Henry
Thu Nov 24 07:56:31 CST 2005
After I ran System Suite's Fast Scan, which is the one that found and
deleted the infected files, I ran the deep scan. It didn't find anything. So
I didn't run either Trend or McAfee.
This is the report from Kaspersky:
Result for all objects:
Sector Objects : 5 Known viruses : 3
Files : 224319 Virus bodies : 4
Folders : 2827 Disinfected : 0
Archives : 2118 Deleted : 2
Packed : 206 Warnings : 0
Suspicious : 0
Scan speed (Kb/sec) : 323 Corrupted : 0
Scan time : 08:09:56 I/O Errors : 1
Sophos reported that data1.cab is corrupt. What do I do about that?
I extracted regedit from win_17.cab. It works. Thanks.
"David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message
news:%23Zz3hsE8FHA.788@tk2msftngp13.phx.gbl...
> From: "Henry" <mrrandb@comcast.net>
>
> | I had two viruses: Winlog and Winsupdater. System Suite 5 removed
them.
> | Then I tried to go into the registry using regedit to remove any
instances
> | of the viruses from there and a DOS window popped up with a message box
on
> | top of it saying
> |
> | "The program tried to execute an invalid instruction.
> | Fault Location: 0C12: 0EE8
> | Interrupts in Service: None"
> |
> | I used System Suite's Registry Fixer, but there weren't any keys listed
for
> | the viruses. I used Registry Magic and it found 2 instances of each
virus. I
> | deleted them (I suppose), but I'm still having the problem.
> |
> | How dangerous is this and how can I fix it? Everything seems to be OK
> | otherwise.
> |
> | Thanks for any help.
> |
>
> Two part answer.
> The first is to scan the PC for any further virus remants. It will also
make sure the
> execution of REGEDIT isn't blocked by Local Policies, etc.
>
> The second part is to replace the REGEDIT.EXE command with the file that
is distributed with
> the OS in case it is corrupted.
>
> Part 1
> -------------
> Download MULTI_AV.EXE from the URL --
>
http://www.ik-cs.com/programs/virtools/Multi_AV.exe
>
> To use this utility, perform the following...
> Execute; Multi_AV.exe { Note: You must use the default folder C:\AV-CLS }
> Choose; Unzip
> Choose; Close
>
> Execute; C:\AV-CLS\StartMenu.BAT
> { or Double-click on 'Start Menu' in C:\AV-CLS }
>
> NOTE: You may have to disable your software FireWall or allow WGET.EXE to
go through your
> FireWall to allow it to download the needed AV vendor related files.
>
> C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in C:\AV-CLS}
> This will bring up the initial menu of choices and should be executed in
Normal Mode.
> This way all the components can be downloaded from each AV vendor's web
site.
> The choices are; Sophos, Trend, McAfee, Kaspersky, Exit this menu and
Reboot the PC.
>
> You can choose to go to each menu item and just download the needed files
or you can
> download the files and perform a scan in Normal Mode. Once you have
downloaded the files
> needed for each scanner you want to use, you should reboot the PC into
Safe Mode [F8 key
> during boot] and re-run the menu again and choose which scanner you want
to run in Safe
> Mode. It is suggested to run the scanners in both Safe Mode and Normal
Mode.
>
> When the menu is displayed hitting 'H' or 'h' will bring up a more
comprehensive PDF help
> file.
>
> Part 2
> -------------
> Search c:\windows for; REGEDIT.COM and REGEDIT.EXE Delete what you
find
>
> Search for the file WIN_17.CAB it will be either on the hard disk or the
WinME distribution
> CDROM.
>
> Assuming you find WIN_17.CAB on the CDROM as d:\winme\WIN_17.CAB
>
> Open a DOS Prompt and type ( Start --> run; command.com )...
>
> extract /y d:\winme\WIN_17.CAB c:\windows\regedit.exe
>
> In other words... When you find the path to; WIN_17.CAB substitute
that path for;
> <path> in the below command line..
>
> extract /y <path>\WIN_17.CAB c:\windows\regedit.exe
>
>
> * * * Please report back your results * * *
>
> --
> Dave
>
http://www.claymania.com/removal-trojan-adware.html
>
http://www.ik-cs.com/got-a-virus.htm
>
>