Re: PLEASE Help with a Virus Fix
From: Mike (notmyrealaddress_at_optonline.net)
Date: 03/09/04
- Next message: Bruce Chambers: "Re: Virus"
- Previous message: David H. Lipman: "Re: Aaron Research"
- In reply to: David H. Lipman: "Re: PLEASE Help with a Virus Fix"
- Next in thread: Sarah: "Re: PLEASE Help with a Virus Fix"
- Reply: Sarah: "Re: PLEASE Help with a Virus Fix"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 8 Mar 2004 23:05:43 -0500
You misunderstood me - I didn't mean it in a 'bad' way!
I just meant, did you want me to run what you said 'in addition'
to what I had already done. Anyway, I downloaded and ran it
and every file came out clean. The only question I have left
then since I want to be SURE that there is no 'residue' (or
however you refer to it) that could hack into my P.W. or
view my screens or log my keystrokes (or anything like that),
is the one I mentioned below:
http://securityresponse.symantec.com/avcenter/venc/data/w32.netsky.k@mm.html
(The question below about where it says it removed certain values from
registry keys (or certain keys) in #4-7 in the document.) Do I need to be
concerned about that (I did check and they are gone as the document said
they would be)? [If you don't happen to know, that's fine. I'm just asking
IN CASE you happened to know]!
The important thing is I deleted the registry entry in the
last step in the document (the 'stealth' one, which runs when you boot up).
Whether you happen to get back to me or not, I just wanted to
thank you again and hope this did the trick. Never again will I
be so stupid (at least not on the PC!)...
Mike______________
"David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message
news:O9eZMGYBEHA.2628@TK2MSFTNGP11.phx.gbl...
If I didn't want you to do it -- I wouldn't have suggested what I provided ;-)
Dave
"Mike" <notmyrealaddress@optonline.net> wrote in message
news:O5MLVAYBEHA.2600@TK2MSFTNGP12.phx.gbl...
| I did the steps below, but not with McAfee Stinger. I have NAV
| and followed these steps:
| http://securityresponse.symantec.com/avcenter/venc/data/w32.netsky.k@mm.html
| The only thing I don't get in the document in that link is #4 - #7 under
| Technical Details,
| where it says it either removed certain values from certain registry keys. I
| followed
| their instructions at the bottom where they say to remove the ICQ Net value
from
| the specified key (along with doing everything else), but I don't know how (or
| if I'm
| supposed) to restore the values/keys in #4 - #7.
| (I haven't enabled System Restore again, btw)
|
| 1.) Do you know the answer to that by any chance?
| 2.) Should I also do what you mentioned below?
|
| Thanks so much again - I appreciate it,
| Mike_________
|
| "David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message
| news:OCE5ZOXBEHA.1140@TK2MSFTNGP10.phx.gbl...
| Obtain McAfee's virus and worm removal tool, Stinger:
| http://vil.nai.com/vil/stinger/
|
| 1) If you are using WinME or WinXP, disable System Restore
| http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm
| 2) Reboot your PC into Safe Mode
| 3) Using McAfee Stinger, perform a Full Scan of your platform and
| clean/delete any
| infectors found
| 4) Restart your PC and perform a "final" Full Scan of your platform
| 5) If you are using WinME or WinXP,Re-enable System Restore and re-apply
any
| System Restore preferences, (e.g. HD space to use suggested 200 ~
| 400MB),
| reboot your PC.
| 6) If you are using WinME or WinXP, create a new Restore point
| 7) Please report back your results
|
| Dave
|
|
|
| "Mike" <notmyrealaddress@optonline.net> wrote in message
| news:u$xGFGXBEHA.3776@tk2msftngp13.phx.gbl...
| | I am SO stupid. I was working on a bunch of things and I was
| | in a hurry and I received an e-mail from a friend with an
| | attachment and I idiotically broke all the cardinal rules
| | of everything I know and downloaded it. It turned out to
| | be the W32.Netsky.K@mm Virus (DON'T click on the
| | underlined portion - I can't get rid of it).
| |
| | I ran Norton Anti-Virus, Tauscan Anti-Worm, SpySweeper
| | Anti-Malware, etc. and went through 50 different dreaded
| | 'blue' screens, i.e.: "Your PC has been infected, etc., etc.
| | Do you want to Quarantine, Delete, etc., etc." After two hours
| | of doing so many things that it would take too long to recount
| | here, including not even being able to log on at one point, I've
| | finally got far enough along to be able to write this post.
| |
| | Could someone PLEASE tell me:
| | 1.) How much of my PC may be infected?
| | 2.) Where to look for infected files?
| | 3.) What does this virus do to your PC?
| | (what applications, etc. does it 'take over' (or whatever)
| | 4.) Finally, WHERE can I go to get a FIX to totally clean
| | out my PC?
| |
| | Someone suggested that I go here:
| | http://ses.symantec.com/article.cfm?articleid=2420
| | and run Step 3, but Step 3 is for the "D" Variant.
| | What do I do to clean out the "K" Variant?
| |
| | I can't thank you enough if you can help me...
| | Mike_____________
| |
| |
| |
|
|
|
- Next message: Bruce Chambers: "Re: Virus"
- Previous message: David H. Lipman: "Re: Aaron Research"
- In reply to: David H. Lipman: "Re: PLEASE Help with a Virus Fix"
- Next in thread: Sarah: "Re: PLEASE Help with a Virus Fix"
- Reply: Sarah: "Re: PLEASE Help with a Virus Fix"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
