Re: virus on xp need help

From: Lanwench [MVP - Exchange] (lanwench_at_heybuddy.donotsendme.unsolicitedmail.atyahoo.com)
Date: 02/04/04 

Date: Wed, 4 Feb 2004 10:36:10 -0500

What version of Norton are you running? The mention of an .ini file and the
copyright date makes me a little nervous you're using very old stuff. You
may need to upgrade. Do you keep it updated with live update?

Re server dialups created on your computer - do you mean porn dialers like
lop.com ? Try AdAware or Spybot Search&Destroy to get rid of them.

Mack wrote:
> Hello,i found a file called virscan.ini that talks bout
> the familly of w32 trojan only...it's very detailed i
> seem to be suffering from those effects explained by the
> virscan.ini but first is that a normal file????
> i did a scan on my puter with systemworks and got 0 virus
> but my registery has been modifyed and some inf files too
> i found some joy files exel exel4 winword winword2 amiprp
> presenta quattro powerpnt wordpft and one was in
> systemworks ...... in c:\
> msdos,autoexec,config.sys.IO,are at 0kb now i also have 4
> zipped folder in diffrent area of doccument and settings
> all the info on my system is wrong on inf files and
> servers dial ups are created on my puter can you tell me
> if that virscan is an exemple or if it could be a real
> virus file rfrom my puter??? i'll paste the 1st line here
> ty :
>
> The Norton AntiVirus Information File
> Copyright Symantec Corp. 1993-98
> All Rights Reserved
>
> Version #9609
>  Q~dý   &ÿw&ÿwsI+áfÄ?Vþ?
> Fü<Fü FþuÄ^&ÿw&ÿw¸Ps4áf
> !
>
> `````````
> õ M$ No additional
> information. This virus infects the master boot record
> and boot record of floppy disks. Bootup from infected
> floppies often causes system hangs Lenart This virus
> contains the text, "I am Li Xibin!". Bootup from
> infected floppies often causes system hangs This is
> dropped by the "Backdoor.Poly" or "Backdoor.SubSeven".
> You must delete this file. This is a trojan horse
> program and not a virus. This program can be used to
> allow unauthorized access to your computer. You must
> delete this file. This is a backdoor type trojan
> program which can be used to allow unauthorized access to
> your computer. This backdoor trojan loads by adding
> to the line shell=explorer.exe in the SYSTEM.INI file.
> To clean, replace that line and delete the corresponding
> file from the C:\WINDOWS directory. This virus does
> little but replicate. Note that Boot-437 does not infect
> the MBR of the hard drive; it infects only the Boot
> Sector. This is a Internet worm that uses .bat files
> to search through a range of IP addresses of known ISPs
> to find an accessible computer.
>
> ty for help (it aslo say in the file i get the iamvirus
> for opening this file) ty i will develop from here if
> more info needed..........

Relevant Pages

  • Trojan? Or a false alarm?
    ... I've been a Norton Anti-virus user for about two years, ... And I run virus and security checks ALL the ... It said that it was a Malware type Trojan called Win32:SdBot-3324 ... drive is just a "recovery partition" used by my computer. ...
    (alt.comp.anti-virus)
  • virus on xp need help
    ... i did a scan on my puter with systemworks and got 0 virus ... This virus infects the master boot record ... This is a trojan horse ... the MBR of the hard drive; it infects only the Boot ...
    (microsoft.public.windowsxp.security_admin)
  • Re: Trojans.... Is there a way???
    ... usually not the province of virus detectors or virus removers. ... Trojan = Usually does NOT cause local destruction (i.e., ... An example of a destructive virus payload would be the CIH (aka; ... malware class has become a growing problem nad now infects more ...
    (microsoft.public.windowsxp.general)
  • Re: Trojans.... Is there a way???
    ... | usually not the province of virus detectors or virus removers. ... Virus -- software that self replicates and often has a payload that may be destructive. ... virus infects a goven computer it has a payload date. ... Trojan -- software that does NOT self replicate but usually has a payload that may be ...
    (microsoft.public.windowsxp.general)
  • Re: MORICONS.EXE trojan/virus?
    ... My Norton updated its definitions today and scanned my pc. ... The new virus definition found Moricons.delete ... Download.Trojan virus. ... and downloads other Trojan horses or components. ...
    (comp.security.firewalls)
Quantcast