Author: Eelco de Groot
Date: 23:57:22 11/28/01
Go up one level in this thread
On November 28, 2001 at 13:30:10, Jeroen Noomen wrote: >On November 27, 2001 at 20:20:33, Eelco de Groot wrote: > >Hi Eelco, > >I used the removal instruction you have given below. >I found 2 KERNEL32.EXE files, one in Windows\System >and one in HKEY_LOCAL_MACHINE (etc). > >Is removing those 2 files enough to get rid of the >whole worm? In other manuals it was stated that you >should remove files containing 'BadTrans.B@mm' (or >something like that) as well. But my virusprogram >could not find such files. > >I would be happy if you inform me by email if it is >safe to use my PC again! Email: jnoomen@uni-one.nl >Thanks in advance! > >Jeroen > > Hi Jeroen, Is it alright if I reply to you here for the moment? At least here the messages don't automatically take over total control of your computer, at least I hope they don't! But I think you should be fine especially if you get an up to date virusscanner working again. As long as you don't see any of those listed files KERN32.EXE KERNEL32.EXE KDLL.DLL HKSDLL.DLL and no new .exe files when checking for those with the Windows search function at least this worm should not be present. What was a little confusing in the Symantec pages was that when they say to "2. Run the scan again, and delete any files detected as W32.Badtrans.B@mm" they mean detect it with their virusscanner, not the search function. So what I do now is check for new *.exe and *.vir files regularly as a general precaution and make sure the modem isn't going tilt, but by then it would be too late of course. I think I might run the patch for Outlook express too to stop auto-executing files but if it is the same patch as they produced for other viruses, I thought that one also blocked any attachments with an .exe file, even if it is a requested piece of programcode. That would be a serious disadvantage to your e-mail possibilities I think, I just needed some programs by e-mail the other day too. So I'm not sure about the Microsoft patch for Outlook Express, I haven't really looked into that yet what exactly that does. I hope you get your computers working again Jeroen! We need new Rebels and Tigers and Gandalfs! Groetjes! Eelco >>Manual Removal Instructions >> >> >>Restart Windows in Safe Mode (reboot your computer, as soon as you see the text >>Starting Windows at the botton of the screen, hit the F5 key). >>Click START | RUN, type %WINDIR%\SYSTEM and hit ENTER >>Delete the following files (if they exist): >> >>KERN32.EXE >>KERNEL32.EXE >>KDLL.DLL >>HKSDLL.DLL >> >>Click START | RUN, type REGEDIT and hit ENTER >> >>Click the (+) next to HKEY_LOCAL_MACHINE >> >>Click the (+) next to SOFTWARE >> >>Click the (+) next to MICROSOFT >> >>Click the (+) next to WINDOWS >> >>Click the (+) next to CURRENTVERSION >> >>Click the (+) next to RUNONCE >> >>Click on KERNEL32 and hit DELETE on the keyboard >> >>Restart the computer >>Additional Windows ME Info: >>NOTE: Windows ME utilizes a backup utility that backs up selected files >>automatically to the C:\_Restore folder. This means that an infected file could >>be stored there as a backup file, and VirusScan will be unable to delete these >>files. These instructions explain how to remove the infected files from the >>C:\_Restore folder. >> >>Disabling the Restore Utility >> >>1. Right click the My Computer icon on the Desktop. >>2. Click on the Performance Tab. >>3. Click on the File System button. >>4. Click on the Troubleshooting Tab. >>5. Put a check mark next to "Disable System Restore". >>6. Click the Apply button. >>7. Click the Close button. >>8. Click the Close button again. >>9. You will be prompted to restart the computer. Click Yes. >>NOTE: The Restore Utility will now be disabled. >>10. Restart the computer in Safe Mode. >>11. Run a scan with VirusScan to delete all infected files, or browse the the >>file's located in the C:\_Restore folder and remove the file's. >>12. After removing the desired files, restart the computer normally. >>NOTE: To re-enable the Restore Utility, follow steps 1-9 and on step 5 remove >>the check mark next to "Disable System Restore". The infected file's are removed >>and the System Restore is once again active. >> >> >> >>------------------------------------------------------ >> >>Sorry again! >>Eelco
This page took 0 seconds to execute
Last modified: Thu, 15 Apr 21 08:11:13 -0700
Current Computer Chess Club Forums at Talkchess. This site by Sean Mintz.