[Fineus]

Pretty much as the title says, Norton Antivirus 2002 can't seem to fix the problem... anyone know or been able to sort this out without a format?

[FreeTerran]

Have you the newest version of norten 2002 ?

[Fineus]

Yep, updated - run. Some files were quarenteened - the main source of it couldn't be removed or repaired though and I'm not sure how to go about doing that - from what I can tell without removing that it's not going to do any good fixing the rest of it.

[FreeTerran]

Can you not delete the file or is it a system file ?

[Fineus]

Can't do it, it loads on startup and can't be shut down by any means - in turn it can't be deleted by normal methods in Windows

[Tiara]

To remove this virus:

NOTE: Removal of this virus requires that you have a DOS boot disk or Windows Startup disk, and assumes that you be familiar with using basic DOS commands at the command prompt.


1. Insert a clean DOS floppy disk or Windows Startup disk into the floppy disk drive, and restart the computer.
2. At the prompt type the following two commands, pressing Enter after each one:

c:
cd windows
dir *.exe /a:h

All .exe files in the \Windows folder that have the hidden attribute are displayed.

NOTE: If Windows is installed in a different location, make the appropriate substitution when typing the first command.

3. Look for a file with a size of 10,240 bytes. The name of the file is generated by taking the computer name on the infected system and changing some of the characters. Write down the name of this file.
4. Type the following, and then press Enter after each one:

attrib -h
del

5. Type the following two commands, pressing Enter after each one:

del wininit.ini
del wininit.bak

6. Restart the computer.
7. Start Norton AntiVirus, and run LiveUpdate.
8. Run a full system scan. Attempt to repair any files that are infected with W32.Weird. If they cannot be repaired, you must delete them and restore them from a clean backup copy, or reinstall the deleted file.

[Exarch]

Try running msconfig and see if it shows up there to run on startup. And if it does, you can change that. Not too likely a virus would show up there I know, but I've seen it happen once or twice.

[Tiara]

Originally posted by Exarch
Try running msconfig and see if it shows up there to run on startup. And if it does, you can change that. Not too likely a virus would show up there I know, but I've seen it happen once or twice.

I already showed how to remove it. I had the same virus

[Admiral LSD]

If Thunder has done the sensible thing and formatted his discs as NTFS (and like I keep saying, situations like this are no reason to persist with FAT32) then a DOS boot disk will be useless. He may be able to use the 2k/XP Recovery Console (boot off the XP CD and select the options to repair your installation using the Recovery Console) instead though.

[Exarch]

Originally posted by Tiara


I already showed how to remove it. I had the same virus

Yeah, well, I was typing mine in at the same time, your post wasn't there when I hit reply

[Tiara]

Originally posted by Admiral LSD
(and like I keep saying, situations like this are no reason to persist with FAT32)  

Yeah, situations like this can only potentially destroy your entire data storage...

[Admiral LSD]

...and using FAT32 has the same potential to destroy your data.

[Petrarch of the VBB]

But if you're using Win98, you have little choice.

And I will not upgrade to XP, as it is the root of all evil!

[Fineus]

Now now..

As it is - I am using NTFS on this partition, going to try the recovery console next since the DOS boot disk only let me see my FAT32 secondary drive (it's thus useless).

[Admiral LSD]

Originally posted by Kalfireth
Now now..

Don't worry, theres nothing any of them can say that'll make me believe that FAT32 isn't ****.

As it is - I am using NTFS on this partition, going to try the recovery console next since the DOS boot disk only let me see my FAT32 secondary drive (it's thus useless).

Try the 2k/XP recovery console. You'll need to boot off your installation CD and when prompted, select the options to repair your installation using the recovery console.

[kasperl]

i heard that instead of DOS you can use linux, since that can read NTFS.

i only heard this and i have 3 hours of linux experience in my life.

[Admiral LSD]

Linux can read NTFS, yes, and has been able to do so for at least the last three years but writing to it is another matter altogether. They're apparently re-writing the NTFS code so both reading and writing will be supported but I don't know when that'll be finished, it might be in kernel 2.6 but I'm not sure.

[Sandwich]

Use Mozilla for email.

[Fineus]

Thats not how it showed up - a trust friend sent me a file which was supposed to make adjustments to MSN Messanger but instead carried the virus.

That'll teach my not to check files before loading them, heh...

Anyhow - I was able to delete the offending files using the recovery console - but they were right back where they were before when I restarted the computer after that. I've no idea what else is running to cause them to load since as far as I'm concerned once it's deleted thats it, and of course I deleted the program my friend sent me the second I found out about it - so it must be elsewhere....

[Tiara]

I always check .vbs/.exe/.mp3/.html (direct forwards suck)