***FIX*** serflog.c virus, msn:

  • Thread starter Thread starter GM
  • Start date Start date
G

GM

Good afternoon folks...

I have got rid of my virus!!!!

Let me say this was NOT at all easy; the program that got rid of it was:

http://www.free-av.com/ - antivir

I completely understand the problems of the virus closing any program
opened; so what you need to do is somehow get that package to your desktop,
and run it by either clicking loads to overload your system, or by pressing
return on your system, try get through the menus without closing the
program - ignore 'close this program'? dialogues, it's the virus trying to
close it! Click no then click on another button

ie:

shove the 'close? yes/no' dialogue box over the 'next' box, so when you
press 'no' you can press 'next' in the install program...

or use return again and keep your finger on it.

Once it's installed, ensure you're connected through the net ( i guess you
need broadband ideally...) and it'll update, then run

it'll scan your computer manually (possibly with no windows displayed) and
find the virus and scarily flash on your screen as the virus keeps closing
it. This is because the virus closes most programs, and you'll have to be
quick with your eyesight...take it easy, it'll keep flashing, so read what
you can of them each time it flashes up.

Restart your pc, and it should delete it, then find other parts of the
virus...

Tip: as it kept flashing up initially i managed to tick 'display info box'
which came up with options, i changed the selection from 'always' to 'after
restart', and the below option to 'delete virus' as opposed to
close/clean/quarantine.

It worked, and now i'm running without the serflog.c virus

I do warn you, this is hard, but no other solution has worked successfully.

I will be using this virus scanner from now on too!

If you've any questions, please post here.

To the 'regulars' if you could please put this in better words then maybe
that would help people better. Unfortunately it's all about timing and
overloading your CPU to install the program, but i can reassure you it does
work!

Until symantec produces a removal tool (if at all) this is the onl y method
i have found that works.

G.
 
GM said:
Good afternoon folks...

I have got rid of my virus!!!!

Let me say this was NOT at all easy; the program that got rid of it was:

http://www.free-av.com/ - antivir

I completely understand the problems of the virus closing any program
opened; so what you need to do is somehow get that package to your desktop,
and run it by either clicking loads to overload your system, or by pressing
return on your system, try get through the menus without closing the
program - ignore 'close this program'? dialogues, it's the virus trying to
close it! Click no then click on another button
Click to expand...

ummm, no... what you need to do is boot into an environment where the
virus isn't active in the first place... usually this is safe-mode,
barring that safe-mode-command-prompt, and barring that use a PE disk
(or regular write protected bootable floppy disk if you have a FAT
based filesystem)...

[snip]
To the 'regulars' if you could please put this in better words then maybe
that would help people better. Unfortunately it's all about timing and
overloading your CPU to install the program, but i can reassure you it does
work!
Click to expand...

sorry but methods that work only because of luck aren't reliable enough
to bother with... just because it worked on your system doesn't mean it
will work on a different system with a different hardware or software
configuration...

further, why are we believing it took this complicated method rather
than simply saying avast isn't one of the anti-virus products this
virus tries to close?
 
kurt wismer said:
ummm, no... what you need to do is boot into an environment where the
virus isn't active in the first place... usually this is safe-mode,
barring that safe-mode-command-prompt, and barring that use a PE disk
(or regular write protected bootable floppy disk if you have a FAT
based filesystem)...

[snip]
To the 'regulars' if you could please put this in better words then maybe
that would help people better. Unfortunately it's all about timing and
overloading your CPU to install the program, but i can reassure you it
does work!
Click to expand...

sorry but methods that work only because of luck aren't reliable enough
to bother with... just because it worked on your system doesn't mean it
will work on a different system with a different hardware or software
configuration...

further, why are we believing it took this complicated method rather
than simply saying avast isn't one of the anti-virus products this
virus tries to close?
Click to expand...


I see your point, but any other virus product i tried failed.

I accept you trying to be a smart-arse. I say 'trying', as you failed pretty
badly. The virus runs in safe-mode, you cannot access any directory through
DOS as 'access denied' is shown.

I've spoken to various companies over the phone, who were interested in
solving it, and wished me to send them the virus, as it was so new.

SYSCLEAN has now, i believe, manged to tackle it successfully, symantec's
scanner still does not recognise it at all on a system.

If you wish to make an intelligent comment, then maybe read up on the
subject involved next time.
 
The virus runs in safe-mode, you cannot access any directory through
DOS as 'access denied' is shown.
[snip]

If you wish to make an intelligent comment, then maybe read up on the
subject involved next time.
Click to expand...

What did he say that was wrong?
 
GM said:
kurt wismer said:
ummm, no... what you need to do is boot into an environment where the
virus isn't active in the first place... usually this is safe-mode,
barring that safe-mode-command-prompt, and barring that use a PE disk
(or regular write protected bootable floppy disk if you have a FAT
based filesystem)...

[snip]
To the 'regulars' if you could please put this in better words then maybe
that would help people better. Unfortunately it's all about timing and
overloading your CPU to install the program, but i can reassure you it
does work!
Click to expand...

sorry but methods that work only because of luck aren't reliable enough
to bother with... just because it worked on your system doesn't mean it
will work on a different system with a different hardware or software
configuration...

further, why are we believing it took this complicated method rather
than simply saying avast isn't one of the anti-virus products this
virus tries to close?
Click to expand...

I see your point, but any other virus product i tried failed.
Click to expand...

which strongly suggests that avast was not one of the products the
virus targeted...
I accept you trying to be a smart-arse. I say 'trying', as you failed pretty
badly. The virus runs in safe-mode, you cannot access any directory through
DOS as 'access denied' is shown.
Click to expand...

i said safe-mode or safe-mode-command-prompt (even less of the windows
system loaded then - no gui so things that hook onto explorer and the
like won't get executed) or a PE disk... i can only assume from your
accusation of smartarseness that you don't know or care what a PE disk
is... if you did know you'd know that you get full access to the system
without executing code on the system (therefore the virus would not
have been active) - and if you didn't know but at least cared you would
have asked 'what's this PE disk you're talking about and how could it
have helped?'...
 
How did you manage to do it? It won't let me access the website let
alone download it. It is thwarting SYSCLEAN as well. I caught the
latest vriant Friday night.
 
How did you manage to do it? It won't let me access the website let
alone download it. It is thwarting SYSCLEAN as well. I caught the
latest vriant Friday night.
Click to expand...

Have you tried running in Safe Mode?
 
Back
Top