Ok viruses wont leave

Tutorials Win: Microsoft Windows Forum

Ok so i got the two viruses which i posed about earlier
which is the iworm/ronoper.u and the iworm/sddrop. I
downloaded grisoft and it found the files that were
infected but it couldnt delete or remove them in any kind
of way. There are about 160 files infected. My system
restore isnt working. It shows me as having no back up
points. So i download norton and i scanned it and it
showed the infected files but when i went to the registry
and tryed to turn back what the worm had done it said
adminastrator wont let me or something like that. Said i
could not do it in other words. So i deleted norton
antivirus from my system and ran grisoft again and the
same thing happened. So i dont know what to do? Also when
i go into my computer, the windows file that on the c
drive is gone. I cant locate it anywhere. I need some
major help lol .... thanks :)
Top

Re: Ok viruses wont leave by David

David
Fri Feb 06 10:44:05 CST 2004

And I answered your question ! One LAST time !

Reboot your PC into Safe Mode and then re-scan your platform using AVG.

Dave



"Help me !!!" <anonymous@discussions.microsoft.com> wrote in message
news:bf5001c3ecc7$bafdd430$a601280a@phx.gbl...
| Ok so i got the two viruses which i posed about earlier
| which is the iworm/ronoper.u and the iworm/sddrop. I
| downloaded grisoft and it found the files that were
| infected but it couldnt delete or remove them in any kind
| of way. There are about 160 files infected. My system
| restore isnt working. It shows me as having no back up
| points. So i download norton and i scanned it and it
| showed the infected files but when i went to the registry
| and tryed to turn back what the worm had done it said
| adminastrator wont let me or something like that. Said i
| could not do it in other words. So i deleted norton
| antivirus from my system and ran grisoft again and the
| same thing happened. So i dont know what to do? Also when
| i go into my computer, the windows file that on the c
| drive is gone. I cant locate it anywhere. I need some
| major help lol .... thanks :)


Top

Re: Ok viruses wont leave by anonymous

anonymous
Fri Feb 06 11:13:50 CST 2004

Dude i did as you said and when it found the viruses it
said it could not delete them or move them. I was in safe
mode when i did it. anyone else have any ideas? If i just
reboot with the disc and erase everything and start from
scratch .. will that help it? i think its called reformat


>-----Original Message-----
>And I answered your question ! One LAST time !
>
>Reboot your PC into Safe Mode and then re-scan your
platform using AVG.
>
>Dave
>
>
>
>"Help me !!!" <anonymous@discussions.microsoft.com> wrote
in message
>news:bf5001c3ecc7$bafdd430$a601280a@phx.gbl...
>| Ok so i got the two viruses which i posed about earlier
>| which is the iworm/ronoper.u and the iworm/sddrop. I
>| downloaded grisoft and it found the files that were
>| infected but it couldnt delete or remove them in any
kind
>| of way. There are about 160 files infected. My system
>| restore isnt working. It shows me as having no back up
>| points. So i download norton and i scanned it and it
>| showed the infected files but when i went to the
registry
>| and tryed to turn back what the worm had done it said
>| adminastrator wont let me or something like that. Said
i
>| could not do it in other words. So i deleted norton
>| antivirus from my system and ran grisoft again and the
>| same thing happened. So i dont know what to do? Also
when
>| i go into my computer, the windows file that on the c
>| drive is gone. I cant locate it anywhere. I need some
>| major help lol .... thanks :)
>
>
>.
>
Top

Re: Ok viruses wont leave by David

David
Fri Feb 06 11:30:35 CST 2004

Really ?

Where in your second post did you state that you applied my suggestion ?

In any case -- re-install Norton AV and perform a Full Scan in Safe Mode using NAV.

