Hard Light Productions Forums
Off-Topic Discussion => General Discussion => Topic started by: Fineus on May 11, 2003, 12:06:40 pm
-
Pretty much as the title says, Norton Antivirus 2002 can't seem to fix the problem... anyone know or been able to sort this out without a format?
-
Have you the newest version of norten 2002 ?
-
Yep, updated - run. Some files were quarenteened - the main source of it couldn't be removed or repaired though and I'm not sure how to go about doing that - from what I can tell without removing that it's not going to do any good fixing the rest of it.
-
Can you not delete the file or is it a system file ?
-
Can't do it, it loads on startup and can't be shut down by any means - in turn it can't be deleted by normal methods in Windows
-
To remove this virus:
NOTE: Removal of this virus requires that you have a DOS boot disk or Windows Startup disk, and assumes that you be familiar with using basic DOS commands at the command prompt.
1. Insert a clean DOS floppy disk or Windows Startup disk into the floppy disk drive, and restart the computer.
2. At the prompt type the following two commands, pressing Enter after each one:
c:
cd windows
dir *.exe /a:h
All .exe files in the \Windows folder that have the hidden attribute are displayed.
NOTE: If Windows is installed in a different location, make the appropriate substitution when typing the first command.
3. Look for a file with a size of 10,240 bytes. The name of the file is generated by taking the computer name on the infected system and changing some of the characters. Write down the name of this file.
4. Type the following, and then press Enter after each one:
attrib -h
del
5. Type the following two commands, pressing Enter after each one:
del wininit.ini
del wininit.bak
6. Restart the computer.
7. Start Norton AntiVirus, and run LiveUpdate.
8. Run a full system scan. Attempt to repair any files that are infected with W32.Weird. If they cannot be repaired, you must delete them and restore them from a clean backup copy, or reinstall the deleted file.
-
Try running msconfig and see if it shows up there to run on startup. And if it does, you can change that. Not too likely a virus would show up there I know, but I've seen it happen once or twice.
-
Originally posted by Exarch
Try running msconfig and see if it shows up there to run on startup. And if it does, you can change that. Not too likely a virus would show up there I know, but I've seen it happen once or twice.
I already showed how to remove it. I had the same virus :p
-
If Thunder has done the sensible thing and formatted his discs as NTFS (and like I keep saying, situations like this are no reason to persist with FAT32) then a DOS boot disk will be useless. He may be able to use the 2k/XP Recovery Console (boot off the XP CD and select the options to repair your installation using the Recovery Console) instead though.
-
Originally posted by Tiara
I already showed how to remove it. I had the same virus :p
Yeah, well, I was typing mine in at the same time, your post wasn't there when I hit reply :D
-
Originally posted by Admiral LSD
(and like I keep saying, situations like this are no reason to persist with FAT32)
Yeah, situations like this can only potentially destroy your entire data storage... :doubt:
-
...and using FAT32 has the same potential to destroy your data.
-
But if you're using Win98, you have little choice.
And I will not upgrade to XP, as it is the root of all evil!
-
Now now..
As it is - I am using NTFS on this partition, going to try the recovery console next since the DOS boot disk only let me see my FAT32 secondary drive (it's thus useless).
-
Originally posted by Kalfireth
Now now..
Don't worry, theres nothing any of them can say that'll make me believe that FAT32 isn't ****.
As it is - I am using NTFS on this partition, going to try the recovery console next since the DOS boot disk only let me see my FAT32 secondary drive (it's thus useless).
Try the 2k/XP recovery console. You'll need to boot off your installation CD and when prompted, select the options to repair your installation using the recovery console.
-
i heard that instead of DOS you can use linux, since that can read NTFS.
i only heard this and i have 3 hours of linux experience in my life.
-
Linux can read NTFS, yes, and has been able to do so for at least the last three years but writing to it is another matter altogether. They're apparently re-writing the NTFS code so both reading and writing will be supported but I don't know when that'll be finished, it might be in kernel 2.6 but I'm not sure.
-
Use Mozilla for email.
-
Thats not how it showed up - a trust friend sent me a file which was supposed to make adjustments to MSN Messanger but instead carried the virus.
That'll teach my not to check files before loading them, heh...
Anyhow - I was able to delete the offending files using the recovery console - but they were right back where they were before when I restarted the computer after that. I've no idea what else is running to cause them to load since as far as I'm concerned once it's deleted thats it, and of course I deleted the program my friend sent me the second I found out about it - so it must be elsewhere....
-
I always check .vbs/.exe/.mp3/.html (direct forwards suck) :p
-
Originally posted by Kalfireth
Thats not how it showed up - a trust friend sent me a file which was supposed to make adjustments to MSN Messanger but instead carried the virus.
