Re: Nasty Virus
From: David H. Lipman (DLipman~nospam~_at_Verizon.Net)
Date: Sat, 9 Oct 2004 12:41:32 -0400
Yes. Have Adaware remove the parasites in Safe Mode and delete the hosts file.
You may have to cycle through this a few times.
"Mike F" <firstname.lastname@example.org> wrote in message
| Yeah I did all that, and the same problems are still
| there, the trendmicro program found nothing, and the
| adaware found a bunch, but just cydoor and stuff like
| The hosts file in my system32/drivers/etc folder has in
| it the sites that this virus won't let me access,
| symantec, windows update and such.
| Any other ideas, besides formatting?
| >-----Original Message-----
| >1) Download the following three items...
| > Trend Sysclean Package
| > http://www.trendmicro.com/download/dcs.asp
| > Latest Trend signature files.
| > http://www.trendmicro.com/download/pattern.asp
| > Adaware SE
| > http://www.lavasoftusa.com/
| >Create a directory.
| >On drive "C:\"
| >(e.g., "c:\New Folder")
| >or the desktop
| >(e.g., "C:\Documents and Settings\lipman\Desktop\New
| >Download sysclean.com and place it in that directory.
| >Dowload the signature files (pattern files) by obtaining
| the ZIP file.
| >For example; lpt186.zip
| >Extract the contents of the ZIP file and place the
| contents in the same directory as
| >2) Update Adware with the latest definitions.
| >3) If you are using WinME or WinXP, disable System
| >4) Reboot your PC into Safe Mode
| >5) Using both the Trend Sysclean utility and
| Adaware, perform a Full Scan of your
| > platform and clean/delete any
| infectors/parasites found.
| >6) Restart your PC and perform a "final" Full Scan
| of your platform using both the
| > Trend Sysclean utility and Adaware
| >7) If you are using WinME or WinXP,Re-enable System
| Restore and re-apply any
| > System Restore preferences, (e.g. HD space
| to use suggested 400 ~ 600MB),
| >8) Reboot your PC.
| >9) If you are using WinME or WinXP, create a new
| Restore point
| >10) Please report back your results
| >"Mike F" <email@example.com> wrote in message
| >| I believe I have a trojan of some kind, it has changed
| >| access on my registry so that I no longer have
| >| administrator privledges, it closes my browser
| whenever I
| >| load sites dealing with antivirus programs, it closes
| >| programs on my computer as well ( hijackthis, norton).
| >| it won't let me open regedit, msconfig or any other
| >| system programs. System restore won't work, safe mode
| >| still has same problems.
| >| Any ideas on how I can restore my administrator
| >| privledges so that I can fix this bug?