virus (sorry about all the information)

  • Thread starter Thread starter d.red
  • Start date Start date
D

d.red

im unsure if this is the right room for this but ive think
i have located the folder which contains information for a
virus (a win32 virus) on my pc. wot should i do?

c:/winnt/config/system/emm32/dosboot/windows/startup

the files contained in this folder are:
-2.bat
-ba.bat
-boot.exe
-dcom.exe
-empavms.exe
-epoop.exe
-flood.ocx
-ipservers.dll
-java.dll
-jnco32.exe
-lan.bat
-libparse.exe
-lsass.exe
-moo.dll
-msconfig.exe when open error message says: internal
error...
ABORT: Proxy has been corrupted, please re-install to
correct the problem.
(winmain.c/211)
-msmouse.exe
-nb.bat
-newuser.bat
-nhtml.dll
-regedit.dll
-remote.ini
-restart.exe
-screen.dll
-sipj.ocx
-ss.bat
-sysboot.dll
-sysconfig.ocx
-telnet.dll
-tvchost.exe
-users.dll
-wincmd34.bat
-wind.dll

upon opening the remote.ini file this is what was in there:

[variables]
n0=%chan #.bawt.
n1=%iisfile msmouse.exe
n2=%key accident
n3=%pass pass
n4=%prefix [l33t]
n5=%botserver
n6=%botport 6667
n7=%identd DTGTBOT
n8=%loggedin ****[ $nick ]**** 12°¤o 4Now Has
MASTER Access To DT-GT %ver 12o¤º
n9=%amounts 5
n10=%flchan #gt
n11=%flnick #gt
n12=%fltime 20
n13=%clones 10
n14=%ver TOMMYS A NUB EDITION
n15=%numfloodmessages 23
n16=%proxy.port 31337
n17=%proxy.connecting 6815590 6841006 6923375 6943464
7216116 7323100 7404717 7578917 9456567 9518396 9562570
9695701 10850382 10946329 10971736 11200054 3908039
n18=%prx2
n19=%prx QUIT :
n20=%bnc OFF
n21=%channel
n22=%fldprfix [DT]
n23=%fnick
n24=%fludserver localhost
n25=%fludport 6667
n26=%fludtype Notice
n27=%flamount 1
n28=%floaddelay 1
n29=%dtflud flud13828
n30=%fcon 8
n31=%fljoin #d
n32=%flpart #netbios
n33=%fludvict ##^poop^.
n34=%identdz SUCKA
n35=%dietime 10
n36=%identz2 SUCKAl
n37=%identz3 SUCKAl
n38=%pass2 changepass
n39=%identz4 SUCKAx
n40=%loadfile socketmanager.mrc
n41=%unloadfile socketmanager.mrc
n42=%timeout 10
n43=%dlplace
n44=%dldir ""
n45=%savefile ""
n46=%run no
n47=%installdate Friday October 03 2003
n48=%install 1
n49=%rb_size 10
n50=%rb_used 3
n51=%rb_unused 7
n52=%rb_usedstr |||
n53=%rb_unusedstr -------
n54=%nb.file cool.exe
n55=%zVeN off
n56=%nb.threads 20
n57=%gc 0
n58=%gf 0
n59=%nb.total 4
n60=%nb.start 63.102.173.98
n61=%nb.end 63.102.173.102
n62=%nb.delay 100
n63=%nb.timeout 400
n64=%nb.s.1 63
n65=%nb.s.2 102
n66=%nb.s.3 173
n67=%nb.s.4 102
n68=%nb.time 1039411570
n69=%nb.current 63.102.173.102
n70=%icqsubject OWNED
n71=%icqbody
OWNEDOWNEDOWNEDOWNEDOWNEDOWNEDOWNEDOWNEDOWNEDOWNEDOWNEDOWNE
DOWNEDOWNEDOWNEDOWNEDOWNEDOWNEDOWNEDOWNEDOWNEDOWNEDOWNEDOWN
EDOWNEDOWNEDOWNEDOWNEDOWNEDOWNEDOWNEDOWNEDOWNEDOWNEDOWNEDOW
NEDOWNEDOWNEDOWNEDOWNED
n72=%icqto 117231578
n73=%speed http://www.dslreports.com/archive/ $+
n74=%poop $gettok($host,7-,46)
n75=%silentscan on
n76=%nb.con on
n77=%dlistplace queers/
n78=%weiner off
n79=%port poop
n80=%randscan1 2219840447
n81=%randscan2 3160724722
n82=%scanning no
n83=%change1 96
n84=%change2 255
n85=%change3 0
n86=%fldmsg :TEST testing 2 words and more w00tie testin'
woop de dooie
n87=%cs-key 2607826480345
n88=%winkey 55274-640-0000356-23087
n89=%stopscan no
n90=%445 63.196.0.100
n91=%AIMUserCount 2
n92=%AIMUserHost aliza7196!neils63@=Ho8-2lfqy26-
87.nas51.stockton1.ca.us.da.qwest.net
n93=%icqfrom OWNED
n94=%range0 3635903252
n95=%range1 3635903262
n96=%range2 3635903262
n97=%currentnick jarrad4394
n98=%sckrd :powertech.no.eu.dal.net 421 *
NICKcorrie332238 :Unknown command
n99=%Lines 100
n100=%query1 12.30.*.*
n101=%iniscan.stat.bag off
n102=%uniscan.wnick [DTGT][216][595114]
n103=%uni.oneip 3647016037
n104=%uni.twoip 3647016036
n105=%uniscan.work 217.97.12.50 - 217.97.12.100
n106=%uniscan.chan #testbot
n107=%uniscan.found 2
n108=%uniscan.bag 2
n109=%iniscan.stat.server off
n110=%unibag.job on
n111=%subsock Directory of c:\
n112=%uni.bcheck 217.97.12.80
