Fulham71

I am getting a virus w32.randex.gen

I am unable to clear it with Norton

Please can anyone advise how to remove it

Cheers
Paul

Figment

http://www.sophos.com/virusinfo/****...32randexg.html

Fulham71

Thanks mate
Tried the following :-

Please follow the instructions for removing worms.

Check your administrator passwords and review network security.

You will also need to edit the following registry entries, if they are present. Please read the warning about editing the registry.

At the taskbar, click Start|Run. Type 'Regedit' and press Return. The registry editor opens.

Before you edit the registry, you should make a backup. On the 'Registry' menu, click 'Export Registry File'. In the 'Export range' panel, click 'All', then save your registry as Backup.

Locate the HKEY_LOCAL_MACHINE entries:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run \
Microsoft Network Daemon for Win32 = ntd32.exe

HKLM\Software\Microsoft\Windows\CurrentVersion\Run Services\
Microsoft Network Daemon for Win32 = ntd32.exe

and delete them if they exist.

Close the registry editor.


BUT NOTHING WAS THERE !

Figment

Do a search of your machine for ntd32.exe and delete it if it exists (Cannot delete if it is currently running, in which case CTRL-ALT-DEL to bring up the list of running apps, look for ntd32.exe in the lists and if found close it / end process then delete it (exact way to stop it depends on operating system))

If not found, do another scan with Norton and post the message it displays when it finds the worm.

Fulham71

still cant remove it
Search found nothing !
Norton finds it but it keeps reappearing !

Fulham71

how do i do that please ?

Fulham71

thanks for that but not sure how to do it on W 2000
I now have a trojan dropper too !!!!

ChrisB

Windows 2000 doesn't have System Restore

Fulham71

JackClark

Run this http://uk.mcafee.com/root/mfs/default.asp?cid=9575 and let me know the result.

Fulham71

Thanks Jack
it found the following !

C:\WINNT\system32\bot.exe W32/Sdbot.worm.gen.q
C:\WINNT\system32\cvcse.exe W32/Sdbot.worm.gen.b
C:\WINNT\system32\cvvcsr.exe W32/Sdbot.worm.gen.b
C:\WINNT\system32\cvvcsr.exe Proxy-FBSR.gen
C:\WINNT\system32\fdfsr.exe W32/Sdbot.worm.gen.b
C:\WINNT\system32\fds.exe Proxy-FBSR.gen
C:\WINNT\system32\landisc.exe W32/Sdbot.worm.gen.h
C:\WINNT\system32\msgfix.exe W32/Sdbot.worm.gen.i
C:\WINNT\system32\msnsrv.exe BackDoor-RQ
C:\WINNT\system32\ntsys32.exe W32/Sdbot.worm.gen
C:\WINNT\system32\outlook.exe Exploit-Mydoom
C:\WINNT\system32\svchostn.exe W32/Sdbot.worm.gen
C:\WINNT\system32\temp IRC/Flood.dk
C:\WINNT\system32\wnt.exe W32/Sdbot.worm.gen.q

JackClark

Nice

There's a trial of our command line scanner available here which will deal with those puppys. If that's too much of a pain to run I can send you a free McAfee trial. but that will remove Norton.

Fulham71

Jack I paid for McAfee & deleted Norton
However I think the virus I have is hidden in Outlook express
everytime i use outlook expresss i get virus warnings
i then scan the drives but when i reuse outlook express i get error messages
w31.netsky.peml!exe

I have tried stinger to get rid but still no joy

PLEASE HELP !!!!

JackClark

If it's in outlook then can't you find the message and delete it? Make sure you're fully up to date with Windows Update first.

Fulham71

My windows update is up to date
not sure where to go now & what to do ?

JackClark

>not sure where to go now & what to do ?

Have you looked for the email?

Fulham71

yes cant find the email

JackClark

Does the message you get contain a location??