Re: virus problem
From: craig (craig_at_discussions.microsoft.com)
Date: 03/19/05
- Next message: M. Jennings: "Deleting the certificate does not stop decryption!"
- Previous message: Jerry: "Re: Anti Spyware Beta 1"
- In reply to: Malke: "Re: virus problem"
- Next in thread: Malke: "Re: virus problem"
- Reply: Malke: "Re: virus problem"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sat, 19 Mar 2005 12:59:01 -0800
Malke,
Many thanks for your reply, i'll give this a go over the next few days...
for info, i had alot of problems with this pc (was second hand) and had to
take the hard-drive to an 'expert' who completely wiped the memory and
rebuilt. He was the one who gave me sophos (think he paid them an amount
each year or something) and used to send me an update disc every 3 months.
Have taken note of your comments! and will get a full featured av asap..
Kind regards
"Malke" wrote:
> craig wrote:
>
> > Having problem with a virus than seems to run on startup and is
> > contained i think in system restore? Usually i am ok getting rid of
> > any viruses but this
> > one has got me stumped. I have removed the registry entry and all
> > folders
> > but every time i restart it comes back. Cmd line is C:\127021.exe. I
> > don't know much about DOS and when i type this ono the c prompt access
> > is denied.
> > Ad-Aware picks this up seems to fix it but always back after restart.
> > I run sophos anti-virus but IDE files have not been updated for some
> > time as no
> > longer in contact with person who installed. Every hour os so sophos
> > prompts me to this virus but cannot delete it.
> >
> > Can anyone advise how to remove this or direct me to instructions on
> > how to locate and delete.
> >
> > Any response will be appreciated...
>
> I'm not sure what you mean by saying your Sophos av files haven't been
> updated "as no longer in contact with person who installed". Having
> outdated virus definitions is almost worse than having no av installed
> at all. If you are unable to update Sophos, uninstall it and get a
> full-featured av immediately. If the virus is running on startup, it is
> *not* contained only in System Restore points. The virus files in the
> System Restore points aren't active; something else on your hard drive
> is.
>
> Delete all Temporary and Temporary Internet Files. Then scan in Safe
> Mode with TrendMicro's Sysclean:
>
> TrendMicro's Sysclean is an extensive antivirus tool which has the
> advantage of not needing to be installed. It requires two parts - the
> scanning engine and the virus pattern files.
>
> 1. Create a new folder on your Desktop or the C: drive named something
> useful like "Sysclean".
> 2. Go here and download the two parts of the program to that folder:
>
> http://www.trendmicro.com/download/dcs.asp - Sysclean
> http://www.trendmicro.com/download/pattern.asp - virus pattern files
>
> The pattern files will be zipped - extract them with your unzipper (like
> WinZip) or if you have XP, you can just open the folder. You need to
> put the extracted files in the Sysclean folder you made.
>
> 3. Restart your computer in Safe Mode. Get into Safe Mode by repeatedly
> tapping the F8 key as the computer is starting up to get to the proper
> menu.
> 4. Go to the Sysclean folder you made and double-click on sysclean.com.
> Start the scan. After the scan is finished, look at the log. You may
> need to make a note of where any viruses were found if they were not
> able to be removed so you can manually delete them.
>
> After you've scanned with Sysclean, get and install the full-featured av
> (uninstall Sophos first), update it, and do a thorough scan in Safe
> Mode. After you've done your virus scanning, remove non-viral malware
> with Ad-aware and Spybot Search & Destroy. Make sure you update those
> programs before you run them, and do your scans in Safe Mode.
>
> After you know your computer is 100% clean, you can make a new System
> Restore point and then delete all the previous ones by using Disk
> Cleanup's More Options feature.
>
> Malke
> --
> MS MVP - Windows Shell/User
> www.elephantboycomputers.com
> In Memoriam - MVP Alex Nichol
> The world is diminished without him.
>
- Next message: M. Jennings: "Deleting the certificate does not stop decryption!"
- Previous message: Jerry: "Re: Anti Spyware Beta 1"
- In reply to: Malke: "Re: virus problem"
- Next in thread: Malke: "Re: virus problem"
- Reply: Malke: "Re: virus problem"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
