Re: Cannot remove virus

From: David H. Lipman (DLipman~nospam~_at_Verizon.Net)
Date: 04/29/05 

Date: Fri, 29 Apr 2005 17:13:35 -0400

From: "Stuart Reed" <sr@stureed.co.uk>

|
| Hi David
|
| I did try to follow your instructions to the letter, but there are a couple
| of points I didn't mention:
|
| First, I don't have Mozilla FireFox installed and my System Restore is
| always off because I have Norton GoBack installed.
|
| I tried to install Sysclean again but had the same problem.
|
| I downloaded KillBox and did a scan but the trojan is still there.
|
| Thanks again for your patience.
| Stuart
|

Stuart:

Download CLEAN.EXE from the URL --
http://www.ik-cs.com/programs/virtools/clean.exe

It is a self-extracting ZIP file that contains the Kixtart Script Interpreter { http://kixtart.org Kixtart is CareWare } three batch files, two Kixtart scripts, two Link (.lnk) files and a PDF instruction file.

The file CLEAN.EXE can also be obtained from the URL --
http://www.ik-cs.com/programs/virtools/clean.exe

GETFILES.BAT -- For downloading (FTP) the files needed to run the McAfee Command Line Scanner.

CLEAN.BAT -- For running within Windows after running c:\mcafee\GetFiles.BAT. If you choose to scan again at a future date, run this batch file. It will automatically check the date of the McAfee DAT files and if it is a couple of days old, it will download (FTP) the latest signature files and install them before performing the scan.

DOSCLEAN.BAT -- For use on a Win9x/ME PC or on a Win2K/WinXP PC that is using FAT32 after you have booted from an Emergency Boot Disk or DOS disk and have already executed; c:\mcafee\GetFiles.BAT from within Windows. DOS disk boot images can be obtained from; http://www.bootdisk.com/bootdisk.htm

I need you to perform the following...

Execute; CLEAN.EXE
Choose; Unzip
Choose; Close

Execute; c:\mcafee\GetFiles.BAT
{ or Double-click on 'GetFiles Link' in c:\mcafee }

Reboot the PC into Safe Mode [F8 key during boot]

Shutdown as many applications as possible !
It would also help for you to read - "How to perform a clean boot in Windows XP"
http://support.microsoft.com/kb/310353

Execute; c:\mcafee\CLEAN.BAT
{ or Double-click on 'Clean Link' in c:\mcafee }

See if that cleans the infector, if not perform the following...

1) Download Pocket KillBox
       http://www.bleepingcomputer.com/files/spyware/KillBox.zip

       Extract killbox.exe from the ZIP file.
       Execute; KillBox.exe

       Click on Tools --> Select; Delete Temp Files.

       Choose; OK

       In the Full Path of File to Delete box, type the entire following line exactly

       C:\Windows\REGIST~\cabplay.dll

       Select; Replace on Reboot

       put a check in the box "Use Dummy"

       Click The Red circle and a white X

       When prompted to Replace on Reboot, click YES

       If prompted to Reboot Now, Click YES

       Allow the PC to shutdown

2) Reboot your PC into Safe Mode and shutdown as many applications as possible.

3) Execute; c:\mcafee\CLEAN.BAT
       { or Double-click on 'Clean Link' in c:\mcafee }

A final report in HTML format called C:\mcafee\ScanReport.HTML will be generated. At the end of the scan, it will be displayed in your browser (FireFox or Internet Explorer). It is suggested that you move the report out of c:\mcafee before performing another scan. It would be a good idea to scan in Safe Mode and in Normal Mode and save a copy of the HTML report for each session. I would very much like a copy of the report(s) and your findings.

Please attach C:\mcafee\ScanReport.HTML in your reply when you have performed the above. 

-- 
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm

Relevant Pages

  • Re: As I use Internet Explorer I get this pop up-
    ... Download and install the Flash Player and Shockwave Players from the sites I ... Microsoft has these suggestions for Protecting your computer from the ... keep it clean,secure and running at its top performance mark. ...
    (microsoft.public.windowsxp.security_admin)
  • Re: System Mechanic 6
    ... >>I have your list and go through it regularly, but it doesn't clean the ... >>> I'll mainly work around Windows XP, as that is what the bulk of this ... >>> performing a full install of the operating system and all applications. ... Then there is a direct download site. ...
    (microsoft.public.windowsxp.perform_maintain)
  • RE: How do I restore or recover my system to out of box state?
    ... you can learn how to navigate thru your XP machine and clean the bugs and the ... Then download, install and immediately update these three programs before ... How to download and install HiJackThis: ...
    (microsoft.public.windowsxp.help_and_support)
  • Re: Trojan Horse
    ... NewCrapNet is not classified as a virus, ... > Download and install Ad-aware SE ... > signature files and install them before performing the scan. ... > Execute; CLEAN.EXE ...
    (microsoft.public.windowsupdate)
  • RE: Send error message
    ... Photos and documents, nothing better than clean? ... perform a clean install, but you need to delete all partitions and create new ... download an Anti-Virus and a firewall from either: ... I saw your Post in the Forum, try to uninstall the java Script I noticed you ...
    (microsoft.public.windowsxp.help_and_support)