Dave



<anonymous@discussions.microsoft.com> wrote in message
news:bcff01c3ecd4$96db6b50$a401280a@phx.gbl...
| Dude i did as you said and when it found the viruses it
| said it could not delete them or move them. I was in safe
| mode when i did it. anyone else have any ideas? If i just
| reboot with the disc and erase everything and start from
| scratch .. will that help it? i think its called reformat
|
|
| >-----Original Message-----
| >And I answered your question ! One LAST time !
| >
| >Reboot your PC into Safe Mode and then re-scan your
| platform using AVG.
| >
| >Dave
| >
| >
| >
| >"Help me !!!" <anonymous@discussions.microsoft.com> wrote
| in message
| >news:bf5001c3ecc7$bafdd430$a601280a@phx.gbl...
| >| Ok so i got the two viruses which i posed about earlier
| >| which is the iworm/ronoper.u and the iworm/sddrop. I
| >| downloaded grisoft and it found the files that were
| >| infected but it couldnt delete or remove them in any
| kind
| >| of way. There are about 160 files infected. My system
| >| restore isnt working. It shows me as having no back up
| >| points. So i download norton and i scanned it and it
| >| showed the infected files but when i went to the
| registry
| >| and tryed to turn back what the worm had done it said
| >| adminastrator wont let me or something like that. Said
| i
| >| could not do it in other words. So i deleted norton
| >| antivirus from my system and ran grisoft again and the
| >| same thing happened. So i dont know what to do? Also
| when
| >| i go into my computer, the windows file that on the c
| >| drive is gone. I cant locate it anywhere. I need some
| >| major help lol .... thanks :)
| >
| >
| >.
| >


Top

Re: Ok viruses wont leave by Dapper

Dapper
Fri Feb 06 12:54:57 CST 2004

Dave
The problem is not necessarily the virus, but what to do with it now
that he found one. I've been there, and from other recent posts in
this and other NG's, others have too. Our AV program finds the virus
but can't repair it ! So the question is what is the proper procedure
if one's AV program finds but cannot repair a virus ????

"David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message
news:uvZRsbN7DHA.2416@TK2MSFTNGP10.phx.gbl...
> Really ?
>
> Where in your second post did you state that you applied my
suggestion ?
>
> In any case -- re-install Norton AV and perform a Full Scan in Safe
Mode using NAV.
>
> Dave
>
>
>
> <anonymous@discussions.microsoft.com> wrote in message
> news:bcff01c3ecd4$96db6b50$a401280a@phx.gbl...
> | Dude i did as you said and when it found the viruses it
> | said it could not delete them or move them. I was in safe
> | mode when i did it. anyone else have any ideas? If i just
> | reboot with the disc and erase everything and start from
> | scratch .. will that help it? i think its called reformat
> |
> |
> | >-----Original Message-----
> | >And I answered your question ! One LAST time !
> | >
> | >Reboot your PC into Safe Mode and then re-scan your
> | platform using AVG.
> | >
> | >Dave
> | >
> | >
> | >
> | >"Help me !!!" <anonymous@discussions.microsoft.com> wrote
> | in message
> | >news:bf5001c3ecc7$bafdd430$a601280a@phx.gbl...
> | >| Ok so i got the two viruses which i posed about earlier
> | >| which is the iworm/ronoper.u and the iworm/sddrop. I
> | >| downloaded grisoft and it found the files that were
> | >| infected but it couldnt delete or remove them in any
> | kind
> | >| of way. There are about 160 files infected. My system
> | >| restore isnt working. It shows me as having no back up
> | >| points. So i download norton and i scanned it and it
> | >| showed the infected files but when i went to the
> | registry
> | >| and tryed to turn back what the worm had done it said
> | >| adminastrator wont let me or something like that. Said
> | i
> | >| could not do it in other words. So i deleted norton
> | >| antivirus from my system and ran grisoft again and the
> | >| same thing happened. So i dont know what to do? Also
> | when
> | >| i go into my computer, the windows file that on the c
> | >| drive is gone. I cant locate it anywhere. I need some
> | >| major help lol .... thanks :)
> | >
> | >
> | >.
> | >
>
>


Top

Re: Ok viruses wont leave by David

David
Fri Feb 06 13:10:52 CST 2004

The situation is usually Open File Handles, thus the files can't be cleaned nor deleted.
When you boot into Safe Mode only core Win32/NT components are loaded (albeit, there are
viruses that get around that by loading from the Registry SHELL command) and thus the vast
majority of infectors are not loaded and can be easily dealt with. Unfortunately, I keep
forgetting that AVG is one that doesn't like Safe Mode. McAfee, Norton, Trend, etc, have
no problem. McAfee also has their mixed Win32/NT/DOS Command Line Scanner that has NO
problems running in any mode of DOS or Windows in even incorporates its own memory manager
under DOS so HIMEM.SYS and EMM386.EXE are not needed.