That'll teach my not to check files before loading them, heh...
Anyhow - I was able to delete the offending files using the recovery console - but they were right back where they were before when I restarted the computer after that. I've no idea what else is running to cause them to load since as far as I'm concerned once it's deleted thats it, and of course I deleted the program my friend sent me the second I found out about it - so it must be elsewhere....
Ok, there are a number of locations where windows loads programs: Starup programs group, the Registry, and possibly via the scheduler. I'd check the registry first and foremost: local machine / software / microsoft / windows / current version / run or runonce or the like
-
Originally posted by Kalfireth
Thats not how it showed up - a trust friend sent me a file which was supposed to make adjustments to MSN Messanger but instead carried the virus.
Uhh... What exactly was the file?
*Hopes his brother didn't **** up his computer*
-
thats one helluwa virus. my friends pc got infected by that sam virus. it infected all of the exe files. my only option at that time was to reinstall the windows. good luck dude
-
do a search of all new files from befor to after the time of infection, see if you can't find anything that should not be there or something that you do not know what it does, try removeing it and see if that fixes it, also do a search of you're registry for the name of the virus or any files you know to be assosiated with it
-
http://securityresponse.symantec.com/avcenter/venc/data/w32.weird.html
Hmm, better idea:
-
Originally posted by Sandwich
http://securityresponse.symantec.com/avcenter/venc/data/w32.weird.html
Hmm, better idea:
:wtf:
Good god, are people so lazy they can't even click one hyperlink FFS?
:blah:
-
Originally posted by Shrike
:wtf:
Good god, are people so lazy they can't even click one hyperlink FFS?
:blah:
Yes!! We MUST integrate ALL DATA SOURCES into our great soviet Forum!! EVerything must come under our control! We shall not be stopped!!!
:nervous:
-
That'd be great but I tried that already... Managed to delete the offending file that was created too as well as the .INI and .BAK files - but when I restarted Windows they were right there again.
This is looking more and more like a format job :doubt:
-
did you get the bad copy of explorer as well
-
Originally posted by Admiral LSD
...and using FAT32 has the same potential to destroy your data.
ah? fat32 eats your files? :doubt:
NTFS is ****, it leads only to pb, there's no benefits with using it. NONE. don't talk to me about that security piece of ****.
problem is, you have to use it for large disks. thanx, I would rather have an upgraded fat32 than that crappy format protocol :/
-
Originally posted by Venom
I would rather have an upgraded fat32
It's called "NTFS" :D
-
someone spell out the diferences between them, other than saying fat32 is **** and NTFS is god made protocall
-
http://www.ntfs.com/ntfs_vs_fat.htm
http://www.experts-exchange.com/Operating_Systems/Q_20281807.html
http://www.thundercloud.net/information-avenue/ntfs-vs-fat32/
NTFS is faster, more efficient, more reliable and supports larger files and disks than FAT32.
-
Originally posted by Kalfireth
That'd be great but I tried that already... Managed to delete the offending file that was created too as well as the .INI and .BAK files - but when I restarted Windows they were right there again.
This is looking more and more like a format job :doubt:
Sorry to hear that you've been infected with taht virus. I was once infected with Love Letter and I had to format most of my drives and lost over 200 MP3s of my favorite music plus FS screenshots and who knows what other files. Now..see I told you that taking FAT32 wasn't a bad idea. Anyway, I hope you'll be able to fix this problem. Good luck.
-
Cheers, one format later and the problems solved - I'm actually impressed with Windows XP in that I've had an incredibly low turn around time from when I formatted to when I got everything up and running, with 98 I was looking at a good day lost to installing everything, it's almost complete now after 3 hours and some gaming....heh...
Oh, and yes I've installed anti-virus software :p
-
Originally posted by Kalfireth
Cheers, one format later...
Sorry, those words don't go well together... :p
-
Some Advice: Upgrade to Norton AV 2003... the Program has been revised greatly and thus has an updated engine and better virus detection.. but as usual still scan your drive every week - that is something I recommend but don't do myself?:nod:
-
Fair enough, my copy was a trial pack anyway - where can I find NA2003?
-
you should know how to find this information by now :p
c'mon, you're supposed to have experience in this :Dq
-
I want a legal copy thankyou ;)
-
haha no, i wasn't talking about warez, i was talking about you having experience in finding information on removing viruses! i only read the first post of this thread and left a reply :D
hahaha, now that i read it, it makes perfect sense both ways :D
-
Well, if you look around, you can get Systemworks with a $30-off mail-in rebate. That drops it down to somewhere in the neighborhood of like $30 - 40 bucks. Comes with Anti-virus, Utilities, etc.
-
here for trial: www.symantec.com
or go to your nearest computer/electronic/software retailer.