Worm

[Evil Marge]

Think I'll strangle her with the the USB cable if she does it again

 

[damnyank]

Originally posted by damnyank
Marge - go here - follow the directions - it's a piece of cake!

Once the old restore points are deleted - the virus should be gone!

If you did the above - you could have very well gotten rid of the virus from the system restore files and that is why it is not being detected now!

Curious to see what the symantec virus check produces, as I checked and the definitions for the yahaG has been in the Symantec definitions since June 18th!

I know the virus scan can take awhile and I am off to bowling in about 10 minutes - so I'll check back later and good luck!

 

[Evil Marge]

It's still there but is undetectable..Funny thing is I only get the AVG warning when the screensaver is on

 

[damnyank]

One last thought - do you like the sceensaver??

Do you know where you got it from??

Can you get it again??

I'll bet you have already guessed that I might suggest to delete the screensaver and see what happens!

 

[Evil Marge]

I've had the screensaver for about 6 months.Tried usind another one but it still happens

 

[2z]

Thread moved to Computer Security

 

[Evil Marge]

Never thought to put it here D'oh

 

[Evil Marge]

Screenshot of Virus warning

 

[damnyank]

That says the virus is located in RP17 (restore point 17) - according to logic and I do not swear that logic always applies when dealing with computers - if you delete RP17 and everyone more recent than that one (just in case they are infected also) - then the viurus should disappear!

Now are you running Home or Pro?

Formatted NTFS or FAT 32?

 

[Evil Marge]

All the restore points were removed yesterday ,that latest warning was from today. I am using XP Home. I have no idea what NTFS or FAT 32 are.

 

[mafiafromrussia]

hey marge that thing gets reported in your system volume info folder. by default when u ran an av manually it says to exclude that dir from scanning. for example my nav2k3 settings here. maybe that's the problem?

 

[Evil Marge]

Mafia I have found that System volume folder and scanned it with AVG but it still said "No Virus detected"

 

[damnyank]

mafiafromrussia - excellent - so if Marge deletes that exclusion (ie letting it scan the system volume info folder) and runs virus scan - it should pick it up (if it is there) and quarantine it or get rid of it! Right??

Marge - since you got rid of all the restore points - it doesn't matter if you are formatted NTFS or Fat32 - as I was only wondering so I could tell you how to delete that specific (RP17) restore point! Since you deleted them all - it's a non-player!

Marge - understand where we are coming from? You need to remove the "system volume info" from the exclusions under manual virus scan. I use NSW - but if you only use NAV - go to Options, under System, click exclusions, hilight system info and click Remove. Don't know if theere is an okay involved or not - but after you remove system info from the exclusion list and run the scan - it should detect it and either quaratine it or delete it .

I've got my fingers crossed!

Sorry Marge - I went brain dead - you are not using NAV! I guess what I just posted is no help!

 

[Evil Marge]

It's not on an exclusion list and I have just scanned that folder manually but it still can't find the virus(using AVG pro)

 

[Evil Marge]

I'm gonna throw the comp out the window before long

 

[mafiafromrussia]

well the problem there seems to be .scr file. try just deleting it and waiting what happens? if it comes back then something else is infected and puts it there

but try going there and runing free NAV http://security1.norton.com/ssc/home.asp?j=1&langid=ie&venid=sym&plfid=23&pkj=BKDMLSIVFWMFKPXKBQW
that's the best i can do here

 

[mafiafromrussia]

Posted by Evil Marge
I'm gonna throw the comp out the window before long

i think we've been over this can ya mail it to me instead throing it out of the window ?

 

[damnyank]

maifia - I think we've been there for a second opinion already and as much as I hate to admit it - I am starting to agree with Marge about wrapping the USB cable around her daughter's neck - oh so sorry - I did not mean to suggest violence!

I know it's not funny - but it is a simple solution!

 

[mafiafromrussia]

oh didnt notice that . and perhabs a format c: & format dif there is one) will do the necessary trick. btw marge did you check your msconfig for unusual entries? the win.ini, system.ini, startup, registry start up? (i think this was not disscussed yet )

 

[dave holbon]

Try this: -

This courtesy of the cut and paste idiot (internet Google search): -


To remove this worm: (W32.Yaha.G.Iworm)

1. If the worm has already run, first reverse the changes that the worm made to the registry. If not, go to step 2.
a. Configure Windows to "Show all files".
b. Copy Regedit.exe as Regedit.com.
c. Edit the registry and reverse the following changes that the worm made:

HLKM\Software\Classes\exefile\shell\open\command
Value "%1" %*

(The virus filename would be displayed instead of * in the value. This has to be changed as the above.)

2. Scan the system with the updated version of your virus software and delete all files that are infected by W32.Yaha.G.IWorm.