Dave



"Dapper Dan" <dapperdan@home.com> wrote in message
news:u0FQfLO7DHA.2432@TK2MSFTNGP10.phx.gbl...
| Dave
| The problem is not necessarily the virus, but what to do with it now
| that he found one. I've been there, and from other recent posts in
| this and other NG's, others have too. Our AV program finds the virus
| but can't repair it ! So the question is what is the proper procedure
| if one's AV program finds but cannot repair a virus ????
|
| "David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message
| news:uvZRsbN7DHA.2416@TK2MSFTNGP10.phx.gbl...
| > Really ?
| >
| > Where in your second post did you state that you applied my
| suggestion ?
| >
| > In any case -- re-install Norton AV and perform a Full Scan in Safe
| Mode using NAV.
| >
| > Dave
| >
| >
| >
| > <anonymous@discussions.microsoft.com> wrote in message
| > news:bcff01c3ecd4$96db6b50$a401280a@phx.gbl...
| > | Dude i did as you said and when it found the viruses it
| > | said it could not delete them or move them. I was in safe
| > | mode when i did it. anyone else have any ideas? If i just
| > | reboot with the disc and erase everything and start from
| > | scratch .. will that help it? i think its called reformat
| > |
| > |
| > | >-----Original Message-----
| > | >And I answered your question ! One LAST time !
| > | >
| > | >Reboot your PC into Safe Mode and then re-scan your
| > | platform using AVG.
| > | >
| > | >Dave
| > | >
| > | >
| > | >
| > | >"Help me !!!" <anonymous@discussions.microsoft.com> wrote
| > | in message
| > | >news:bf5001c3ecc7$bafdd430$a601280a@phx.gbl...
| > | >| Ok so i got the two viruses which i posed about earlier
| > | >| which is the iworm/ronoper.u and the iworm/sddrop. I
| > | >| downloaded grisoft and it found the files that were
| > | >| infected but it couldnt delete or remove them in any
| > | kind
| > | >| of way. There are about 160 files infected. My system
| > | >| restore isnt working. It shows me as having no back up
| > | >| points. So i download norton and i scanned it and it
| > | >| showed the infected files but when i went to the
| > | registry
| > | >| and tryed to turn back what the worm had done it said
| > | >| adminastrator wont let me or something like that. Said
| > | i
| > | >| could not do it in other words. So i deleted norton
| > | >| antivirus from my system and ran grisoft again and the
| > | >| same thing happened. So i dont know what to do? Also
| > | when
| > | >| i go into my computer, the windows file that on the c
| > | >| drive is gone. I cant locate it anywhere. I need some
| > | >| major help lol .... thanks :)
| > | >
| > | >
| > | >.
| > | >
| >
| >
|
|


Top

Re: Ok viruses wont leave by MowGreen

MowGreen
Fri Feb 06 14:17:21 CST 2004

iworm/ronoper.u
http://www.computercops.biz/postlite12401-.html

iworm/sddrop
http://www.computercops.biz/postlite16406-iworm+sddrop.html

HijackThis
http://www.merijn.org/files/hijackthis.zip


MowGreen [MVP]
*-343-* Never Forgotten


Help me !!! wrote:

> Ok so i got the two viruses which i posed about earlier
> which is the iworm/ronoper.u and the iworm/sddrop. I
> downloaded grisoft and it found the files that were
> infected but it couldnt delete or remove them in any kind
> of way. There are about 160 files infected. My system
> restore isnt working. It shows me as having no back up
> points. So i download norton and i scanned it and it
> showed the infected files but when i went to the registry
> and tryed to turn back what the worm had done it said
> adminastrator wont let me or something like that. Said i
> could not do it in other words. So i deleted norton
> antivirus from my system and ran grisoft again and the
> same thing happened. So i dont know what to do? Also when
> i go into my computer, the windows file that on the c
> drive is gone. I cant locate it anywhere. I need some
> major help lol .... thanks :)

Top

Re: Ok viruses wont leave by Dapper

Dapper
Fri Feb 06 16:19:35 CST 2004

Thanks for the clarification. If I read you correctly, I understand
that if an AV program finds a virus, but can't "clean" it, then one
should reboot into SAFE MODE and try to "clean" it again.

