From: Manish (
Date: 07/05/04

  • Next message: Jupiter Jones [MVP]: "Re: about blank"
    Date: Mon, 5 Jul 2004 09:13:39 -0700


    I will try this out.


    >-----Original Message-----
    >On Mon, 5 Jul 2004 06:26:49 -0700, "Manish Dewan"
    <> wrote:
    >>My pc is infested with this
    >>I am unable to get connected to Symatec website.
    >>This is for Windows XP home System.
    >>The infetested file is WindowsSystem32.*** file. Hence
    >>the Sysmaten Anitivirus is denied permission.
    >>How can I remove this virus?
    >Sounds like you may have multiple infections, including
    a browser or dns hijack.
    >The hijack apparently interferes with your ability to
    access websites. You may
    >have to resolve the ip addresses manually to get the
    tools to find and remove
    >the infection.
    >All-NetTools and DNSStuff websites both help you resolve
    (lookup) addresses.
    ><> (Use NSLookup)
    ><> (Use Ping)
    >Install and run Stinger.
    >Search your entire system drive, including hidden and
    system folders, for file
    >"hosts". There is one legit copy, in C:\WINDOWS\system32
    \drivers\etc\. The
    >others are possibly bogus, and part (but just part) of
    the problem. Examine the
    >contents of each copy found, using Notepad. (HINT:
    Scroll to the end of each
    >Hosts file, by hitting Ctrl-End, then back up to the
    top, page by page, before
    >deciding that the file is empty. Look out for blank
    lines at the beginning and
    >end of the file, after localhost, placed there by an
    >Try one or more of these free online virus scans, which
    should complement NAV:
    >Now check for, and learn to defend against, additional
    problems. Have you
    >downloaded these programs before? Download them again,
    as the latest version
    >may be needed to keep up with the current level of
    malware being attempted
    >constantly - get the absolutely most current version of
    each product listed.
    >They're all free - and most pretty small, so they
    download quickly enough.
    >Start by downloading each of the following free tools:
    >AdAware <>
    >CWShredder <>
    >CoolWWWSearch.SmartSearch (v1/v2) MiniRemoval
    >HijackThis <
    >LSP-Fix and WinsockLSPFix
    >Spybot S&D <
    >Create a separate folder for HijackThis, such as
    C:\HijackThis - copy the
    >downloaded file there. Spybot S&D has an install
    routine - run it. The other
    >downloaded programs can be copied into, and run from,
    any convenient folder.
    >Start by closing all Internet Explorer and Outlook
    windows, and running
    >CoolWebSearchSmartKillerMiniRemoval, then CWShredder.
    Have the latter fix all.
    >Next, run AdAware. First update it ("Check for updates
    now"), configure for
    >full scan (<>),
    then scan ("Start" - "Use
    >custom scanning options" - "Next"). When scanning
    finishes, select everything,
    >and hit Next again.
    >Next, run Spybot S&D. First update it ("Search for
    updates"), then run a scan
    >("Check for problems"). Trust Spybot, and delete
    everything ("Fix Problems")
    >that is displayed in Red.
    >Then, run HijackThis ("Scan"). Do NOT make any changes
    immediately. Save the
    >HJT Log.
    >Finally, have your HJT log interpreted by experts at one
    or more of the
    >following security forums (and post it, or a link to
    your forum posts, here):
    >Aumha: <>
    >Net-Integration: <>
    >Spyware Info: <>
    >Spyware Warrior: <>
    >Tom Coyote: <>
    >Wilders Security<>
    >If removal of any spyware affects your ability to access
    the internet (some
    >spyware builds itself into the network software, and its
    removal may damage your
    >network), run LSP-Fix and / or WinsockXPFIx.
    >And Manish, please don't contribute to the spread and
    success of email address
    >mining viruses. Learn to munge your email address
    properly, to keep yourself a
    >bit safer when posting to open forums. Protect yourself
    and the rest of the
    >internet - read this article.
    >BTW, please read this article about Cross-Posting vs
    >Paranoia comes from experience - and is not necessarily
    a bad thing.

  • Next message: Jupiter Jones [MVP]: "Re: about blank"