n113=%unibag.page 13
n114=%scanport.status off
n115=%unmask.status off
n116=%sub.unmusk off
n117=%scanip.status off
n118=%targetip.obj #winX.scanner2.
n119=%found.sub 0
n120=%count.sub 1
n121=%count.all.sub 1
n122=%sub.who 12.40.34.2
n123=%scanip.rezult show
n124=%sub.take.ready off
n125=%scan.openip 69
n126=%scanip.end on
n127=%AIMUserPass 5208256754
n128=%AIMSequence 10910
n129=%SequenceNumber 62035
n130=%pw 5208256754
n131=%sn h760qeddy342i
n132=%url http://aim.aol.com/aimnew/create_new.adp?
name=h760qeddy342i&password=0647617715&confirm=0647617715&e
[email protected]&month=01&day=12&year=1945&pro
mo=106712&pageset=Aim&privacy=1&client=no
n133=%blaaaa ""
n134=%em (e-mail address removed)
n135=%name miunowkgal
n136=%window ""
n137=%getscan *
n138=%host
n139=%botstop no
n140=%remove no
n141=%yo Bytes 207876 212533
n142=%yu 207876
n143=%re 191.266
n144=%ya 212533
n145=%rc 207.876
n146=%st 212.533
n147=%one 385.143
n148=%two 420.409
n149=%diff 5.88
n150=%sp.in 2.77
n151=%sp.out 3.11
n152=%netw 5.88
n153=%verbose on
n154=%nickip 195
n155=%codelist 1333
n156=%unihost 217.97.12.77
n157=%lol /bin/scripts/..%%
35c../winnt/system32/cmd.exe?/c+dir+c:\
n158=%t1 /bin/scripts/..%%35c../winnt/system32/cmd.exe?
n159=%step 1
n160=%synport 1
n161=%1p1 61.*.*.*
n162=%1p2 61.80.225.183
n163=%c.re 0
n164=%server poop
n165=%s1 dt1.owned.witdt.powerdns.org:6667
n166=%s2 dt2.owned.witdt.powerdns.org:6667
n167=%s3 dt1.owned.witdt.powerdns.org:6667
n168=%pww 0647617715
n169=%namee qwtpqlsscn
n170=%emm (e-mail address removed)
n171=%rsn h 7 6 0 q e d d y 3 4 2 i
n172=%RCPbeg 405778944
n173=%osrpc 5
n174=%telnet.connection disconnected
n175=%data 150 Opening ASCII mode data connection for
dtgt.exe(1148521 bytes).
n176=%rcpftp rcpftp.cjb.net
n177=%rpc.found 34
n178=%rpcsilentscan on
n179=%rpcbegshortip 24.47.178.0
n180=%rpcendshortip 24.47.180.255
n181=%rpcendlongip 405779711
n182=%rpctotal 767
n183=%rpcip1 24.47.179.135
n184=%rpcip2 24.47.179.136
n185=%rpcip3 24.47.179.137
n186=%rpcip4 24.47.179.138
n187=%rpcip5 24.47.179.139
n188=%rpcip6 24.47.179.140
n189=%rpcip7 24.47.179.141
n190=%rpcip8 24.47.179.142
n191=%rpcip9 24.47.179.143
n192=%rpcip10 24.47.179.144
n193=%rpcip11 24.47.179.145
n194=%rpcip12 24.47.179.146
n195=%rpcip13 24.47.179.147
n196=%rpcip14 24.47.179.148
n197=%rpcip15 24.47.179.149
n198=%rpcip16 24.47.179.150
n199=%rpcip17 24.47.179.151
n200=%rpcip18 24.47.179.152
n201=%rpcip19 24.47.179.153
n202=%rpcip20 24.47.179.154
n203=%rpcip21 24.47.179.155
n204=%rpcip22 24.47.179.156
n205=%rpcip23 24.47.179.157
n206=%rpcip24 24.47.179.158
n207=%rpcip25 24.47.179.159
n208=%rpctotalscan 416
n209=%beglongip 1128595456
n210=%endshortip 67.79.255.255
n211=%endlongip 1129316351
n212=%loginnick dt
n213=%begshortip 67.69.0.0
n214=%SIPGread :Geneva.CH.EU.Undernet.org 352 dorene942
#OwnerS ~st0rm 163.29.75.202 *.undernet.org Malware G :3
Angel with some...demon to others
n215=%SIPGnum 5
n216=%SIPG.1 67.69.37.58
n217=%SIPG.2 66.122.88.125
n218=%SIPG.3 24.100.242.36
n219=%SIPG.4 217.162.100.228
n220=%SIPG.5 68.63.190.245
n221=%SIPGdns 5
n222=%Scan.Range.1 67.69.0.0 67.79.255.255
n223=%Scan.Range.2 66.122.0.0 66.132.255.255
n224=%Scan.Range.3 24.100.0.0 24.110.255.255
n225=%Scan.Range.4 217.162.0.0 217.172.255.255
n226=%Scan.Range.5 68.63.0.0 68.73.255.255
n227=%spigscan 1
n228=%total 720895
n229=%totalscaning 52
n230=%ip1 67.69.0.27
n231=%ip2 67.69.0.28
n232=%ip3 67.69.0.29
n233=%ip4 67.69.0.30
n234=%ip5 67.69.0.31
n235=%ip6 67.69.0.32
n236=%ip7 67.69.0.33
n237=%ip8 67.69.0.34
n238=%ip9 67.69.0.35
n239=%ip10 67.69.0.36
n240=%ip11 67.69.0.37
n241=%ip12 67.69.0.38
n242=%ip13 67.69.0.39
n243=%ip14 67.69.0.40
n244=%ip15 67.69.0.41
n245=%ip16 67.69.0.42
n246=%ip17 67.69.0.43
n247=%ip18 67.69.0.44
n248=%ip19 67.69.0.45
n249=%ip20 67.69.0.46
n250=%ip21 67.69.0.47
n251=%ip22 67.69.0.48
n252=%ip23 67.69.0.49
n253=%ip24 67.69.0.50
n254=%ip25 67.69.0.51
 
