Re: w32.ircbot: advice appreciated
From: David H. Lipman (DLipman~nospam~_at_Verizon.Net)
Date: 01/16/05
- Next message: cquirke (MVP Win9x): "Re: Attempted Intrusion "Welchia_ICMP_Scan" from your machine against"
- Previous message: Mike Hall: "Re: trojan start page"
- In reply to:(deleted message) otto_at_hotpoop.com: "w32.ircbot: advice appreciated"
- Next in thread: otto_at_hotpoop.com: "Re: w32.ircbot: advice appreciated"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sun, 16 Jan 2005 14:03:16 -0500
1) Download the following three items...
McAfee Stinger
http://vil.nai.com/vil/stinger/
Trend Sysclean Package
http://www.trendmicro.com/download/dcs.asp
Latest Trend signature files.
http://www.trendmicro.com/download/pattern.asp
Create a directory.
On drive "C:\"
(e.g., "c:\New Folder")
or the desktop
(e.g., "C:\Documents and Settings\lipman\Desktop\New Folder")
Download SYSCLEAN.COM and place it in that directory.
Download the signature files (pattern files) by obtaining the ZIP file.
For example; lpt351.zip
Extract the contents of the ZIP file and place the contents in the same directory as
SYSCLEAN.COM.
2) If you are using WinME or WinXP, disable System Restore
http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm
3) Reboot your PC into Safe Mode and shutdown as many applications as possible
4) Using both the Trend Sysclean utility and Stinger, perform a Full Scan of your
platform and clean/delete any infectors found
5) Restart your PC and perform a "final" Full Scan of your platform using both.
6) If you are using WinME or WinXP, Re-enable System Restore and re-apply any
System Restore preferences, (e.g. HD space to use suggested 400 ~ 600MB),
7) Reboot your PC.
8) If you are using WinME or WinXP, create a new Restore point
* * * Please report back your results * * *
-- Dave http://www.claymania.com/removal-trojan-adware.html <otto@hotpoop.com> wrote in message news:oocju09d8fqfu3fdmo68age9jti494qntn@4ax.com... | Hi, I`m hoping someone can advise me on the following virus issue: | I seem to have become infected somehow, not exactly sure how, with | w32.ircbot which NAV says it`s deleted, but it seems to have done the | following damage to my system; removed my ebay toolbar, which I fixed | by reinstalling it from ebay, caused the system to hang at random, and | the screen to go black, equally at random, which didn`t respond to me | touching the mouse or keyboard, as a screen saver would, only thing I | could do was switch pc off and on again. I reinstalled windows, (I`m | using 98se) which seems to have solved those issues. It also changed | some file associations, ie zip files became associated with winzip, | but I use winrar as default, and bizarrely, jpg files also became | associated with winzip (which obviously wouldn`t open them). I fixed | this by reinstalling winrar and my picture viewer. That`s all the good | news. The bad news is (and I don`t know how bad this is) is that it`s | done something to my system time/date. When I tried to run winamp it | told me there was an error with my system date, so I rebooted, and | went into CMOS, and the time was correct, and the date and month, but | the year was 2003 instead of 2005. I changed it, and then later I | noticed that all the folders in win explore are displaying the same | time/ date, 14th Jan 2003 01:26 am . Then I noticed that all (yes ALL) | of the files on my pc other than a few that were created later than | that time, are saying the same time/date!! So I can`t sort the files | in any folder by last modified, as they all have the same last | modified time/date! If I right click on a file and display properties, | it says the file (any file at all) was modified on the above time / | date, and it was created on December 31st 1979 at 23:15! | Am I right in thinking that, to a computer, anything before Jan 1 1980 | is prehistory, and therefore just "undated"? | More importantly, what damage is this doing to my system, and most | importantly of all - What can I do about it? | | Thanks for any help anyone can give me | | Mark |
- Next message: cquirke (MVP Win9x): "Re: Attempted Intrusion "Welchia_ICMP_Scan" from your machine against"
- Previous message: Mike Hall: "Re: trojan start page"
- In reply to:(deleted message) otto_at_hotpoop.com: "w32.ircbot: advice appreciated"
- Next in thread: otto_at_hotpoop.com: "Re: w32.ircbot: advice appreciated"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
