Multiple viruses found in my comp, IRC Trojan, dunno what to do?

_DM_

OSNN Senior Addict
Joined
22 Feb 2004
Messages
475
WTF viruses found inside my computer? Wtf is this ****?!
Virus? wtf do these do ?

-IRC Trojan found at C:\windows\system32\kernel32.exe

-Backdoor.Y3KRat.16 found at C:\WINDOWS\SYSTEM32\MSSCMC32.EXE

-W32.HLLP.Handy

How the hell can i do a system restore?
Do i need a firewall?
I got norton alrdy. But not check scan all files (ENTIRE COMPUTER)
WTF DO I DO?! This is getting me scared man. I cant afford to get a nother computer! What do i do?!
 
Relax ... you don't need to buy a new computer because of a virus outbreak :D

Just run a full system scan with Norton and clean out all the viruses. Make sure you've updated to the latest virus definitions.

But with all those viruses lurking around, I'd probably just format the hard drive and do a clean install.
 
Originally posted by _DM_
WTF viruses found inside my computer? Wtf is this ****?!
Virus? wtf do these do ?

-IRC Trojan found at C:\windows\system32\kernel32.exe


-Backdoor.Y3KRat.16 found at C:\WINDOWS\SYSTEM32\MSSCMC32.EXE

-W32.HLLP.Handy

How the hell can i do a system restore?
Do i need a firewall?
I got norton alrdy. But not check scan all files (ENTIRE COMPUTER)
WTF DO I DO?! This is getting me scared man. I cant afford to get a nother computer! What do i do?!

Info on the trojan can be found here: http://www.computing.net/windowsxp/wwwboard/forum/52105.html
"KERNEL32.EXE is a Back door Trojan and just by deleting the file will not get rid of it because of WinXPs "System Restore" and the Trojan can be in your Backup files...
Do this before you run your Updated Virus Scanner:

Disable "System Restore". How to do This:

1. Right click the My Computer icon on the Desktop and click on Properties.
2. Click on the System Restore tab.
3. Put a check mark next to 'Turn off System Restore on All Drives'.
4. Click the 'OK' button.
5. You will be prompted to restart the computer. Click Yes.

Next::

Find and stop the KERNEL32.EXE process using Windows Task Manager. How to do this:

Press: Ctrl + Alt + Del.
Select the "Processes" Tab.
Find the KERNEL32.EXE process, Select it and click on "End Process".

Next:
Run an Updated Virus Scanner Utility. If that does not pick it up, Use another Virus Scanner.

After you containd this Trojan, don't forget to turn on your "System Restore" if you do use it.
To re-enable "System Restore", follow the steps above, (1 to 5), and on step 3, remove the check mark next to 'Turn off System Restore on All Drives'"


Info on the Backdoor file here:

http://securityresponse.symantec.com/avcenter/venc/data/backdoor.y3krat.16.html


Info on W32.HLLP.Handy here: http://securityresponse.symantec.com/avcenter/venc/data/w32.hllp.handy.html


A couple of free online scanners: Panda and Trend Micro
 
Originally posted by NetRyder
Relax ... you don't need to buy a new computer because of a virus outbreak :D

Just run a full system scan with Norton and clean out all the viruses. Make sure you've updated to the latest virus definitions.

But with all those viruses lurking around, I'd probably just format the hard drive and do a clean install.

Yeah, I was going to suggest the same, if it were me, I would.

By the looks of it the info on these bugs, they are Kazaa related(big surpise). Hopefully he'll learn his lesson and A: Keep a trustworthy virus scanner up to date. or B: ditch Kazaa or C: Keep other people away from his machine. or D: All the above.
 
Hey my norton said it automatically deleted
Backdoor.Y3KRat.16 C:\WINDOWS\SYSTEM32\MSSCMC32.EXE

But
W32.HLLP.Handy keeps on spreading in my kaaza files and my documenst file but i deletyed my kaaza files. Norton delets the virus. But keeps on spreading and norton delets it and does the same thing over and over. How do i completely stop it? I use scan whole comp right?

and for the irc trojan i cant find kernel32.exe in my proccess tab when i press alt ctrl and tab. is that a good sign? repair kernel32.exe. so i guess i'll just have to run a full system scan. if that doesnt work my last option is to use system restore if that works.
 
By the looks of it the info on these bugs, they are Kazaa related(big surpise). Hopefully he'll learn his lesson and A: Keep a trustworthy virus scanner up to date. or B: ditch Kazaa or C: Keep other people away from his machine. or D: All the above. [/B]


Well i got a new Norton Firewall 2003 just right now. That will protect me from anything like, hackers, comp viruses, etc etc muahaha. :D
 
heh, let me guess, from Kazaa? erm, nevermind, don't answer that! :p

PS, Knowledge will protect you more than any program ever will. (And throw in some paranoia)
 
First, let me tell you one thing: Your PC was infected by trojans and not viruses.

