Re: AVG Virus program
From: Jack Nation (jnation_at_mchsi.com)
Date: Wed, 25 Aug 2004 14:42:43 -0500
Dave asked that I report on results after following the procedure he
I did download and run McAfee Stinger following all instructions. All went
well and my question is answered!
-- Thanks Sincerely, Jack Nation http://www.cedarnet.org/jnation/ "David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message news:uAJ9k1iiEHA.email@example.com... > Obtain McAfee's virus and worm removal tool, Stinger: http://vil.nai.com/vil/stinger/ > > 1) If you are using WinME or WinXP, disable System Restore > http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm > 2) Reboot your PC into Safe Mode > 3) Using McAfee Stinger, perform a Full Scan of your platform and clean/delete any > infectors found > 4) Restart your PC and perform a "final" Full Scan of your platform > 5) If you are using WinME or WinXP,Re-enable System Restore and re-apply any > System Restore preferences, (e.g. HD space to use suggested 200 ~ 400MB), > reboot your PC. > 6) If you are using WinME or WinXP, create a new Restore point > 7) Please report back your results > > If the above does NOT find MyDoom then AVG is confirmed. Just becuase a file name, > associated with an infector, is found it does not indicate it is indeed infected. > > > Dave > > > > > "Jack Nation" <firstname.lastname@example.org> wrote in message > news:eJJCbwiiEHA.3288@TK2MSFTNGP10.phx.gbl... > | I am using WindowsXP with Grisoft's AVG Virus program. I am needing help > | understanding a note on the AVG website. It say to delete a couple of files > | (services.exe & java.exe) if on the computer. I have the files but AVG does > | not detect them as having a virus. (These two files are also on the > | WindowsXP CD). > | > | Here is the website note: > | > | Quote: > | I-Worm/Mydoom.O > | Installation: > | When the worm is launched it copies itself as services.exe in Windows > | Directory. In the same directory it creates file java.exe (backdoor) that it > | registers as JavaVM in Run key in Windows registry. Worm also creates > | HKLM\Software\Microsoft\Daemon and HKCU\Software\Microsoft\Daemon keys in > | Windows Registry. > | Spreading: e-mail > | Worm spreads by sending itself to e-mail addresses that are taken from files > | stored on infected computer harddrive. > | Message: > | Sender: > | Sender address is random. > | Subject and body are randomly generated from texts saved in virus body. > | Name of attachment is random with one of the following extensions: > | com > | bat > | cmd > | exe > | scr > | pif > | Removing: > | Please delete infected files. > | End quote. > | > | Should I delete these 2 files? > | -- > | Sincerely, > | Jack Nation > | > | > >