ScoobyNet.com - Subaru Enthusiast Forum

ScoobyNet.com - Subaru Enthusiast Forum (https://www.scoobynet.com/)
-   Computer & Technology Related (https://www.scoobynet.com/computer-and-technology-related-34/)
-   -   Virus help needed (https://www.scoobynet.com/computer-and-technology-related-34/136463-virus-help-needed.html)

Da Booga 29 September 2002 10:39 PM
Hi, I have a virus that is driving me mad!!!

The virus is W95/CIH.1003 and attaches itself to any .exe files that are run whilst it is resident in memory.

I have downloaded a small program to kill the virus in memory and then re-installed my virus program. The virus program then managed to clean all but 6 of the exe files infected by the virus. The 6 files it wasn't able to clean are

Mprexe.exe
MStask.exe
Stimon.exe
Wmiexe.exe
Devldr16.exe
Ssdpsrv.exe

These are all in the windows/system directory and are running in the background so this stops the virus program from cleaning them.

I thought I could get around this by booting from a virus detection floppy disk but again this gives an error saying unable to edit file [img]images/smilies/mad.gif[/img]

So everytime I boot my PC these files are obviously loaded automatically which activates the virus so any exe files that are loaded after those are also infected (again!) with the virus. I have to ensure I run the program to remove the virus from memory to stop it infecting any other programs I run.

How do I clean or restore those 6 files as they seem quite essential to the running of Windows?

I am running Windows ME and using Mcafee Virus scan with the latest DAT.

Please help.

Cheers,

Gareth


[Edited by Da Booga - 9/29/2002 10:40:18 PM]

Puff The Magic Wagon! 29 September 2002 11:41 PM
DOS Disk?

Or boot onto the original Win Me CD, then run the DOS version of the virus cleaner?

Or as above but...

Extract the files from the .cab files on your OE CD onto a floppy & delete the ones on your PC, then copy in the ones on the floppy?

Ken E 30 September 2002 09:01 AM
Look on McAfees website for the solution.

Da Booga 30 September 2002 11:58 PM
Finally managed to get rid of it!!!

Luckily, because I'm a lazy fecker, I still had the operating system on my removable HDD so I booted from that and scanned the original disk with the virus software, because non of the files were being used it could clean them all.

Easy in the end. He he

Thanks for the tips,

Gareth

JackClark 01 October 2002 08:50 AM
CIH contains a routine that on a certain date can erase the contents of a chip on your motherboard. Getting rid of it was a good idea :)


All times are GMT +1. The time now is 05:11 AM.


© 2024 MH Sub I, LLC dba Internet Brands