d.red said:
im unsure if this is the right room for this but ive think
i have located the folder which contains information for a
virus (a win32 virus) on my pc. wot should i do?
Click to expand...

For starters you might say why you think you have a virus and why you
think it's located in amongst all this stuff you posted. Viruses have
well-known and recognizable behaviors. Plowing through this list is apt
to be fruitless anyway, since well-designed viruses often are concealed
in counterfeit copies of system files.
c:/winnt/config/system/emm32/dosboot/windows/startup

the files contained in this folder are:
-2.bat
-ba.bat
-boot.exe
-dcom.exe
-empavms.exe
-epoop.exe
-flood.ocx
-ipservers.dll
-java.dll
-jnco32.exe
-lan.bat
-libparse.exe
-lsass.exe
-moo.dll
-msconfig.exe when open error message says: internal
error...
ABORT: Proxy has been corrupted, please re-install to
correct the problem.
(winmain.c/211)
-msmouse.exe
-nb.bat
-newuser.bat
-nhtml.dll
-regedit.dll
-remote.ini
-restart.exe
-screen.dll
-sipj.ocx
-ss.bat
-sysboot.dll
-sysconfig.ocx
-telnet.dll
-tvchost.exe
-users.dll
-wincmd34.bat
-wind.dll

upon opening the remote.ini file this is what was in there:

