PDA

View Full Version : Virus help



Sita Atis
06-07-2003, 08:40 AM
It appears that I have a virus that infects my antivirus programs. All of my norton antirvirus programs and files have been notified as infected and thus quarantined.

I have looked up on the internet and am not sure what virus it is but it sounds like W32.Bugbear.B@mm. However downloading the removal tool always reads that this tool is infected and therefore I cannot open it (I get 0 Kb). So what can I do? The only file I have downloaded before this happened today was the norton antivirus LiveUpdate virus definitions.

crono_logical
06-07-2003, 08:50 AM
Ouch, that looks like a pretty nasty virus, looking at what it does :p If one removal tool fails, it might be because that something related to that one is infected - trying a different one might work instead. I assume you tried the Norton one seeing as that's your virus scanner too, maybe try the McAfee one at http://vil.nai.com/vil/stinger/ instead - it doesn't need McAfee installed prior to running this. Perhaps disable and completely close Norton before running this one, or Norton might say that this file is also infected or something.

Endless
06-07-2003, 03:44 PM
http://www.viruslist.com/eng/viruslist.html?id=60814


In my opinion, if clout's method doesn't work, your best bet is to:

get <b>from another machine</b> f-prot for dos (free) and the latest virus definition. Both can be found here: http://www.f-prot.com/download/

You'll have then to copy it over three floppies. Write-protect them when you're done.
Make a boot floppy (from another machine), write protect it.

Next, turn off your comp. Boot with the boot floppy.
You'll have then to put the main floppy for the av, and run f-prot /loaddef and insert the floppies as it asks you.

In the prog, just select your options and let it clean the mess. Don't forget your emails, because that's how it spreads.

Zifnab
06-07-2003, 04:40 PM
If it's okay, I've got a virus problem too it seems. If it deems a new thread just let me know. :)

I just ran a virus check using AVG Anti Virus, and I got a virus named 'I-Worm/Klez.H' located at C:\_Restore\TEMP\A0200610.CPY, and AVG can't heal the virus, nor can the virus be removed to the 'Virus Vault'. I have another very similar virus but I didn't get chance to read what that one was called exactly.

Endless
06-07-2003, 04:45 PM
http://www.viruslist.com/eng/index.html?tnews=1001&id=48733

More generally, search that site for info on your other virus, sometimes they have a removing tool aswell.

crono_logical
06-07-2003, 05:22 PM
Originally posted by Jenova·Rebirth
If it's okay, I've got a virus problem too it seems. If it deems a new thread just let me know. :)

I just ran a virus check using AVG Anti Virus, and I got a virus named 'I-Worm/Klez.H' located at C:\_Restore\TEMP\A0200610.CPY, and AVG can't heal the virus, nor can the virus be removed to the 'Virus Vault'. I have another very similar virus but I didn't get chance to read what that one was called exactly.

In your case, the virus is in the backups your computer has made for System Restore, so you either have WinME or WinXP :p For you, the way you'll have to remove it is to disable/delete all System Restore points to be sure it's removed. To do that, right click My Computer, click the System Restore point, and disabled System Restore in there. Disabling it on C: should be enough since that's where the virus is, but you can disable it on all drives if needed. Say OK and close the window, then go make sure the C:\_Restore folder has been deleted or emptied (you'll need to enable viewing of all hidden and system files in Explorer to be certain). You can then turn System Restore back on if you want, although I find it's more a waste of space if anything :p Then rescan to make sure again :p

Zifnab
06-07-2003, 10:53 PM
Thanks c_l, that seemed to do the trick. The hidden folder had 4 files in it, but it had no /TEMP directory and the virus scan came clean this time.
I believe the problem came in two emails I got, I clicked them in incredimail and of course incredmail shows a preview of the email be default. So even if I clicked the email to right click, then send to recycle bin, the email preview would still be activated and a window appeared giving a virus warning (like the blue screen of death, I just wanted to get rid of it asap). I'll be sure to disable the preview function so I can easily erase unwanted spam.

Sita Atis
06-08-2003, 04:09 AM
hey guys thanks for your reply. I opted to just format the whole computer just in case, that would fix everything right? I haven't installed any antivirus protection yet, I'm scared maybe I got it from norton's update.