NeilT

Folks,

I need some urgent help from any virus experts out there!

I was sent an email with 2 attachments - 1 being a shot of an engine bay the other a batch file. They were from someone I knew so opened it and guess what....yep a Forking virus in the bat.

At the time I had no virus software running due to only just finished rebuilding the pc the day before, so I've just gone out and bought Dr Solomns Virus Scan for W98 and I cannot install it, it gets half way through and stops with the message "Internal Error 2735 stopavsyncmanager" then quits.

So i'm completely stuck. Regedit can no longer be run from the command line (file cannot be found) and If I try to uninstall Dr Solomons it gives the same error. The virus seems to be in a file called "PcC342.exe" which of course cant be deleted.

help!!! please!

I remember there used to be a utility called Magic Bullet which ran off a floppy for exactly this sort of thing but I cant track it down.

Anyone offer any help

kind regards

Desperate Neil

Puff The Magic Wagon!

iTrader: (2)

Goto McAfee Website & do a search for that virus. It should come up with instructions for best removal.

OK - It don't but lots of good advice there!

Into dos & edit the batch file & work out what it did. It may just have renamed some files, in which case poss to amend easily or undo some other things. Also, if the .exe is the load distributor, boot to a dos prompt from a bootable CD/Floppy, locate it & delete. Attrib PcC342.exe -s -r -h to change any dos attribs it may have.

[Edited by Puff The Magic Wagon! - 5/24/2002 2:14:34 PM]

IanW

goto http://www.nai.com and download the trial of Virus Scan from there.

NeilT

Thanks, but,

Puff - I dont know what the virus is called having no software on the pc to id it with.

Ian - I have and it wont complete the install - PC hangs (yes really hangs) and requires a reset

IanW

IIRC NAI has a utility like that, Virus Scan Emergenct Boot Disk? Jack Clark should be able to confirm.

Puff The Magic Wagon!

iTrader: (2)

Updated advice...

Puff The Magic Wagon!

iTrader: (2)

There's also a dos command line scanner in the buy/try section.

http://www.nai.com/naicommon/buy-try...ucts-evals.asp & select Dos as the Platform

Hanslow

Could you try the free online one at http://www.pc-cillin.com?

Just click on the free scan button at the top. Might be able to get you a bit further

NeilT

just seen your update Puff - thre bat file was encrypted - so its all complete jargon.

Thanks for the others - I'll try some things this pm.

whoever writes these F'ing virus's should have their nuts chopped off GRRRR!!!

thanks for all the help so far....

druddle

What was the .bat file called ??

NeilT

I'm not at the pc at the moment, but will check the batch files name later and let you know.

I reckon the Pc-cillin online scan may do the job...

druddle

I pointed a friend at PC-Cillin from Trend and it sorted him out when he got a virus.

Cheers

NeilT

hi folks,

quick update....the virus our machine was infected with was W32/Klez.h@MM a right nasty b'stard.

McAfee wouldnt install as the virus had already trashed the registry, Pc-Cillin wouldnt work as the virus hund the pc half way through the scan and the DOS McAfee scan didnt find it. At this stage I was contemplating putting the pc through the patio door

So I ended up loading a previous version of the registry from before the virus existed then installing the McAfee virus scan at the stage and low and behold it worked and found 16 occurences of W32/Klez.h@MM. After deleting them and reinstalling the affected files we're all back up and running and then off to bed at 2am

anyway, thanks for all your help folks....and watch out for this one!

Neil

ps - if you know of anyone writing these f'ing things let me know their name and address - I need revenge!

WREXY

I received that virus yesterday, but Norton picked it up as it was scanning the mail as it was coming through. I quarantined it then deleted it quick smart. Make sure you update frequently and if you have an option to update automatically while on the web, do it.

Cheers,

Wrexy.

bioforger

iTrader: (1)

ah good old klez [img]images/smilies/mad.gif[/img] read this http://www.theregister.co.uk/content/55/25461.html

Neil u need to tell your mate to clean his system to, Symantec has a removal tool from the above URL.

JackClark

Sorry people missed this thread, sounds like it's all good now.

Removal instructions in can you need them later

http://vil.nai.com/vil/content/v_994...alInstructions

NeilT

Bioforger - actually it wasnt my mate that sent it - his system is clean - the virus has the ability to spoof the senders email address so it could have come from anywhere

Neil