VIRUS - please help!!!!!!!
Thread Starter
Former Sponsor
Joined: Sep 2000
Posts: 1,987
Likes: 0
From: www.scoobyworld.co.uk
Folks,
I need some urgent help from any virus experts out there!
I was sent an email with 2 attachments - 1 being a shot of an engine bay the other a batch file. They were from someone I knew so opened it and guess what....yep a Forking virus in the bat.
At the time I had no virus software running due to only just finished rebuilding the pc the day before, so I've just gone out and bought Dr Solomns Virus Scan for W98 and I cannot install it, it gets half way through and stops with the message "Internal Error 2735 stopavsyncmanager" then quits.
So i'm completely stuck. Regedit can no longer be run from the command line (file cannot be found) and If I try to uninstall Dr Solomons it gives the same error. The virus seems to be in a file called "PcC342.exe" which of course cant be deleted.
help!!! please!
I remember there used to be a utility called Magic Bullet which ran off a floppy for exactly this sort of thing but I cant track it down.
Anyone offer any help
kind regards
Desperate Neil
I need some urgent help from any virus experts out there!
I was sent an email with 2 attachments - 1 being a shot of an engine bay the other a batch file. They were from someone I knew so opened it and guess what....yep a Forking virus in the bat.
At the time I had no virus software running due to only just finished rebuilding the pc the day before, so I've just gone out and bought Dr Solomns Virus Scan for W98 and I cannot install it, it gets half way through and stops with the message "Internal Error 2735 stopavsyncmanager" then quits.
So i'm completely stuck. Regedit can no longer be run from the command line (file cannot be found) and If I try to uninstall Dr Solomons it gives the same error. The virus seems to be in a file called "PcC342.exe" which of course cant be deleted.
help!!! please!
I remember there used to be a utility called Magic Bullet which ran off a floppy for exactly this sort of thing but I cant track it down.
Anyone offer any help
kind regards
Desperate Neil
Goto McAfee Website & do a search for that virus. It should come up with instructions for best removal.
OK - It don't
but lots of good advice there!
Into dos & edit the batch file & work out what it did. It may just have renamed some files, in which case poss to amend easily or undo some other things. Also, if the .exe is the load distributor, boot to a dos prompt from a bootable CD/Floppy, locate it & delete. Attrib PcC342.exe -s -r -h to change any dos attribs it may have.
[Edited by Puff The Magic Wagon! - 5/24/2002 2:14:34 PM]
OK - It don't
but lots of good advice there!Into dos & edit the batch file & work out what it did. It may just have renamed some files, in which case poss to amend easily or undo some other things. Also, if the .exe is the load distributor, boot to a dos prompt from a bootable CD/Floppy, locate it & delete. Attrib PcC342.exe -s -r -h to change any dos attribs it may have.
[Edited by Puff The Magic Wagon! - 5/24/2002 2:14:34 PM]
Scooby Regular
Joined: Jul 2001
Posts: 21,865
Likes: 0
Thread Starter
Former Sponsor
Joined: Sep 2000
Posts: 1,987
Likes: 0
From: www.scoobyworld.co.uk
Thanks, but,
Puff - I dont know what the virus is called having no software on the pc to id it with.
Ian - I have and it wont complete the install - PC hangs (yes really hangs) and requires a reset
Puff - I dont know what the virus is called having no software on the pc to id it with.
Ian - I have and it wont complete the install - PC hangs (yes really hangs) and requires a reset
There's also a dos command line scanner in the buy/try section.
http://www.nai.com/naicommon/buy-try...ucts-evals.asp & select Dos as the Platform
http://www.nai.com/naicommon/buy-try...ucts-evals.asp & select Dos as the Platform
Trending Topics
Scooby Regular
Joined: Mar 2001
Posts: 4,496
Likes: 0
From: Derbyshire
Could you try the free online one at http://www.pc-cillin.com?
Just click on the free scan button at the top. Might be able to get you a bit further
Just click on the free scan button at the top. Might be able to get you a bit further
Thread Starter
Former Sponsor
Joined: Sep 2000
Posts: 1,987
Likes: 0
From: www.scoobyworld.co.uk
just seen your update Puff - thre bat file was encrypted - so its all complete jargon.
Thanks for the others - I'll try some things this pm.
whoever writes these F'ing virus's should have their nuts chopped off GRRRR!!!
thanks for all the help so far....
Thanks for the others - I'll try some things this pm.
whoever writes these F'ing virus's should have their nuts chopped off GRRRR!!!
thanks for all the help so far....
Thread Starter
Former Sponsor
Joined: Sep 2000
Posts: 1,987
Likes: 0
From: www.scoobyworld.co.uk
hi folks,
quick update....the virus our machine was infected with was W32/Klez.h@MM a right nasty b'stard.
McAfee wouldnt install as the virus had already trashed the registry, Pc-Cillin wouldnt work as the virus hund the pc half way through the scan and the DOS McAfee scan didnt find it. At this stage I was contemplating putting the pc through the patio door
So I ended up loading a previous version of the registry from before the virus existed then installing the McAfee virus scan at the stage and low and behold it worked and found 16 occurences of W32/Klez.h@MM. After deleting them and reinstalling the affected files we're all back up and running and then off to bed at 2am
anyway, thanks for all your help folks....and watch out for this one!
Neil
ps - if you know of anyone writing these f'ing things let me know their name and address - I need revenge!
quick update....the virus our machine was infected with was W32/Klez.h@MM a right nasty b'stard.
McAfee wouldnt install as the virus had already trashed the registry, Pc-Cillin wouldnt work as the virus hund the pc half way through the scan and the DOS McAfee scan didnt find it. At this stage I was contemplating putting the pc through the patio door
So I ended up loading a previous version of the registry from before the virus existed then installing the McAfee virus scan at the stage and low and behold it worked and found 16 occurences of W32/Klez.h@MM. After deleting them and reinstalling the affected files we're all back up and running and then off to bed at 2am
anyway, thanks for all your help folks....and watch out for this one!
Neil
ps - if you know of anyone writing these f'ing things let me know their name and address - I need revenge!
Scooby Regular
Joined: Feb 2001
Posts: 2,833
Likes: 0
From: Greece, previously Syd Australia
I received that virus yesterday, but Norton picked it up as it was scanning the mail as it was coming through. I quarantined it then deleted it quick smart. Make sure you update frequently and if you have an option to update automatically while on the web, do it.
Cheers,
Wrexy.
Cheers,
Wrexy.
ah good old klez [img]images/smilies/mad.gif[/img] read this http://www.theregister.co.uk/content/55/25461.html
Neil u need to tell your mate to clean his system to, Symantec has a removal tool from the above URL.
Neil u need to tell your mate to clean his system to, Symantec has a removal tool from the above URL.
Scooby Senior
Joined: Dec 2000
Posts: 20,896
Likes: 53
From: Overdosed on LCD
Sorry people missed this thread, sounds like it's all good now.
Removal instructions in can you need them later
http://vil.nai.com/vil/content/v_994...alInstructions
Removal instructions in can you need them later
http://vil.nai.com/vil/content/v_994...alInstructions
Thread Starter
Former Sponsor
Joined: Sep 2000
Posts: 1,987
Likes: 0
From: www.scoobyworld.co.uk
Bioforger - actually it wasnt my mate that sent it - his system is clean - the virus has the ability to spoof the senders email address so it could have come from anywhere
Neil
Neil
Thread
Thread Starter
Forum
Replies
Last Post