Author: Eelco de Groot
Date: 04:53:40 03/23/00
Go up one level in this thread
On March 22, 2000 at 09:00:18, Peter Skinner wrote: >Well I have always foudn that Microsoft and McAfee are the two miost UNRELIABLE >sources when it comes to removing viruses. I know that McAfee has their virus >scanner, but come on we know it doesn't catch nearly half as much as Norton >Antivirus. > >I searched the internet, found the exe file you all got, and before it could >download 4 kbs of it, Norton alerted me, said it was infected and stopped the >download, and deleted the temporary internet file that was associated with it. > >As for your question of removing it. I have a great friend who works for >Symantec ( Norton ), and he says that the only sure way to get rid of this bug, >is simply to format the system, as it is not a memory resident, fdisking is not >needed. This virus not not do anything but try like the Mellisa virus, to spread >itself everywhere, and damage the current version or existing version of Windows >you have. There is 2 parts to the virus, the active state that a virus scanner >finds, and a dormant part that it sitting on your system, messing up all your >programs. This is the part you have to get rid of, but unfortunately, nothing >that is currently on your system can be saved. > >As there is a dormant part, it can simply attach itself to any file on your >system. Simply formating the hard drive(s), and re-installing windows is the >only sure way to get rid of this pesky little thing. I did not read ANYWHERE that any such drastic measures as you or your friend suggest are necessary. If you can point to any source then please do. At the moment everything seems to be working again here. Fingers crossed. I tried Norton's Fixppark.exe as I stated earlier to try to get rid of the worm. It said my system was not infected. Thank you very much. Now it is possible this tool simply didn't work anymore with an .exe extension and would have worked by renaming it to .com. But if this is so why didn't Peter Norton come up with this brilliant idea? Agreed McAfee did not recognize this D variant as a virus on my system. My last half-automated update was interrupted so maybe that is why it didn't recognize it. It's no excuse, but I already stated apologies. With the information on the McAfee page, the link I gave before, http://vil.nai.com/vil/vpe10175.asp, did I manage to get my programs working again, other pages including Norton's simply did not give this information. I tried Norton's utility to submit the worm properly canned in to their SARC. This took some doing, their tool repeatedly asked me not to send ten files at once. Please try again. Clever little virus. I did get an automated message back stating that it was in fact Pretty Park.exe and an update of Norton Antivirus would have been sufficient to repair the damage they say although their answer was a little ambiguous about repairable/non-repairable, the file FILES32.VXD, (it could have had another name, the McAfee page more precisely in my opinion does not state a specific name but suggests first identifying in the Registry what the files are called), had to be deleted as well. The advice does not mention that other steps in Registry and System have to be taken care of first. Possibly Norton Antivirus would have taken care of that part, I can't be sure. Deleting this file and only then using Norton Antivirus may still have been the wrong way around. Part of the Norton answer I got back: -------------------------------------------------------------------------------- filename: C:\WINDOWS\Desktop\FILES32.VXD machine: result: This file is infected with PrettyPark.Worm The current monthly definitions are capable of detecting and repairing this virus. Please update your definitions by clicking the "LiveUpdate" button in your NAV program. Developer notes: C:\WINDOWS\Desktop\FILES32.VXD is infected by a non-repairable virus or a Trojan Horse. You should delete this file and replace it if neccessary. -------------------------------------------------------------------------------- So the resident part of the virus as I understand from the link I gave above can be taken care of by following the outlined steps in the Registry and then using the Search function of Windows to find and delete the worm in Windows\System. No Formatting necessary as far as I could find out? Regards, Eelco
This page took 0 seconds to execute
Last modified: Thu, 15 Apr 21 08:11:13 -0700
Current Computer Chess Club Forums at Talkchess. This site by Sean Mintz.