Re: several viruses attack.

From: David H. Lipman (DLipman~nospam~_at_Verizon.Net)
Date: 02/27/04 

Date: Fri, 27 Feb 2004 13:29:39 -0500

Make sure NAV is fully updated, then...

1) If you are using WinME or WinXP, disable System Restore
            http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm
2) Reboot your PC into Safe Mode
3) Using NAV software, perform a Full Scan of your platform and clean/delete any
            infectors found
4) Restart your PC and perform a "final" Full Scan of your platform
5) If you are using WinME or WinXP, re-enable System Restore, reboot the PC
6) If you are using WinME or WinXP, create a new Restore point
7) Please report back your results

In addition:
If you post to UseNet with your TRUE, not a munged, email address then you have invited the
Swen Internet worm [aka; W32/Gibe-F] to visit you.

The Swen is news spelled backwards. The reason it is called this is because the Swen worm
harvests email addresses from UseNet News Groups. It has an engine that allows it to post
itself to UseNet News Groups as well as it has its own email engine. From the list of
email addresses that it has harvested, it will then email itself to those addresses.

Dave

"lin" <h u m b l e @ pacific.net.sg> wrote in message
news:uO7fKFV$DHA.3500@tk2msftngp13.phx.gbl...
| My friends system is attacked with several viruses namely Keylogger.Trojan,
| Download.Trojan and Bloodhound.Packed.
|
| I have updated the virus definitions and run a full scan on her system.
|
| Below are the infected files name and its location :
|
| c:\WINDOWS\system\mcireg.dll - Keylogger.Trojan
| c:\Program Files\Outlook Express\oemig54bt.exe - Download.Trojan
| c:\WINDOWS\system\svchost.ex - Bloodhound.Packed
| c:\WINDOWS\system\svchost.exe - Bloodhound.Packed
|
| I have also opened the Registry Editor and selected
|
| HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
|
| but only one infected file was shown on the right pane - svchost.ex.
|
| I did not delete the file.
|
| Her computer is protected with window XP firewall, NAV which she update
| daily and automatic update.
|
| Kindly assist how to get rid of the viruses.
|
| Thank you in advance.
|
|

Relevant Pages

  • Re: W2k3 - lsass shutdown problem
    ... Obtain McAfee's virus and worm removal tool, Stinger: http://vil.nai.com/vil/stinger/ ... If you are using WinME or WinXP, disable System Restore ...
    (microsoft.public.security.virus)
  • Re: Very Strange Problem
    ... Dowload the Trend Pattern File by obtaining the ZIP file. ... If you are using WinME or WinXP, disable System Restore ...
    (microsoft.public.windowsxp.general)
  • Re: Download.Trojan
    ... If you are using WinME or WinXP, re-enable System Restore, reboot the PC ...
    (microsoft.public.security.virus)
  • Re: Anybody hear of this?
    ... I have received the JPEG. ... |> 3) If you are using WinME or WinXP, disable System Restore ...
    (microsoft.public.security.virus)
  • Re: trojan horse?
    ... If you are using WinME or WinXP, disable System Restore ... Using the Trend Sysclean and Ad-aware SE utilities, perform a Full Scan of your ...
    (alt.computer.security)