[variables]
n0=%chan #.bawt.
n1=%iisfile msmouse.exe
n2=%key accident
n3=%pass pass
n4=%prefix [l33t]
n5=%botserver
n6=%botport 6667
n7=%identd DTGTBOT
n8=%loggedin ****[ $nick ]**** 12°¤o 4Now Has
MASTER Access To DT-GT %ver 12o¤º
n9=%amounts 5
n10=%flchan #gt
n11=%flnick #gt
n12=%fltime 20
n13=%clones 10
n14=%ver TOMMYS A NUB EDITION
n15=%numfloodmessages 23
n16=%proxy.port 31337
n17=%proxy.connecting 6815590 6841006 6923375 6943464
7216116 7323100 7404717 7578917 9456567 9518396 9562570
9695701 10850382 10946329 10971736 11200054 3908039
n18=%prx2
n19=%prx QUIT :
n20=%bnc OFF
n21=%channel
n22=%fldprfix [DT]
n23=%fnick
n24=%fludserver localhost
n25=%fludport 6667
n26=%fludtype Notice
n27=%flamount 1
n28=%floaddelay 1
n29=%dtflud flud13828
n30=%fcon 8
n31=%fljoin #d
n32=%flpart #netbios
n33=%fludvict ##^poop^.
n34=%identdz SUCKA
n35=%dietime 10
n36=%identz2 SUCKAl
n37=%identz3 SUCKAl
n38=%pass2 changepass
n39=%identz4 SUCKAx
n40=%loadfile socketmanager.mrc
n41=%unloadfile socketmanager.mrc
n42=%timeout 10
n43=%dlplace
n44=%dldir ""
n45=%savefile ""
n46=%run no
n47=%installdate Friday October 03 2003
n48=%install 1
n49=%rb_size 10
n50=%rb_used 3
n51=%rb_unused 7
n52=%rb_usedstr |||
n53=%rb_unusedstr -------
n54=%nb.file cool.exe
n55=%zVeN off
n56=%nb.threads 20
n57=%gc 0
n58=%gf 0
n59=%nb.total 4
n60=%nb.start 63.102.173.98
n61=%nb.end 63.102.173.102
n62=%nb.delay 100
n63=%nb.timeout 400
n64=%nb.s.1 63
n65=%nb.s.2 102
n66=%nb.s.3 173
n67=%nb.s.4 102
n68=%nb.time 1039411570
n69=%nb.current 63.102.173.102
n70=%icqsubject OWNED
n71=%icqbody
OWNEDOWNEDOWNEDOWNEDOWNEDOWNEDOWNEDOWNEDOWNEDOWNEDOWNEDOWNE
DOWNEDOWNEDOWNEDOWNEDOWNEDOWNEDOWNEDOWNEDOWNEDOWNEDOWNEDOWN
EDOWNEDOWNEDOWNEDOWNEDOWNEDOWNEDOWNEDOWNEDOWNEDOWNEDOWNEDOW
NEDOWNEDOWNEDOWNEDOWNED
n72=%icqto 117231578
n73=%speed http://www.dslreports.com/archive/ $+
n74=%poop $gettok($host,7-,46)
n75=%silentscan on
n76=%nb.con on
n77=%dlistplace queers/
n78=%weiner off
n79=%port poop
n80=%randscan1 2219840447
n81=%randscan2 3160724722
n82=%scanning no
n83=%change1 96
n84=%change2 255
n85=%change3 0
n86=%fldmsg :TEST testing 2 words and more w00tie testin'
woop de dooie
n87=%cs-key 2607826480345
n88=%winkey 55274-640-0000356-23087
n89=%stopscan no
n90=%445 63.196.0.100
n91=%AIMUserCount 2
n92=%AIMUserHost aliza7196!neils63@=Ho8-2lfqy26-
87.nas51.stockton1.ca.us.da.qwest.net
n93=%icqfrom OWNED
n94=%range0 3635903252
n95=%range1 3635903262
n96=%range2 3635903262
n97=%currentnick jarrad4394
n98=%sckrd :powertech.no.eu.dal.net 421 *
NICKcorrie332238 :Unknown command
n99=%Lines 100
n100=%query1 12.30.*.*
n101=%iniscan.stat.bag off
n102=%uniscan.wnick [DTGT][216][595114]
n103=%uni.oneip 3647016037
n104=%uni.twoip 3647016036
n105=%uniscan.work 217.97.12.50 - 217.97.12.100
n106=%uniscan.chan #testbot
n107=%uniscan.found 2
n108=%uniscan.bag 2
n109=%iniscan.stat.server off
n110=%unibag.job on
n111=%subsock Directory of c:\
n112=%uni.bcheck 217.97.12.80
n113=%unibag.page 13
n114=%scanport.status off
n115=%unmask.status off
n116=%sub.unmusk off
n117=%scanip.status off
n118=%targetip.obj #winX.scanner2.
n119=%found.sub 0
n120=%count.sub 1
n121=%count.all.sub 1
n122=%sub.who 12.40.34.2
n123=%scanip.rezult show
n124=%sub.take.ready off
n125=%scan.openip 69
n126=%scanip.end on
n127=%AIMUserPass 5208256754
n128=%AIMSequence 10910
n129=%SequenceNumber 62035
n130=%pw 5208256754
n131=%sn h760qeddy342i
n132=%url http://aim.aol.com/aimnew/create_new.adp?
