VIRUS - please help!!!!!!!
#1
Former Sponsor
Thread Starter
Join Date: Sep 2000
Location: www.scoobyworld.co.uk
Posts: 1,987
Likes: 0
Received 0 Likes
on
0 Posts
Folks,
I need some urgent help from any virus experts out there!
I was sent an email with 2 attachments - 1 being a shot of an engine bay the other a batch file. They were from someone I knew so opened it and guess what....yep a Forking virus in the bat.
At the time I had no virus software running due to only just finished rebuilding the pc the day before, so I've just gone out and bought Dr Solomns Virus Scan for W98 and I cannot install it, it gets half way through and stops with the message "Internal Error 2735 stopavsyncmanager" then quits.
So i'm completely stuck. Regedit can no longer be run from the command line (file cannot be found) and If I try to uninstall Dr Solomons it gives the same error. The virus seems to be in a file called "PcC342.exe" which of course cant be deleted.
help!!! please!
I remember there used to be a utility called Magic Bullet which ran off a floppy for exactly this sort of thing but I cant track it down.
Anyone offer any help
kind regards
Desperate Neil
I need some urgent help from any virus experts out there!
I was sent an email with 2 attachments - 1 being a shot of an engine bay the other a batch file. They were from someone I knew so opened it and guess what....yep a Forking virus in the bat.
At the time I had no virus software running due to only just finished rebuilding the pc the day before, so I've just gone out and bought Dr Solomns Virus Scan for W98 and I cannot install it, it gets half way through and stops with the message "Internal Error 2735 stopavsyncmanager" then quits.
So i'm completely stuck. Regedit can no longer be run from the command line (file cannot be found) and If I try to uninstall Dr Solomons it gives the same error. The virus seems to be in a file called "PcC342.exe" which of course cant be deleted.
help!!! please!
I remember there used to be a utility called Magic Bullet which ran off a floppy for exactly this sort of thing but I cant track it down.
Anyone offer any help
kind regards
Desperate Neil
#2
Moderator
iTrader: (2)
Goto McAfee Website & do a search for that virus. It should come up with instructions for best removal.
OK - It don't but lots of good advice there!
Into dos & edit the batch file & work out what it did. It may just have renamed some files, in which case poss to amend easily or undo some other things. Also, if the .exe is the load distributor, boot to a dos prompt from a bootable CD/Floppy, locate it & delete. Attrib PcC342.exe -s -r -h to change any dos attribs it may have.
[Edited by Puff The Magic Wagon! - 5/24/2002 2:14:34 PM]
OK - It don't but lots of good advice there!
Into dos & edit the batch file & work out what it did. It may just have renamed some files, in which case poss to amend easily or undo some other things. Also, if the .exe is the load distributor, boot to a dos prompt from a bootable CD/Floppy, locate it & delete. Attrib PcC342.exe -s -r -h to change any dos attribs it may have.
[Edited by Puff The Magic Wagon! - 5/24/2002 2:14:34 PM]
#3
#4
Former Sponsor
Thread Starter
Join Date: Sep 2000
Location: www.scoobyworld.co.uk
Posts: 1,987
Likes: 0
Received 0 Likes
on
0 Posts
Thanks, but,
Puff - I dont know what the virus is called having no software on the pc to id it with.
Ian - I have and it wont complete the install - PC hangs (yes really hangs) and requires a reset
Puff - I dont know what the virus is called having no software on the pc to id it with.
Ian - I have and it wont complete the install - PC hangs (yes really hangs) and requires a reset
#7
Moderator
iTrader: (2)
There's also a dos command line scanner in the buy/try section.
http://www.nai.com/naicommon/buy-try...ucts-evals.asp & select Dos as the Platform
http://www.nai.com/naicommon/buy-try...ucts-evals.asp & select Dos as the Platform
Trending Topics
#8
Scooby Regular
Join Date: Mar 2001
Location: Derbyshire
Posts: 4,496
Likes: 0
Received 0 Likes
on
0 Posts
Could you try the free online one at http://www.pc-cillin.com?
