find it?


    Here is the url from pcpitstop:

    http://www.secadministrator.com/Panda/Index.cfm?FuseAction=Virus&virusID=237

    Thx

    I'm running WinXP Pro
     
  2. Codasmd

    Codasmd Old School XPeriencer

    Messages:
    495
    Location:
    Los Angeles, CA.
    Hmmm.....I think I've found something.....

    Here
     
  3. xsivforce

    xsivforce Prodigal Son Folding Team

    Messages:
    8,547
    Location:
    Texas, USA
    Removal of this virus requires that you have a DOS boot disk or Windows Startup disk, and assumes that you be familiar with using basic DOS commands at the command prompt.

    1. Insert a clean DOS floppy disk or Windows Startup disk into the floppy disk drive, and restart the computer.
    2. At the prompt type the following two commands, pressing Enter after each one:

    c:
    cd windows
    dir *.exe /a:h

    All .exe files in the \Windows folder that have the hidden attribute are displayed.

    NOTE: If Windows is installed in a different location, make the appropriate substitution when typing the first command.

    3. Look for a file with a size of 10,240 bytes. The name of the file is generated by taking the computer name on the infected system and changing some of the characters. Write down the name of this file.
    4. Type the following, and then press Enter after each one:

    attrib <file name from step 3> -h
    del <file name from step 3>

    5. Type the following two commands, pressing Enter after each one:

    del wininit.ini
    del wininit.bak

    6. Restart the computer.
    7. Start Norton AntiVirus, and run LiveUpdate.
    8. Run a full system scan. Attempt to repair any files that are infected with W32.Weird. If they cannot be repaired, you must delete them and restore them from a clean backup copy, or reinstall the deleted file.
     
  4. Codasmd

    Codasmd Old School XPeriencer

    Messages:
    495
    Location:
    Los Angeles, CA.
    I'm not exactly sure what is meant by a clean DOS boot disk.

    Is it the same as a quick boot disk?

    What do I need to have on the floppy?
     
  5. xsivforce

    xsivforce Prodigal Son Folding Team

    Messages:
    8,547
    Location:
    Texas, USA
  6. Codasmd

    Codasmd Old School XPeriencer

    Messages:
    495
    Location:
    Los Angeles, CA.
    Ok,

    I just made MS-DOS startup disk via right clicking on the a drive in winex.....(which may be my problem)


    then I went with the above mentioned instructions:

    c:
    cd winddows
    dir *.exe /a:h

    but at that, I'm not showing any hidden files......

    wrong sort of boot disk?
     
  7. Reg

    Reg eXperienced!

    Messages:
    639
    Location:
    Arlington, TX
    We were having the same problem at my school with the same virus. The virus is a trojan that allows people to access your computer from the net (that was impossible at our school since we were behind a double NAT). We were able to remove the virus with Norton Corporate Edition.

    I know that McAfee 6 can detect and remove the virus so if you still have problems, try McAfee.
     
  8. Codasmd

    Codasmd Old School XPeriencer

    Messages:
    495
    Location:
    Los Angeles, CA.
    Well.....I went with the 'ole format and re-install. Needed to be done anyways.

    Both norton and pcpitstop say that I'm virus free....(for now).

    Thanks for the replies and suggestions.