SaltPeter
Tue Nov 04 06:41:29 CST 2003
Hi Renee,
Ideally, to recover from such a situation, a format + reinstall would be
the optimum solution. Should you decide to continue with your present
installation, you'll want to identify which quarantined files are basic OS
files, which are obvious trojan/ virus loaders as well as review the
registry entries that generate the errors at startup.
First, Run > msconfig and consult both the Static Vxd and startup tabs.
They'll help you identify the Registry keys trying to launch a virus/trojan
(probably pointing to one of the quarenteed file names). Note that MSConfig
is just showing you a bunch of registry keys found in the registry's Run
subkeys. Personally, i would rather modify or delete registry keys by using
Run>Regedit (just search for "Run") instead of msconfig.
You'll also notice that msconfig's General tab has an extract file
button. That's how one recovers a damaged or quarantined file that's
missing. Since your system was previously infected, use the WinME CD-Rom
instead of the Windows\Options\Install directory to locate the cab files
when extracting.
A quick look at your quarentined file list only shows dialer.exe as the
one file you need to extract. The rest all sound rather dubious but you
never know what applications your system might have had installed.
Fortunately, there are a few things you can do to be better informed
yourself about what steps you need to take. Since you know what Viruses
infected you, you can read up on what each virus does by consulting the
virus databases. Since you are now using Norton, turns out that symantec has
one of the better virus information resources on the web which includes
symptoms, file names and fixes.
Also, i'ld suggest being carefull about what changes you make to the
registry. I'm not saying don't modify Run entries. If you see a registry
entry trying to launch "load32.exe", by all means: zap it. What i am saying
is, modify it after your 100% sure.
Finally, you'll want to disable System Restore, run a thorough antivirus
pass, reenable Restore and download updates once your system starts behaving
correctly.
"Renee" <anonymous@discussions.microsoft.com> wrote in message
news:066801c3a281$61c1d640$a601280a@phx.gbl...
> I first got the W32.Dumaru@mm virus in September, then the
> W32.Sobig and an IRC Trojan a few days ago. I didn't have
> anti virus for the first one, then installed Norton
> Antivirus 2003, which detected and automatically removed
> the Dumaru virus from three files:
> C:/WINDOWS/SYSTEM.load.32
> C:/WINDOWS/dllreg.exe
> C:/WINDOWS/SYSTEM.vxdmgr32.exe
> and when my computer started up it would inform me
> that "windows cannot find" the last file on the list.
> Now, all totalled, I have seven files quarantined:
> windrv.exe
> dialler.exe
> dllreg.exe
> load32.exe
> patch.exe
> vxdmgr32.exe
> winmgm32.exe
> What should I do about this? Is there anything I CAN do?
> Please, any advice would be greatly appreciated....
> Thanks