Identify Virus

[Willie]

A friend had WinXP home, and clicking to open anything (My Computer, My
Documents, IE, actually anything) would cause the error message "...Has
encountered a problem and needs to close", and when closing, all desktop
icons would also briefly disappear, and then return. I went into safe mode,
and problem did not exist.(Everything opened fine) Her "Expired" Norton
Anti-virus could scan, but being expired for who knows how long, did not
detect anything upon scanning. My solution was extreme, but worked...I
reinstalled OS(It was over 2 years old anyway, and slow even before the
issue...I also turned on XP firewall, and reinstalled a New Norton Sys Works
for her). My question is, does anyone have any ideas what this Virus may
have been, by hearing the symptoms? I have searched Symantec and Google. I
am very curious to at least know. Thanks, and keep up the Great work you all
do here for no pay, but pure satisfaction.

Willie
P.S. She also had 3 stubborn Spyware issues(I had installed Ad-Aware and
Spybot, but she never ran them)They were; Huntbar; Ezula; Xupiter.

 

[wayne]

If you download the Stinger program from Macafee it probably would have
found the virus.
The spyware programs are all easy to remove with adaware if she had run
them!

I think you went way overboard unless she didn't care about losing her
files/settings

Next time try Stinger!


Wayne

 

[Willie]

Wayne,
I saved her files, favorite sites, and pictures to CD, and then scanned
them with the new Norton to be sure they were safe. As I said earlier, her
system was over 2 years old, and running slow 8 months ago the last time she
called me for something else, so a reinstall couldn't hurt, and in fact, did
speed things up considerably, as well as solve the issue. Thanks for the
advice/overboard remark...I appreciate your reply, as any answer is better
than none...Anyone else have an answer to the original question as to what
may have been the name of the offensive virus/Trojan?
Thanks for your time.
Willie

 

[WinGuy]

Hi, Willie
According to news I just saw today on Google, over 900 new compromisers were
discovered in May 2004 alone. There is little chance of knowing what item/s
were causing problems unless you had ran updated antivirus and things such
as the latest Adaware6 and Spybot S&D, but chances are very good that more
than one compromiser was involved. Norton was also in the Google news
section recently for some of its products having been themselves compromised
(as was the BlackIce firewall a month or two ago). I really prefer Grisoft's
AVG (and recommend it be purchased even though the freeware version is not
crippled when it comes to AV protection, and unlike Symantic products AVG
has no record that I know of concerning damage to OE stores). Besides AVG
and Spybot, I also recommend installation, update, and usage of ZoneAlarm or
ZoneAlarm Pro, SpywareBlaster, and SpywareGuard. I highly recommend that the
"resident" (causes their icons to be displayed on taskbar) function in
Spybot, similar to but not to exclude SpywareGuard, also be used to allow
you to intercept and to then allow or deny changes to registry and to IE
that could be the result of a compromiser activity.

 

[Willie]

"Winguy"
Thanks VERY much. I have been following this newsgroup for some time now,
and by doing so, I have seen that there are a VERY few people who choose to
lecture "Only", some who lecture & then answer the question, and MANY who
just respectfully & intelligently guide you through your problem. You fall
into the last group (That's a compliment)...I do wish to thank ALL others
who fall into the last 2 groups, for their time and effort in helping all
users...my hat is off to you.
Thanks again "Winguy".

Willie


"WinGuy" > wrote in message

 

[wayne]

It was probably running slow due to spyware or temp files being full.

In internet explorer you go to tools internet options advanced and check the
box towards the bottom to delete temp files when browser closed.

Also go to tools internet options in the middle is temporary file settings
make sure the every time is selected and make the cache less than 10 mb.

A slow computer is not hopeless. Spyware is amazing as to how much it will
slow systems down. I have some "common use computers" at work that have
over 100 users they clog up pretty quick but a quick scan with adaware and
deleting temp files a defrag and the system is back working fine!

Wayne

 

[Willie]

Thanks Wayne.
Willie

It was probably running slow due to spyware or temp files being full.

In internet explorer you go to tools internet options advanced and check the
box towards the bottom to delete temp files when browser closed.

Also go to tools internet options in the middle is temporary file settings
make sure the every time is selected and make the cache less than 10 mb.

A slow computer is not hopeless. Spyware is amazing as to how much it will
slow systems down. I have some "common use computers" at work that have
over 100 users they clog up pretty quick but a quick scan with adaware and
deleting temp files a defrag and the system is back working fine!

Wayne

 

[wayne]

No problem.


There are many people that are not sure what to do and many people just
don't know what to do, I have 550 plus users I support by myself at work.
We have a corporate help desk and like most it is pretty bad. I have
people who have heard about me contacting me for support in other countries!
Not that I am that good it is just that most support always takes the easy
way out and they are not willing to do some research. I had a guy at work
whose son had been to many "bad" places on the internet over 1000 infected
files with 20 different viruses. Keystroke loggers dialers and all the
usual in between. it took over 9 hours of scanning and cleaning but I got
the computer working back as good as new. The viruses were so tough I had
to put the drive in a different computer as a secondary drive so none of the
viruses had a chance to start before they were cleaned.

I just hate to see someone take the easy way out as you don't learn anything
and then if the problem happens again you do the same thing again!
Wayne

 

[Guest]

Hi (To Wom it May Concern),
I have a nasty little virus identified as W32.Netsky.P@mmlenc. My Norton
anti-virus has identified it but has been unable to quaretine or delete it.
Any suggestions would be appreciated. Thank you.
Neil

 

[Willie]

Hummm, how'd my post from a while back, get on yours? To answer your
question, have you tried a Google search for removal ideas? Try here...

http://securityresponse.symantec.com/avcenter/venc/data/[email protected]

Willie