Re: Removing TROJ_ESEPOR.B and Win32.Netsky.Z!ZIP
From: Malke (malke_at_nospoonnotreally.com)
Date: 12/06/04
- Next message: cquirke (MVP Win9x): "Re: Safe Mode and spyware"
- Previous message: sol: "Removing TROJ_ESEPOR.B and Win32.Netsky.Z!ZIP"
- In reply to: sol: "Removing TROJ_ESEPOR.B and Win32.Netsky.Z!ZIP"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 06 Dec 2004 12:20:01 -0800
sol wrote:
> I ran the Trend Micro House Call. It found the TROJ_ESEPOR.B but it
> could not clean it. It gave manual cleaning instructions which said
>
> -------------
> On the task manager, look for and terminate the processes with the
> name:
> Iexplore.exe
> ------------------------
>
> But there was no Iexplore.exe in the Task Manager Processes window.
> How can I eliminate this virus?
>
> More importantly, the virus protection program in the computer finds
> and quarantines emails, which turn out to be the Win32.Netsky.Z!ZIP
>
> But so far none of the on line scanners I tried found it. In fact
> Trend Micro suggested specifically to find this worm but it couldn't.
> The tech services do not respond. I would appreciate help removing
> this virus.
>
> TIA
>
> (I am using XP professional. I turned the system restore off and made
> the system files visible before scans as suggested in this group.)
This is why the online scanners are sometimes not that useful. You need
to scan in Safe Mode. I assume you don't have a current version
antivirus installed (using updated definitions), or you wouldn't have
caught the virus. Scan in Safe Mode with TrendMicro's Sysclean
(directions to follow). Afterwards, you should install a full-featured
antivirus, update its definitions, and scan again in Safe Mode.
TrendMicro's Sysclean is an extensive antivirus tool which has the
advantage of not needing to be installed. It requires two parts - the
scanning engine and the virus pattern files.
1. Create a new folder on your Desktop or the C: drive named something
useful like "Sysclean".
2. Go here and download the two parts of the program to that folder:
http://www.trendmicro.com/download/dcs.asp - Sysclean
http://www.trendmicro.com/download/pattern.asp - virus pattern files
The pattern files will be zipped - extract them with your unzipper (like
WinZip) or if you have XP, you can just open the folder. You need to
put the extracted files in the Sysclean folder you made.
3. Restart your computer in Safe Mode. Get into Safe Mode by repeatedly
tapping the F8 key as the computer is starting up to get to the proper
menu.
4. Go to the Sysclean folder you made and double-click on sysclean.com.
Start the scan. After the scan is finished, look at the log. You may
need to make a note of where any viruses were found if they were not
able to be removed so you can manually delete them.
Malke
-- MS MVP - Windows Shell/User Elephant Boy Computers www.elephantboycomputers.com "Don't Panic!"
- Next message: cquirke (MVP Win9x): "Re: Safe Mode and spyware"
- Previous message: sol: "Removing TROJ_ESEPOR.B and Win32.Netsky.Z!ZIP"
- In reply to: sol: "Removing TROJ_ESEPOR.B and Win32.Netsky.Z!ZIP"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
