Re: Rem36.exe

From: Purl Gurl (purlgurl_at_purlgurl.net)
Date: 06/15/04


Date: Mon, 14 Jun 2004 17:19:32 -0700

GhostMaster wrote:
 
> Friend said that Norton scan said she should delete this file:
 
> C:\Documents and Settings\Owner\LocalSettings\Temp\Rem36.exe

Do _not_ reboot this machine. I will explain why in closing.

Right off, you or your "friend" need to ascertain why Norton
popped an alert on this, along with making note of what
virus name or trojan name is given to this file.

Do not fail to determine why Norton popped an alert.

Once you have this information, then research the Norton
site or similar sites, to locate a removal tool. Norton,
McAfee, others, probably offer a small removal tool for
this specific infection, if it is actually an infection.

Use of a removal tool is critical. A removal tool will
remove not only this file but any others associated
with it, restore your registry and repair any malicious
changes made to your virus scanner.

Be sure it is an infection before deleting any files.

> she clicked delete but then Norton said they could not delete it and then
> she tried to quarantine it and it would not let her do that either.
> then she put in search on the computer and she found the file and it would
> not let her delete it either.

That behavior is highly symptomatic of a virus infection.

There are a number of choices, but first be sure you are
dealing with a true infection and not a file which creates
a false positive. Most likely an infection, but be sure.

Best option, a removal tool.

A quick and easy option, which may or may not work, is to
locate the file, highlight, right click, select "properties"
and uncheck "system" and "hidden" properties. Then try to
delete this file. If you cannot delete it, odds are almost
one-hundred percent it is an infected file which has made
use of Microsoft proprietary coding to prevent deletion.

Another option, which is more challenging for you because
you appear to using a less powerful NT5 system, is to
boot to MSDOS, and delete it from there. This _always_
works. However, if you are running NT5, this is Win2K,
XP and others, you have a problem. NT5 is really stripped
down and rather impotent; you cannot boot to MSDOS.

Surprise! Your system is nowhere near as powerful as claimed.

What you can do is have a friend with a significantly
more powerful system, such as Win3.x or Win9.x, create
a floppy disk which will boot you to MSDOS. You can
also download a MSDOS boot disk from the internet.

Another challenge is you will need to learn just a little
bit of MSDOS command line calls to do this. Very easy but
requires you to learn, what you should already know. You
may also have to learn how to MSDOS address directory
names which have spaces or long names, and directory names
should absolutely never have spaces in them nor exceed
eight characters in length, plus three for file extensions.

Yet another challenge is you still have to find any
associated files, discover what damage was done to
your virus scanner, and figure how to repair your
Windows registry, if needed.

Don't forget to inspect your startup folder.

Kinda places you in a pinch, yes? Kinda makes you wish
you stuck with Win98 or Linux.

Best bet, discover the name of the infection and locate
a removal tool designed specifically for that infection.
Actually, for NT5, that is your only viable option.

Do not reboot this machine unless you are prepared to boot
to MSDOS. Many virus infections will cause your machine
to not boot, and you will not discover this until you
try to boot up. Other viruses, will wipe your bios on
reboot or destroy your drive partitions. Be prepared
for this consequence with an emergency boot disk which
will allow you to boot, reformat and install your OS.

Do not install your OS over an infected OS; waste of time.

Copy critical files to a secondary drive, if you feel
this is needed. However, do not transfer your infection
to your secondary drive! Has your friend scanned other
drives to discover if they are infected, as well?

If on a LAN, chances are pretty good all LAN machines
are now infected.

Scary, huh?

Before going delete crazy, be sure it is an infection.

Incidently, how did this probable virus get past Norton?

Purl Gurl

-- 
Play Poker! Play Blackjack!
http://www.purlgurl.net/~callgirl/android/poker.cgi
http://www.purlgurl.net/~callgirl/android/blakjack.cgi


Relevant Pages

  • Re: Rem36.exe
    ... you or your "friend" need to ascertain why Norton ... this specific infection, if it is actually an infection. ... you cannot boot to MSDOS. ...
    (alt.computer.security)
  • Re: Rebuilding keys in the registry
    ... actual XP CD as opposed to a recovery CD, boot with the XP ... CD in the drive and perform a repair install as outlined below. ... with the option to setup Windows or Repair Windows Installation ... Have since repaired and deleted the infection, ...
    (microsoft.public.windowsxp.configuration_manage)
  • Re: Security Patches - Dave Patrick (or anyone) ?
    ... Since it's unpartitioned you should be relatively safe from infection. ... allow you to scan for boot sector virus. ... On my next go-around, after installing W2k, I will apply all service ...
    (microsoft.public.win2000.setup)
  • Virus identity ???
    ... MS, Trend, Norton, or McAfee. ... years and am able to locate an infection by many methods. ... Microsoft security updates in XP are installed, ...
    (microsoft.public.security.virus)
  • RE: Spyware Infection Notice -- TRY THIS AS I HAVE THE SAME PROBLM
    ... I have the same problem 'spyware Infected' in black ... To my surprise me too have Norton AV 2005, ... This will stop viruses, and infected files, spywares, adwares & other ... > SPYWARE INFECTION ...
    (microsoft.public.windowsxp.security_admin)