Any ideas what this virus could be???

  • Thread starter Thread starter bude
  • Start date Start date
B

bude

Thanks in advance for any help.
I have a strange virus that will not let me access MY COMPUTER or get
into my control panel from my desktop. Further it will not let me get
into any folders. However, it will let stand-alone programs run.

Everytime I try and access any folders, it reboots and a picture of
Santa Claus saying "Ho Ho Ho" replace my existing desktop, and then
goes back to original desktop.

I've had Norton, Ad-Aware, and Spybot all come up with nothing. But I
notice in my NT/Sys32 folder that a couple new .exe files keep getting
regenerated. I went into my Registry and also killed all .exe lines
from the HKEY......Windows/Microsoft/RUN lines.

1. Does anyone know what this virus is?
2. Does anyone know how to get rid of it?
Again..thanks in advance
(e-mail address removed)
 
bude said:
Thanks in advance for any help.
I have a strange virus that will not let me access MY COMPUTER or get
into my control panel from my desktop. Further it will not let me get
into any folders. However, it will let stand-alone programs run.

Everytime I try and access any folders, it reboots and a picture of
Santa Claus saying "Ho Ho Ho" replace my existing desktop, and then
goes back to original desktop.

I've had Norton, Ad-Aware, and Spybot all come up with nothing. But I
notice in my NT/Sys32 folder that a couple new .exe files keep getting
regenerated. I went into my Registry and also killed all .exe lines
from the HKEY......Windows/Microsoft/RUN lines.

1. Does anyone know what this virus is?
2. Does anyone know how to get rid of it?
Again..thanks in advance
(e-mail address removed)
Click to expand...

it's generally not possible to identify a virus by symptoms or
filenames alone... if you think you have a virus, scan your drive
(already done)... if you think you have a virus your scanner can't
detect, try a different scanner or send a suspect file to your
anti-virus developer for analysis...
 
It sounds like the Zafi.d virus but I can't be sure.
See: http://www.techworld.com/security/news/index.cfm?NewsID=2812

Scan a suspect file using this to see if Kaspersky know of it:
http://www.kaspersky.com/scanforvirus

Also this could be a new virus so try to submit it to Norton via the norton
antivirus program :
http://service1.symantec.com/SUPPORT/nav.nsf/docid/2000031615501306

Also send a compressed and encripted sample of the file to:
(e-mail address removed)

See:
To create an email
1.. Create an email.
2.. Type Submission in the Subject field.
3.. Include the following information in the body of the email
a.. Operating System
b.. Name
c.. Address
d.. City
e.. State
f.. Zip/Country code
g.. Province
h.. Country
i.. Phone number
j.. A detailed description of the symptoms that you observed.

To create a password-protected zip file
Do the following to create a password-protected zip file that contains the
suspicious file/files. It is important that potentially infected files be
zipped and password protected to prevent the potential new virus from being
mistakenly sent to others. This process is part of the Symantec best
practices procedure when working with potentially infected files. If you are
running Norton AntiVirus or Symantec AntiVirus in a corporate environment,
then zipping and password protecting a potentially infected file will also
allow the file to be sent through your network security system without being
removed.

--------------------------------------------------------------------------------
Note: These steps apply to Winzip. If you have another zip utility, consult
your program documentation for help zipping and password protecting the
potentially infected file.

--------------------------------------------------------------------------------

1.. Open Windows Explorer.
2.. Locate the suspicious file or files.
3.. If there is only one file, then right-click the file, and then click
"Add to zip."
4.. Click I agree.
5.. Click New.
6.. Change the "Create" location to Desktop, type Submission and then
click OK.
7.. Click Options and then Password.
8.. Type infected and then click OK. Reenter the same password, and then
click OK again.
9.. You should see a zip file named Submission.zip on the Desktop.
10.. If you want to submit more than one file, then do the following for
each file.
11.. Locate the file and then right-click the file, and click "Add to
zip."
12.. Click I agree.
13.. Click Open.
14.. Change the "Create" location to Desktop, locate and click
Submission.zip and then click Open.
15.. Click Add.

To attach the zip file to the email and send the email to Security Response
1.. Attach the Submission.zip file to the email and send it to
(e-mail address removed)
2.. The submitted file will be scanned by the Symantec automated response
system and you will receive an email response with a tracking number.
 
All very good responses, and thanks. One of the problems again though
is that I also cannot update and send because this thing has messed
with my IE also. Forgot to mention that I can only access my file
folders when in SAFE MODE. Santa and his ho ho ho don't come up in that
mode. More to add in next post....
 
Back
Top