Second, firewall can't help you if you're infected with trojans because they can easily bypass it unless you're using hardware firewall.

Backdoor.Y3KRat.16 is a trojan called Y3k and Rat is Remote Administration Tool.

IRC Trojan is a trojan used to launch DDOS (Distributed Denial of Service) and spread through IRC.

There are trojans that are written specifically to infect all the files in Kazaa Shared Folder.

Lastly, formatting your PC is the best solution and stop chatting on IRC.
 
yes. format. the best virus cleaner. no software needed.
 
how about system restore?

oh nm i deleted all of the viruses now i just did a full system scan for viruse and deleted the whole thing. so no worries thnxs for the help.:D

i removed
-JS.Trojan
-W32.HLLP.Handy
-Backdoor.Sdbot
-Backdoor.Y3KRat.16
 
Hey now, all Backdoors can't be that bad, they're used to create warez servers too! :p
 
ok with all viruses gone whenever i start up my comp and the comps starts loading the desktop and icons a message pops up, its says missing file C:\WINDOWS\SYSTEM32\MSSCMC32.EXE
then a second message pops out Blah blah blah C:\WINDOWS\SYSTEM32\MSSCMC32.EXE or delet it in the regedit.
the message keeps poping whenever starting my comp, how do i stop this?
 
ok sorry for double posting again.
i just got rid of the message i deleted the MSSCMC32.EXE in the regedit and i deleted this thing called run MSSCMC32.EXE. so i'm all good now:D
 
I hope you followed KrOm's excellent advise in regards to System Restore.

You must get rid of all the old restore points as they may be infected with a virus/trojan and if you do not get rid of the old ones and do a restore - you will reintroduce whatever you had before! The restore points are located in a hidden folder and NAV does not scan the System Volume Information folder - it is excluded as a default in the system scan!

What KrOm told you is the easiest way to purge the old restore points. Just one addition (if I may KrOm): after restarting computer, go back and enable system restore
 
Originally posted by _DM_
ok sorry for double posting again.
i just got rid of the message i deleted the MSSCMC32.EXE in the regedit and i deleted this thing called run MSSCMC32.EXE. so i'm all good now:D

Just format your drive and re-install Windows and your problem is fixed !!!

If I get a virus, booooooom. Format, re-install. I dont waste my time chasing a virus around my computer !

I can format and install and be back up and running in less then a hour !!!

Try it ... :happy:
 
Originally posted by Kr0m
Hey now, all Backdoors can't be that bad, they're used to create warez servers too! :p


LMAO

cool.gif
 
Originally posted by _DM_
WTF viruses found inside my computer? Wtf is this ****?!
Virus? wtf do these do ?

-IRC Trojan found at C:\windows\system32\kernel32.exe

-Backdoor.Y3KRat.16 found at C:\WINDOWS\SYSTEM32\MSSCMC32.EXE

-W32.HLLP.Handy

How the hell can i do a system restore?
Do i need a firewall?
I got norton alrdy. But not check scan all files (ENTIRE COMPUTER)
WTF DO I DO?! This is getting me scared man. I cant afford to get a nother computer! What do i do?!

Sorry, but I can't not laugh, I've never seen anyone as scared over a few viruses as you :)

If you're really paranoid, just clean install. :p
 
Hey Famine - isn't that a bit like shooting the cow if it produces sour milk and getting a new one?????

In lieu of trying to help the poor cow get over it's sickness??:D :D
 
I think McAfee is much better than Norton 'coz it scans the restore points too.

Important: Having an up-to-date antivirus does not mean that you're safe because existing viruses and trojans can be modified to make it impossible for AV to detect them.
 

Members online

No members online now.

Latest profile posts

Also Hi EP and people. I found this place again while looking through a oooollllllldddd backup. I have filled over 10TB and was looking at my collection of antiques. Any bids on the 500Mhz Win 95 fix?
Any of the SP crew still out there?
Xie wrote on Electronic Punk's profile.
Impressed you have kept this alive this long EP! So many sites have come and gone. :(

Just did some crude math and I apparently joined almost 18yrs ago, how is that possible???
hello peeps... is been some time since i last came here.
Electronic Punk wrote on Sazar's profile.
Rest in peace my friend, been trying to find you and finally did in the worst way imaginable.

Forum statistics

Threads
62,015
Messages
673,494
Members
5,621
Latest member
naeemsafi
Back