virus problem

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

Having problem with a virus than seems to run on startup and is contained i
think in system restore? Usually i am ok getting rid of any viruses but this
one has got me stumped. I have removed the registry entry and all folders
but every time i restart it comes back. Cmd line is C:\127021.exe. I don't
know much about DOS and when i type this ono the c prompt access is denied.
Ad-Aware picks this up seems to fix it but always back after restart. I run
sophos anti-virus but IDE files have not been updated for some time as no
longer in contact with person who installed. Every hour os so sophos prompts
me to this virus but cannot delete it.

Can anyone advise how to remove this or direct me to instructions on how to
locate and delete.

Any response will be appreciated...
 
craig said:
Having problem with a virus than seems to run on startup and is
contained i think in system restore? Usually i am ok getting rid of
any viruses but this
one has got me stumped. I have removed the registry entry and all
folders
but every time i restart it comes back. Cmd line is C:\127021.exe. I
don't know much about DOS and when i type this ono the c prompt access
is denied.
Ad-Aware picks this up seems to fix it but always back after restart.
I run sophos anti-virus but IDE files have not been updated for some
time as no
longer in contact with person who installed. Every hour os so sophos
prompts me to this virus but cannot delete it.

Can anyone advise how to remove this or direct me to instructions on
how to locate and delete.

Any response will be appreciated...
Click to expand...

I'm not sure what you mean by saying your Sophos av files haven't been
updated "as no longer in contact with person who installed". Having
outdated virus definitions is almost worse than having no av installed
at all. If you are unable to update Sophos, uninstall it and get a
full-featured av immediately. If the virus is running on startup, it is
*not* contained only in System Restore points. The virus files in the
System Restore points aren't active; something else on your hard drive
is.

Delete all Temporary and Temporary Internet Files. Then scan in Safe
Mode with TrendMicro's Sysclean:

TrendMicro's Sysclean is an extensive antivirus tool which has the
advantage of not needing to be installed. It requires two parts - the
scanning engine and the virus pattern files.

1. Create a new folder on your Desktop or the C: drive named something
useful like "Sysclean".
2. Go here and download the two parts of the program to that folder:

http://www.trendmicro.com/download/dcs.asp - Sysclean
http://www.trendmicro.com/download/pattern.asp - virus pattern files

The pattern files will be zipped - extract them with your unzipper (like
WinZip) or if you have XP, you can just open the folder. You need to
put the extracted files in the Sysclean folder you made.

3. Restart your computer in Safe Mode. Get into Safe Mode by repeatedly
tapping the F8 key as the computer is starting up to get to the proper
menu.
4. Go to the Sysclean folder you made and double-click on sysclean.com.
Start the scan. After the scan is finished, look at the log. You may
need to make a note of where any viruses were found if they were not
able to be removed so you can manually delete them.

After you've scanned with Sysclean, get and install the full-featured av
(uninstall Sophos first), update it, and do a thorough scan in Safe
Mode. After you've done your virus scanning, remove non-viral malware
with Ad-aware and Spybot Search & Destroy. Make sure you update those
programs before you run them, and do your scans in Safe Mode.

After you know your computer is 100% clean, you can make a new System
Restore point and then delete all the previous ones by using Disk
Cleanup's More Options feature.

Malke
 
Malke,

Many thanks for your reply, i'll give this a go over the next few days...

for info, i had alot of problems with this pc (was second hand) and had to
take the hard-drive to an 'expert' who completely wiped the memory and
rebuilt. He was the one who gave me sophos (think he paid them an amount
each year or something) and used to send me an update disc every 3 months.
Have taken note of your comments! and will get a full featured av asap..

Kind regards
 
craig said:
Malke,

Many thanks for your reply, i'll give this a go over the next few
days...

for info, i had alot of problems with this pc (was second hand) and
had to take the hard-drive to an 'expert' who completely wiped the
memory and
rebuilt. He was the one who gave me sophos (think he paid them an
amount each year or something) and used to send me an update disc
every 3 months. Have taken note of your comments! and will get a full
featured av asap..
Click to expand...

Thanks for the clarification, Craig. Absolutely you need to get your own
av. Updating every 3 months is dreadful. I have my F-Prot set to update
twice a day on my Windows boxen. Let me know if you need more help.

Malke
 
You may want to try downloading Symantec's Norton Anti-Virus which has a 15
day free trial. It will scan your computer after updating the virus
definitions and in the mean time (15 days) you can get this virus off your
computer. After that perhaps you may want to look into an anti-virus
software that auto updates itself.
 
Malke,

Those downloads have done the trick, virus now removed...however have
another small problem!

Yesterday a spyware program appeared as my background. When clicking it
just took me to a search engine offering all sort of free anti spyware. I
have ad-aware, spybot and microsoft anti-spyware installed so ran those and
thought problem removed.

When i logged back in my background is now just a white screen which i
cannot change. Properties show this as a HTML document with address;
file//C:\WINDOWS\web\desktop.html

When i go to this location there is nothing to delete or remove that matches
this.

The trend Micro sysclean package didn't fix this either.

Any ideas?
 
craig said:
Malke,

Those downloads have done the trick, virus now removed...however have
another small problem!

Yesterday a spyware program appeared as my background. When clicking
it
just took me to a search engine offering all sort of free anti
spyware. I have ad-aware, spybot and microsoft anti-spyware installed
so ran those and thought problem removed.

When i logged back in my background is now just a white screen which i
cannot change. Properties show this as a HTML document with address;
file//C:\WINDOWS\web\desktop.html

When i go to this location there is nothing to delete or remove that
matches this.
Click to expand...
Here's how to get rid of the desktop warning being displayed by malware.
Go to the Display applet in Control Panel and look on the Desktop tab.
Click on Customize Desktop, and then click on the Web tab. You will see
that there are checkmarks next to "My Current Home Page" and probably
"Lock Desktop Items". Uncheck these. By highlighting the "My Current
Home Page" and clicking on the Properties button, you will be able to
determine the name of the file that is the message. It might be called
something like "security.html" or the like.

Of course you want to click Apply and OK out when you've made your
changes. Then you want to find the *.html malware file and delete it.

Malke
 
Malke,

Thanks again for the reply.

When i click on the web tab all that shows in web pages is security. 'My
current home page' doesn't exist and 'lock desktop items' is unchecked.

I think i have already got rid of the malware but for some reason my
background is now just a white screen.

Any other suggestions please!
 
craig said:
Malke,

Thanks again for the reply.

When i click on the web tab all that shows in web pages is security.
'My current home page' doesn't exist and 'lock desktop items' is
unchecked.

I think i have already got rid of the malware but for some reason my
background is now just a white screen.
Click to expand...
The security.html file is the one you need to uncheck and then find the
file and delete it. Once you have disabled using the web as your
desktop, try applying one of the Windows backgrounds.

Malke
 
craig said:
Malke, you are a genius!

Thanks very much for your help, much appreciated...
Click to expand...
Thanks for the nice words. I'm glad you've got it all sorted. Thanks for
taking the time to let me know.

Malke
 
Back
Top