Just click on the free scan button at the top. Might be able to get you a bit further
Just click on the free scan button at the top. Might be able to get you a bit further
#9
Former Sponsor
Thread Starter
Join Date: Sep 2000
Location: www.scoobyworld.co.uk
Posts: 1,987
Likes: 0
Received 0 Likes
on
0 Posts
just seen your update Puff - thre bat file was encrypted - so its all complete jargon.
Thanks for the others - I'll try some things this pm.
whoever writes these F'ing virus's should have their nuts chopped off GRRRR!!!
thanks for all the help so far....
Thanks for the others - I'll try some things this pm.
whoever writes these F'ing virus's should have their nuts chopped off GRRRR!!!
thanks for all the help so far....
#11
Former Sponsor
Thread Starter
Join Date: Sep 2000
Location: www.scoobyworld.co.uk
Posts: 1,987
Likes: 0
Received 0 Likes
on
0 Posts
I'm not at the pc at the moment, but will check the batch files name later and let you know.
I reckon the Pc-cillin online scan may do the job...
I reckon the Pc-cillin online scan may do the job...
#13
Former Sponsor
Thread Starter
Join Date: Sep 2000
Location: www.scoobyworld.co.uk
Posts: 1,987
Likes: 0
Received 0 Likes
on
0 Posts
hi folks,
quick update....the virus our machine was infected with was W32/Klez.h@MM a right nasty b'stard.
McAfee wouldnt install as the virus had already trashed the registry, Pc-Cillin wouldnt work as the virus hund the pc half way through the scan and the DOS McAfee scan didnt find it. At this stage I was contemplating putting the pc through the patio door
So I ended up loading a previous version of the registry from before the virus existed then installing the McAfee virus scan at the stage and low and behold it worked and found 16 occurences of W32/Klez.h@MM. After deleting them and reinstalling the affected files we're all back up and running and then off to bed at 2am
anyway, thanks for all your help folks....and watch out for this one!
Neil
ps - if you know of anyone writing these f'ing things let me know their name and address - I need revenge!
quick update....the virus our machine was infected with was W32/Klez.h@MM a right nasty b'stard.
McAfee wouldnt install as the virus had already trashed the registry, Pc-Cillin wouldnt work as the virus hund the pc half way through the scan and the DOS McAfee scan didnt find it. At this stage I was contemplating putting the pc through the patio door
So I ended up loading a previous version of the registry from before the virus existed then installing the McAfee virus scan at the stage and low and behold it worked and found 16 occurences of W32/Klez.h@MM. After deleting them and reinstalling the affected files we're all back up and running and then off to bed at 2am
anyway, thanks for all your help folks....and watch out for this one!
Neil
ps - if you know of anyone writing these f'ing things let me know their name and address - I need revenge!
#14
Scooby Regular
Join Date: Feb 2001
Location: Greece, previously Syd Australia
Posts: 2,833
Likes: 0
Received 0 Likes
on
0 Posts
I received that virus yesterday, but Norton picked it up as it was scanning the mail as it was coming through. I quarantined it then deleted it quick smart. Make sure you update frequently and if you have an option to update automatically while on the web, do it.
Cheers,
Wrexy.
Cheers,
Wrexy.
#15
Scooby Regular
iTrader: (1)
ah good old klez [img]images/smilies/mad.gif[/img] read this http://www.theregister.co.uk/content/55/25461.html
Neil u need to tell your mate to clean his system to, Symantec has a removal tool from the above URL.
Neil u need to tell your mate to clean his system to, Symantec has a removal tool from the above URL.
#16
Scooby Senior
Sorry people missed this thread, sounds like it's all good now.
Removal instructions in can you need them later
http://vil.nai.com/vil/content/v_994...alInstructions
Removal instructions in can you need them later
http://vil.nai.com/vil/content/v_994...alInstructions
#17
Former Sponsor
Thread Starter
Join Date: Sep 2000
Location: www.scoobyworld.co.uk
Posts: 1,987
Likes: 0
Received 0 Likes
on
0 Posts
Bioforger - actually it wasnt my mate that sent it - his system is clean - the virus has the ability to spoof the senders email address so it could have come from anywhere
Neil
Neil
Thread
Thread Starter
Forum
Replies
Last Post