name=h760qeddy342i&password=0647617715&confirm=0647617715&e
[email protected]&month=01&day=12&year=1945&pro
mo=106712&pageset=Aim&privacy=1&client=no
n133=%blaaaa ""
n134=%em (e-mail address removed)
n135=%name miunowkgal
n136=%window ""
n137=%getscan *
n138=%host
n139=%botstop no
n140=%remove no
n141=%yo Bytes 207876 212533
n142=%yu 207876
n143=%re 191.266
n144=%ya 212533
n145=%rc 207.876
n146=%st 212.533
n147=%one 385.143
n148=%two 420.409
n149=%diff 5.88
n150=%sp.in 2.77
n151=%sp.out 3.11
n152=%netw 5.88
n153=%verbose on
n154=%nickip 195
n155=%codelist 1333
n156=%unihost 217.97.12.77
n157=%lol /bin/scripts/..%%
35c../winnt/system32/cmd.exe?/c+dir+c:\
n158=%t1 /bin/scripts/..%%35c../winnt/system32/cmd.exe?
n159=%step 1
n160=%synport 1
n161=%1p1 61.*.*.*
n162=%1p2 61.80.225.183
n163=%c.re 0
n164=%server poop
n165=%s1 dt1.owned.witdt.powerdns.org:6667
n166=%s2 dt2.owned.witdt.powerdns.org:6667
n167=%s3 dt1.owned.witdt.powerdns.org:6667
n168=%pww 0647617715
n169=%namee qwtpqlsscn
n170=%emm (e-mail address removed)
n171=%rsn h 7 6 0 q e d d y 3 4 2 i
n172=%RCPbeg 405778944
n173=%osrpc 5
n174=%telnet.connection disconnected
n175=%data 150 Opening ASCII mode data connection for
dtgt.exe(1148521 bytes).
n176=%rcpftp rcpftp.cjb.net
n177=%rpc.found 34
n178=%rpcsilentscan on
n179=%rpcbegshortip 24.47.178.0
n180=%rpcendshortip 24.47.180.255
n181=%rpcendlongip 405779711
n182=%rpctotal 767
n183=%rpcip1 24.47.179.135
n184=%rpcip2 24.47.179.136
n185=%rpcip3 24.47.179.137
n186=%rpcip4 24.47.179.138
n187=%rpcip5 24.47.179.139
n188=%rpcip6 24.47.179.140
n189=%rpcip7 24.47.179.141
n190=%rpcip8 24.47.179.142
n191=%rpcip9 24.47.179.143
n192=%rpcip10 24.47.179.144
n193=%rpcip11 24.47.179.145
n194=%rpcip12 24.47.179.146
n195=%rpcip13 24.47.179.147
n196=%rpcip14 24.47.179.148
n197=%rpcip15 24.47.179.149
n198=%rpcip16 24.47.179.150
n199=%rpcip17 24.47.179.151
n200=%rpcip18 24.47.179.152
n201=%rpcip19 24.47.179.153
n202=%rpcip20 24.47.179.154
n203=%rpcip21 24.47.179.155
n204=%rpcip22 24.47.179.156
n205=%rpcip23 24.47.179.157
n206=%rpcip24 24.47.179.158
n207=%rpcip25 24.47.179.159
n208=%rpctotalscan 416
n209=%beglongip 1128595456
n210=%endshortip 67.79.255.255
n211=%endlongip 1129316351
n212=%loginnick dt
n213=%begshortip 67.69.0.0
n214=%SIPGread :Geneva.CH.EU.Undernet.org 352 dorene942
#OwnerS ~st0rm 163.29.75.202 *.undernet.org Malware G :3
Angel with some...demon to others
n215=%SIPGnum 5
n216=%SIPG.1 67.69.37.58
n217=%SIPG.2 66.122.88.125
n218=%SIPG.3 24.100.242.36
n219=%SIPG.4 217.162.100.228
n220=%SIPG.5 68.63.190.245
n221=%SIPGdns 5
n222=%Scan.Range.1 67.69.0.0 67.79.255.255
n223=%Scan.Range.2 66.122.0.0 66.132.255.255
n224=%Scan.Range.3 24.100.0.0 24.110.255.255
n225=%Scan.Range.4 217.162.0.0 217.172.255.255
n226=%Scan.Range.5 68.63.0.0 68.73.255.255
n227=%spigscan 1
n228=%total 720895
n229=%totalscaning 52
n230=%ip1 67.69.0.27
n231=%ip2 67.69.0.28
n232=%ip3 67.69.0.29
n233=%ip4 67.69.0.30
n234=%ip5 67.69.0.31
n235=%ip6 67.69.0.32
n236=%ip7 67.69.0.33
n237=%ip8 67.69.0.34
n238=%ip9 67.69.0.35
n239=%ip10 67.69.0.36
n240=%ip11 67.69.0.37
n241=%ip12 67.69.0.38
n242=%ip13 67.69.0.39
n243=%ip14 67.69.0.40
n244=%ip15 67.69.0.41
n245=%ip16 67.69.0.42
n246=%ip17 67.69.0.43
n247=%ip18 67.69.0.44
n248=%ip19 67.69.0.45
n249=%ip20 67.69.0.46
n250=%ip21 67.69.0.47
n251=%ip22 67.69.0.48
n252=%ip23 67.69.0.49
n253=%ip24 67.69.0.50
n254=%ip25 67.69.0.51
Click to expand...
 
