• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

Multiple viruses found in my comp, IRC Trojan, dunno what to do?

_DM_

OSNN Senior Addict
#1
WTF viruses found inside my computer? Wtf is this ****?!
Virus? wtf do these do ?

-IRC Trojan found at C:\windows\system32\kernel32.exe

-Backdoor.Y3KRat.16 found at C:\WINDOWS\SYSTEM32\MSSCMC32.EXE

-W32.HLLP.Handy

How the hell can i do a system restore?
Do i need a firewall?
I got norton alrdy. But not check scan all files (ENTIRE COMPUTER)
WTF DO I DO?! This is getting me scared man. I cant afford to get a nother computer! What do i do?!
 
#2
Relax ... you don't need to buy a new computer because of a virus outbreak :D

Just run a full system scan with Norton and clean out all the viruses. Make sure you've updated to the latest virus definitions.

But with all those viruses lurking around, I'd probably just format the hard drive and do a clean install.
 

Kr0m

Moderator
#3
Originally posted by _DM_
WTF viruses found inside my computer? Wtf is this ****?!
Virus? wtf do these do ?

-IRC Trojan found at C:\windows\system32\kernel32.exe


-Backdoor.Y3KRat.16 found at C:\WINDOWS\SYSTEM32\MSSCMC32.EXE

-W32.HLLP.Handy

How the hell can i do a system restore?
Do i need a firewall?
I got norton alrdy. But not check scan all files (ENTIRE COMPUTER)
WTF DO I DO?! This is getting me scared man. I cant afford to get a nother computer! What do i do?!
Info on the trojan can be found here: http://www.computing.net/windowsxp/wwwboard/forum/52105.html
"KERNEL32.EXE is a Back door Trojan and just by deleting the file will not get rid of it because of WinXPs "System Restore" and the Trojan can be in your Backup files...
Do this before you run your Updated Virus Scanner:

Disable "System Restore". How to do This:

1. Right click the My Computer icon on the Desktop and click on Properties.
2. Click on the System Restore tab.
3. Put a check mark next to 'Turn off System Restore on All Drives'.
4. Click the 'OK' button.
5. You will be prompted to restart the computer. Click Yes.

Next::

Find and stop the KERNEL32.EXE process using Windows Task Manager. How to do this:

Press: Ctrl + Alt + Del.
Select the "Processes" Tab.
Find the KERNEL32.EXE process, Select it and click on "End Process".

Next:
Run an Updated Virus Scanner Utility. If that does not pick it up, Use another Virus Scanner.

After you containd this Trojan, don't forget to turn on your "System Restore" if you do use it.
To re-enable "System Restore", follow the steps above, (1 to 5), and on step 3, remove the check mark next to 'Turn off System Restore on All Drives'"


Info on the Backdoor file here:

http://securityresponse.symantec.com/avcenter/venc/data/backdoor.y3krat.16.html


Info on W32.HLLP.Handy here: http://securityresponse.symantec.com/avcenter/venc/data/w32.hllp.handy.html


A couple of free online scanners: Panda and Trend Micro
 

Kr0m

Moderator
#4
Originally posted by NetRyder
Relax ... you don't need to buy a new computer because of a virus outbreak :D

Just run a full system scan with Norton and clean out all the viruses. Make sure you've updated to the latest virus definitions.

But with all those viruses lurking around, I'd probably just format the hard drive and do a clean install.
Yeah, I was going to suggest the same, if it were me, I would.

By the looks of it the info on these bugs, they are Kazaa related(big surpise). Hopefully he'll learn his lesson and A: Keep a trustworthy virus scanner up to date. or B: ditch Kazaa or C: Keep other people away from his machine. or D: All the above.
 

_DM_

OSNN Senior Addict
#5
Hey my norton said it automatically deleted
Backdoor.Y3KRat.16 C:\WINDOWS\SYSTEM32\MSSCMC32.EXE

But
W32.HLLP.Handy keeps on spreading in my kaaza files and my documenst file but i deletyed my kaaza files. Norton delets the virus. But keeps on spreading and norton delets it and does the same thing over and over. How do i completely stop it? I use scan whole comp right?

and for the irc trojan i cant find kernel32.exe in my proccess tab when i press alt ctrl and tab. is that a good sign? repair kernel32.exe. so i guess i'll just have to run a full system scan. if that doesnt work my last option is to use system restore if that works.
 

