Author: Jeroen Noomen
Date: 10:30:10 11/28/01
Go up one level in this thread
On November 27, 2001 at 20:20:33, Eelco de Groot wrote: Hi Eelco, I used the removal instruction you have given below. I found 2 KERNEL32.EXE files, one in Windows\System and one in HKEY_LOCAL_MACHINE (etc). Is removing those 2 files enough to get rid of the whole worm? In other manuals it was stated that you should remove files containing 'BadTrans.B@mm' (or something like that) as well. But my virusprogram could not find such files. I would be happy if you inform me by email if it is safe to use my PC again! Email: jnoomen@uni-one.nl Thanks in advance! Jeroen >Manual Removal Instructions > > >Restart Windows in Safe Mode (reboot your computer, as soon as you see the text >Starting Windows at the botton of the screen, hit the F5 key). >Click START | RUN, type %WINDIR%\SYSTEM and hit ENTER >Delete the following files (if they exist): > >KERN32.EXE >KERNEL32.EXE >KDLL.DLL >HKSDLL.DLL > >Click START | RUN, type REGEDIT and hit ENTER > >Click the (+) next to HKEY_LOCAL_MACHINE > >Click the (+) next to SOFTWARE > >Click the (+) next to MICROSOFT > >Click the (+) next to WINDOWS > >Click the (+) next to CURRENTVERSION > >Click the (+) next to RUNONCE > >Click on KERNEL32 and hit DELETE on the keyboard > >Restart the computer >Additional Windows ME Info: >NOTE: Windows ME utilizes a backup utility that backs up selected files >automatically to the C:\_Restore folder. This means that an infected file could >be stored there as a backup file, and VirusScan will be unable to delete these >files. These instructions explain how to remove the infected files from the >C:\_Restore folder. > >Disabling the Restore Utility > >1. Right click the My Computer icon on the Desktop. >2. Click on the Performance Tab. >3. Click on the File System button. >4. Click on the Troubleshooting Tab. >5. Put a check mark next to "Disable System Restore". >6. Click the Apply button. >7. Click the Close button. >8. Click the Close button again. >9. You will be prompted to restart the computer. Click Yes. >NOTE: The Restore Utility will now be disabled. >10. Restart the computer in Safe Mode. >11. Run a scan with VirusScan to delete all infected files, or browse the the >file's located in the C:\_Restore folder and remove the file's. >12. After removing the desired files, restart the computer normally. >NOTE: To re-enable the Restore Utility, follow steps 1-9 and on step 5 remove >the check mark next to "Disable System Restore". The infected file's are removed >and the System Restore is once again active. > > > >------------------------------------------------------ > >Sorry again! >Eelco
This page took 0 seconds to execute
Last modified: Thu, 15 Apr 21 08:11:13 -0700
Current Computer Chess Club Forums at Talkchess. This site by Sean Mintz.