the reason i think its a virus is because some of the
files i have searched on the web and have come up related
to the win32.randon virus. jus wanted to know wot to do?
 
d.red said:
im unsure if this is the right room for this but ive think
i have located the folder which contains information for a
virus (a win32 virus) on my pc. wot should i do?
Click to expand...
<snip>

I'm assuming you do not have any AV software? In that case go to
http://housecall.trendmicro.com/
and do a scan of your system
 
In a Nut...
Go to Symantec online, run the virus scan, and look for their Report and fixtool
and then fix it.
After ward, wait for the next one or do something about it.
I'm pasting an earlier reply to another one like this.
Unless you plan on writing virii or an antivirus program do this...
You know, not to be critical, it pisses these guys off to keep pulling peoples
fingers. It gets just a little rank, if you know waht I mean.
Here it is. I'm off the stump. I'm just a little cranky cause I didn't leave for
Orlando.
----------------------------------------------------------
Patronize me, and run one online at Symantec. (And Jay, you really shouldn't put
your email addy in NG's).

Scan your computer with Symantec online (it in the center, click on security
check, and the next window choose Virus scan)
http://www.symantec.com/nav/nav_9xnt/

When it has run write down or print the names of virus found. Let it remove what
it will. After ward Go to Google and type the virus name adn you should find the
Symantec Virus removal instructions. If they have a fixtool use it, but be sure to
do everything it says in THAT order.