_DM_

OSNN Senior Addict
#6
By the looks of it the info on these bugs, they are Kazaa related(big surpise). Hopefully he'll learn his lesson and A: Keep a trustworthy virus scanner up to date. or B: ditch Kazaa or C: Keep other people away from his machine. or D: All the above. [/B]

Well i got a new Norton Firewall 2003 just right now. That will protect me from anything like, hackers, comp viruses, etc etc muahaha. :D
 

Kr0m

Moderator
#7
heh, let me guess, from Kazaa? erm, nevermind, don't answer that! :p

PS, Knowledge will protect you more than any program ever will. (And throw in some paranoia)
 
W

WiredBrain

Guest
#8
First, let me tell you one thing: Your PC was infected by trojans and not viruses.

Second, firewall can't help you if you're infected with trojans because they can easily bypass it unless you're using hardware firewall.

Backdoor.Y3KRat.16 is a trojan called Y3k and Rat is Remote Administration Tool.

IRC Trojan is a trojan used to launch DDOS (Distributed Denial of Service) and spread through IRC.

There are trojans that are written specifically to infect all the files in Kazaa Shared Folder.

Lastly, formatting your PC is the best solution and stop chatting on IRC.
 

_DM_

OSNN Senior Addict
#11
how about system restore?

oh nm i deleted all of the viruses now i just did a full system scan for viruse and deleted the whole thing. so no worries thnxs for the help.:D

i removed
-JS.Trojan
-W32.HLLP.Handy
-Backdoor.Sdbot
-Backdoor.Y3KRat.16
 

_DM_

OSNN Senior Addict
#13
ok with all viruses gone whenever i start up my comp and the comps starts loading the desktop and icons a message pops up, its says missing file C:\WINDOWS\SYSTEM32\MSSCMC32.EXE
then a second message pops out Blah blah blah C:\WINDOWS\SYSTEM32\MSSCMC32.EXE or delet it in the regedit.
the message keeps poping whenever starting my comp, how do i stop this?
 

_DM_

OSNN Senior Addict
#14
ok sorry for double posting again.
i just got rid of the message i deleted the MSSCMC32.EXE in the regedit and i deleted this thing called run MSSCMC32.EXE. so i'm all good now:D
 

damnyank

I WILL NOT FORGET 911
#15
I hope you followed KrOm's excellent advise in regards to System Restore.

You must get rid of all the old restore points as they may be infected with a virus/trojan and if you do not get rid of the old ones and do a restore - you will reintroduce whatever you had before! The restore points are located in a hidden folder and NAV does not scan the System Volume Information folder - it is excluded as a default in the system scan!

What KrOm told you is the easiest way to purge the old restore points. Just one addition (if I may KrOm): after restarting computer, go back and enable system restore
 
#16
Originally posted by _DM_
ok sorry for double posting again.
i just got rid of the message i deleted the MSSCMC32.EXE in the regedit and i deleted this thing called run MSSCMC32.EXE. so i'm all good now:D
Just format your drive and re-install Windows and your problem is fixed !!!

If I get a virus, booooooom. Format, re-install. I dont waste my time chasing a virus around my computer !

I can format and install and be back up and running in less then a hour !!!

Try it ... :happy:
 
#18
Originally posted by _DM_
WTF viruses found inside my computer? Wtf is this ****?!
Virus? wtf do these do ?

-IRC Trojan found at C:\windows\system32\kernel32.exe

-Backdoor.Y3KRat.16 found at C:\WINDOWS\SYSTEM32\MSSCMC32.EXE

-W32.HLLP.Handy

How the hell can i do a system restore?
Do i need a firewall?
I got norton alrdy. But not check scan all files (ENTIRE COMPUTER)
WTF DO I DO?! This is getting me scared man. I cant afford to get a nother computer! What do i do?!
Sorry, but I can't not laugh, I've never seen anyone as scared over a few viruses as you :)

If you're really paranoid, just clean install. :p
 

damnyank

I WILL NOT FORGET 911
#19
Hey Famine - isn't that a bit like shooting the cow if it produces sour milk and getting a new one?????

In lieu of trying to help the poor cow get over it's sickness??:D :D
 
W

WiredBrain

Guest
#20
I think McAfee is much better than Norton 'coz it scans the restore points too.

Important: Having an up-to-date antivirus does not mean that you're safe because existing viruses and trojans can be modified to make it impossible for AV to detect them.
 

Members online

No members online now.

Latest posts

Latest profile posts

Hello, is there anybody in there? Just nod if you can hear me ...
Xie
What a long strange trip it's been. =)

Forum statistics

Threads
61,961
Messages
673,239
Members
89,014
Latest member
sanoravies