Author: Eelco de Groot
Date: 17:20:33 11/27/01
Go up one level in this thread
On November 27, 2001 at 19:22:35, Terry McCracken wrote: >This nasty worm/trojan has been working it's way all through CCC, you may be >infected! > >You will think you didn't send me an e-mail, but this virus if on your system >will read e-mail addresses from the web pages you visit, then mass mail it to >those e-mail addresses. > >Please check your computer immediately for viruses, you may need to update your >virus protection, if you don't have protection, get it quickly! This is a Class >4 Virus, Severe! > >The virus is called W32.Badtrans@mm, I'll give you a link to Symantec, they can >deal easily with this bug! > >http://www.symantec.com/avcenter/ > >http://www.symantec.com/avcenter/venc/data/w32.badtrans.b@mm.html > > > >Regards, > Terry McCracken Hi Terry, Thanks, yes I know something went wrong, I just spent about an hour trying to manually remove the thing twice from the Windows Registry with the help from McAfee... Sorry everybody, probably a lot of e-mail got sent before I switched off the modem. I could not even turn it off with the mouse it seemed as it was sending. I knew there was a new virus around but didn't know that deleting or selecting it activates the worm KERNEL32.EXE This can be easily found with Windows search function but only removed in Safe Mode. As per instructions. Now I still have a problem what to do with new infected e-mails I'm getting? Just clicking on them in Outlook Express will mean I have to dive into Safe modus again, I know, I just had to do that when I thought I had to look up the names attached to the mails I got and activated one again... Idiot *&%$# I am.. Still Martin Giepmans it was and Thor Johansen I believe. Oh well this time I knew where to look in \System... But without the latest virusscanner, does anybody know a way to disable also the e-mails? I could do it in DOS mode perhaps but that is such a long route to it. This is where I got the manual clean-up instructions: http://vil.mcafee.com/dispVirus.asp?virus_k=99069& Removal Instructions: All Windows Users: Use current engine and DAT files for detection and removal. GUI products must be configured to scan COMPRESSED FILES. Install the Microsoft Security Bulletin (MS01-020) patch EXTRA.DAT files: The following Extra.DAT and Super Extra.AT files are also available: EXTRA.DAT SUPER EXTRA.DAT Manual Removal Instructions Restart Windows in Safe Mode (reboot your computer, as soon as you see the text Starting Windows at the botton of the screen, hit the F5 key). Click START | RUN, type %WINDIR%\SYSTEM and hit ENTER Delete the following files (if they exist): KERN32.EXE KERNEL32.EXE KDLL.DLL HKSDLL.DLL Click START | RUN, type REGEDIT and hit ENTER Click the (+) next to HKEY_LOCAL_MACHINE Click the (+) next to SOFTWARE Click the (+) next to MICROSOFT Click the (+) next to WINDOWS Click the (+) next to CURRENTVERSION Click the (+) next to RUNONCE Click on KERNEL32 and hit DELETE on the keyboard Restart the computer Additional Windows ME Info: NOTE: Windows ME utilizes a backup utility that backs up selected files automatically to the C:\_Restore folder. This means that an infected file could be stored there as a backup file, and VirusScan will be unable to delete these files. These instructions explain how to remove the infected files from the C:\_Restore folder. Disabling the Restore Utility 1. Right click the My Computer icon on the Desktop. 2. Click on the Performance Tab. 3. Click on the File System button. 4. Click on the Troubleshooting Tab. 5. Put a check mark next to "Disable System Restore". 6. Click the Apply button. 7. Click the Close button. 8. Click the Close button again. 9. You will be prompted to restart the computer. Click Yes. NOTE: The Restore Utility will now be disabled. 10. Restart the computer in Safe Mode. 11. Run a scan with VirusScan to delete all infected files, or browse the the file's located in the C:\_Restore folder and remove the file's. 12. After removing the desired files, restart the computer normally. NOTE: To re-enable the Restore Utility, follow steps 1-9 and on step 5 remove the check mark next to "Disable System Restore". The infected file's are removed and the System Restore is once again active. ------------------------------------------------------ Sorry again! Eelco
This page took 0 seconds to execute
Last modified: Thu, 15 Apr 21 08:11:13 -0700
Current Computer Chess Club Forums at Talkchess. This site by Sean Mintz.