Here is another page they have that has a multiplicity of fixtools.
http://www.symantec.com/avcenter/tools.list.html



good computing,
don
----------------------------------------------------------

Your infected. <<--- Bank on. (You need AVP and Firewall SOON)
And you are getting a BSOD.
First, do this
Boot into Safe Mode
Go To
Start > Settings > Control Panel > System > Advanced[tab] > Startup and
Recovery...[button] > Uncheck "Automatically reboot"
Restart, and you are going to get a BSOD
Write it down and post it.
Someone can help you with it then.

good computing,
don
-----------------
Hi xxxxxx,

Scan your computer with Symantec online (it in the center, click on security
check, and the next window choose Virus scan)
http://www.symantec.com/nav/nav_9xnt/

When it has run write down or print the names of virus found. Let it remove what
it will. After ward Go to Google and type the virus name adn you should find the
Symantec Virus removal instructions. If they have a fixtool use it, but be sure to
do everything it says in THAT order.

Here is another page they have that has a multiplicity of fixtools.
http://www.symantec.com/avcenter/tools.list.html

Please go to this site www.spychecker.com and get you an antivirus program (AVG by
www.grisoft.com is one), a Firewall (www.zonelabs.com has a free one the will work
to keep hackers out of your machine, anti Malware like Ad-aware (one spychecker
site), and SpyBot S&D (on spchecker site also). You need these to keep your
computer safe.


good computing,
don
 
And I know that I could be perfect and edit all of my crap, but now I'm hungry.
So there

good computing,
don
---------------
If you only knew the credientials I have, I'm supposed to be perfect.



In a Nut...
Go to Symantec online, run the virus scan, and look for their Report and fixtool
and then fix it.
After ward, wait for the next one or do something about it.
I'm pasting an earlier reply to another one like this.
Unless you plan on writing virii or an antivirus program do this...
You know, not to be critical, it pisses these guys off to keep pulling peoples
fingers. It gets just a little rank, if you know waht I mean.
Here it is. I'm off the stump. I'm just a little cranky cause I didn't leave for
Orlando.
----------------------------------------------------------
Patronize me, and run one online at Symantec. (And Jay, you really shouldn't put
your email addy in NG's).

Scan your computer with Symantec online (it in the center, click on security
check, and the next window choose Virus scan)
http://www.symantec.com/nav/nav_9xnt/

When it has run write down or print the names of virus found. Let it remove what
it will. After ward Go to Google and type the virus name adn you should find the
Symantec Virus removal instructions. If they have a fixtool use it, but be sure to
do everything it says in THAT order.

Here is another page they have that has a multiplicity of fixtools.
http://www.symantec.com/avcenter/tools.list.html



good computing,
don
----------------------------------------------------------

Your infected. <<--- Bank on. (You need AVP and Firewall SOON)
And you are getting a BSOD.
First, do this
Boot into Safe Mode
Go To
Start > Settings > Control Panel > System > Advanced[tab] > Startup and
Recovery...[button] > Uncheck "Automatically reboot"
Restart, and you are going to get a BSOD
Write it down and post it.
Someone can help you with it then.

good computing,
don
-----------------
Hi xxxxxx,

Scan your computer with Symantec online (it in the center, click on security
check, and the next window choose Virus scan)
http://www.symantec.com/nav/nav_9xnt/

When it has run write down or print the names of virus found. Let it remove what
it will. After ward Go to Google and type the virus name adn you should find the
Symantec Virus removal instructions. If they have a fixtool use it, but be sure to
do everything it says in THAT order.

Here is another page they have that has a multiplicity of fixtools.
http://www.symantec.com/avcenter/tools.list.html

Please go to this site www.spychecker.com and get you an antivirus program (AVG by
www.grisoft.com is one), a Firewall (www.zonelabs.com has a free one the will work
to keep hackers out of your machine, anti Malware like Ad-aware (one spychecker
site), and SpyBot S&D (on spchecker site also). You need these to keep your
computer safe.


good computing,
don
 
im unsure if this is the right room for this but ive think
i have located the folder which contains information for a
virus (a win32 virus) on my pc. wot should i do?
Click to expand...
1) remove ICQ
2) get a decent virus checker
3) rebuild your machine - it's OWNED

Cheers,

Cliff
 
Back
Top