W32Cholera2 Virus

Discussion in 'Windows Desktop Systems' started by tomsxp1, Dec 27, 2001.

  1. tomsxp1

    tomsxp1 Guest

    Hello, I just cleaned up my Computer after getting the w32Cholera2 Virus and this is what it infected>> inetwiz.exe and the isignup.exe Now i was told these two items have ONE OR MORE files in them and they were damaged behind repair, so i had to delete them both (I found out there were two files in each one of them! Can anyone tell me what these two exe's are? Also I had to delete these>>>A0003513.exe A0003514.exe A0003515.exe A0003516.exe A0003517.exe (Can anyone tell me what these are too? Can I replace them or do a system restore? Please let me know, and Thank You,
     
  2. Lonman

    Lonman Bleh!

    Messages:
    2,642
    You might try typing "Virus Encyclopedia" into your search engine and finding out it any of these Anti-virus companies have any cleaning/fixing utilities available, or instructions on how to perform the repair for you.

    Also, open a command window and type in SFC (system file checker) and hopefully that will pick up on what's missing for you and replace it.

    Next best bet is back up all the goodies and do a clean install. Let us know how you get on.
     
  3. Electronic Punk

    Electronic Punk Administrator Staff Member Political User Folding Team

    Messages:
    18,589
    Location:
    Copenhagen, Denmark
    Symantec are usually pretty good for that sort of thing!
     
  4. tomsxp1

    tomsxp1 Guest

    Lonman, after getting to the Prompt Screen, there were choices and i typed out /Scannow and hit enter BUT it said was not a recognized interenal or external Command! What am i doing wrong? Can you Please check it out for me and let me know? Thank You, TOM
     
  5. intoinfinity

    intoinfinity Guest

    You have to type SFC/scannow ;)
     
  6. tomsxp1

    tomsxp1 Guest

    Well, I got it right , thanks to you but after it scanned i did not see any results, it just finished and the screen disappeared?
     
  7. jw50

    jw50 OSNN Senior Addict

    Messages:
    354
    The inetwiz.exe file is the Internet Connection Wizard, reinstalling Internet Explorer should get you this file back. This should take care of isignup.exe also since it is in the same directory.

    I have no idea what the A000XXXX.exe files are, I think they must be from one of your applications, if you dont remember what directory they were in before you deleted them then you may just have to wait and see what apps dont work.
     
  8. tomsxp1

    tomsxp1 Guest

    The only thing is Internet Explorer cannot be re-installed in windows XP because it is PREINSTALLED and it can be RESTORED by a NON DESTRUCTIVE SYSTEM RECOVERY and then only IF Internet explorer is damaged behind repair! Its only the Wizard Connections that got totaled out by the Virus (as far as i know so far)! I was wondering if you knew>>>If i did a System Restore and go back before i got this virus, then would that do it? I mean can you get back the internet wizard exe after its been totaly damaged or deleted, in a system restore? Also i think (but not sure) that maybe the virus created those extra exe's A00003514.exe etc. and they dont mean anything, because i can not find them on my xp anywhere!
     
  9. Lonman

    Lonman Bleh!

    Messages:
    2,642
    Tom, if I were in your position (and i have been), I'd get all the valuables put away and do a clean installation. Even if you manage to recover everything, any future problems will leave you in doubt as to whether it's caused by this virus or not. Troubleshooting future issues may be a fruitless task because something very basic to the process may be damaged or missing. I know it sucks, but whenever I get infected that way (twice), I'll learn all I can about the virus and then start over.
     
  10. jw50

    jw50 OSNN Senior Addict

    Messages:
    354
    I dont know for sure but I would think that if you had a restore point that was before you got the virus that it would restore those files. If not another option might be to see if you can find those files on the XP CD or get someone to e-mail them to you (they are both very small files). I would have attached the 98 versions for you (I dont have XP at work) but I dont know if they are the same as the XP files.

    BTW, I agree with Lonman that it would be best to backup your data files, reformat, and do a clean install rather than trying to restore those files.
     
  11. T-Bear

    T-Bear Guest

    you can also stick your XP cd in and boot from it and then choose repair. It whould replace all the missing and corrupt files that you have.

    As to the A000xxx.exe files. There is a chance that you can use ResHacker and open the files in them, Take a look at the strings and see what the commands say and what they are related to
     
  12. tomsxp1

    tomsxp1 Guest

    Someone already emailed me the two exe files to download, Do i delete all the old infected ones first because when i go into (search file) I see alot of isignup.exe's and inetwiz.exe's but when i point to them a screen comes up and says INFECTED! I have a new Antivirus program H+bedv freeav.com and it keeps shoving a screen in my face saying they are quarantined! Maybe i will try to go back to search files screen and bring up those two again and delete everything in there and try to download the two that were emailed to me and if that dont work maybe a SYSTEM RESTORE at a point just before the infection! HOW DOES THAT SOUND TO YOU GUYS OK OR NOT?
     
  13. Lonman

    Lonman Bleh!

    Messages:
    2,642
    Stop yelling, i got a headache :p . Give it a go. When you're done with your restore do another scan with your anti-virus program and SEE IF IT WORKED! :D
     
  14. jw50

    jw50 OSNN Senior Addict

    Messages:
    354
    I think you are wasting your time trying to do a restore. If I were you I would boot to the XP CD, reformat your hard drive and do a clean install. You obviously have a bunch of bad files that your anti-virus program couldn't remove. If the virus is still active just doing a restore may not get rid of it. Just shut your computer down for 10 mins or so, restart and go into the BIOS and change the boot sequence to boot from the CD, reformat and install. The virus will definitely be gone if you do this. Then reinstall your apps.
     
  15. tomsxp1

    tomsxp1 Guest

    Hi Everyone: Thanks for all the input. Everything is ok now, what happened was the W32/cholera2 virus, destroyed my inetwiz.exe and the isignup.exe and All the other files( like T_BEAR) said were phony and generated by the original virus and intended to Re-Multiply every time i rebooted my pc! So i went OFFLINE and did a full scan(took one hour) and it came up with 57 virus's (at that time) that it got rid of for me! If i were to reboot without the full scan then i would have gotten twice as many virus's and so on! Well, anyway i tried to replace the two original exe's and the xp (seemed like) it would not allow it and the reason was the xp must have restored them itself, because i suddenly had no problem with my signup wizard or internet explorer. Let this be a lesson to me, that after being away for a week, then the first thing i should have done (when getting on my pc) was to run a full scan (first) then go into my email! By the way My xp firewall was OFF when this happened and I dont know how that happened (maybe no virus if it were on?) So i put it back on and also got another firewall for extra protection. Plus a good Antivirus. Lonman, I hope your headache is gone(tee hee) and JW50, you were right as to what those files were, Thank You, Thank to all very much, TOM