"David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message
news:%23VVpuTO7DHA.2952@TK2MSFTNGP09.phx.gbl...
> The situation is usually Open File Handles, thus the files can't be
cleaned nor deleted.
> When you boot into Safe Mode only core Win32/NT components are
loaded (albeit, there are
> viruses that get around that by loading from the Registry SHELL
command) and thus the vast
> majority of infectors are not loaded and can be easily dealt with.
Unfortunately, I keep
> forgetting that AVG is one that doesn't like Safe Mode. McAfee,
Norton, Trend, etc, have
> no problem. McAfee also has their mixed Win32/NT/DOS Command Line
Scanner that has NO
> problems running in any mode of DOS or Windows in even incorporates
its own memory manager
> under DOS so HIMEM.SYS and EMM386.EXE are not needed.
>
> Dave
>
>
>
> "Dapper Dan" <dapperdan@home.com> wrote in message
> news:u0FQfLO7DHA.2432@TK2MSFTNGP10.phx.gbl...
> | Dave
> | The problem is not necessarily the virus, but what to do with it
now
> | that he found one. I've been there, and from other recent posts in
> | this and other NG's, others have too. Our AV program finds the
virus
> | but can't repair it ! So the question is what is the proper
procedure
> | if one's AV program finds but cannot repair a virus ????
> |
> | "David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message
> | news:uvZRsbN7DHA.2416@TK2MSFTNGP10.phx.gbl...
> | > Really ?
> | >
> | > Where in your second post did you state that you applied my
> | suggestion ?
> | >
> | > In any case -- re-install Norton AV and perform a Full Scan in
Safe
> | Mode using NAV.
> | >
> | > Dave
> | >
> | >
> | >
> | > <anonymous@discussions.microsoft.com> wrote in message
> | > news:bcff01c3ecd4$96db6b50$a401280a@phx.gbl...
> | > | Dude i did as you said and when it found the viruses it
> | > | said it could not delete them or move them. I was in safe
> | > | mode when i did it. anyone else have any ideas? If i just
> | > | reboot with the disc and erase everything and start from
> | > | scratch .. will that help it? i think its called reformat
> | > |
> | > |
> | > | >-----Original Message-----
> | > | >And I answered your question ! One LAST time !
> | > | >
> | > | >Reboot your PC into Safe Mode and then re-scan your
> | > | platform using AVG.
> | > | >
> | > | >Dave
> | > | >
> | > | >
> | > | >
> | > | >"Help me !!!" <anonymous@discussions.microsoft.com> wrote
> | > | in message
> | > | >news:bf5001c3ecc7$bafdd430$a601280a@phx.gbl...
> | > | >| Ok so i got the two viruses which i posed about earlier
> | > | >| which is the iworm/ronoper.u and the iworm/sddrop. I
> | > | >| downloaded grisoft and it found the files that were
> | > | >| infected but it couldnt delete or remove them in any
> | > | kind
> | > | >| of way. There are about 160 files infected. My system
> | > | >| restore isnt working. It shows me as having no back up
> | > | >| points. So i download norton and i scanned it and it
> | > | >| showed the infected files but when i went to the
> | > | registry
> | > | >| and tryed to turn back what the worm had done it said
> | > | >| adminastrator wont let me or something like that. Said
> | > | i
> | > | >| could not do it in other words. So i deleted norton
> | > | >| antivirus from my system and ran grisoft again and the
> | > | >| same thing happened. So i dont know what to do? Also
> | > | when
> | > | >| i go into my computer, the windows file that on the c
> | > | >| drive is gone. I cant locate it anywhere. I need some
> | > | >| major help lol .... thanks :)
> | > | >
> | > | >
> | > | >.
> | > | >
> | >
> | >
> |
> |
>
>


Top

Re: Ok viruses wont leave by Dapper

Dapper
Fri Feb 06 16:23:10 CST 2004

Thanks for your feedback too, MowGreen. I just visited the
computercops website and wonder, does it make sense to sign up to the
e-mail scan service that they offer, or would I be covered by my own
AV program, assuming I update regularly ?

"MowGreen [MVP]" <mowgreen@nownadzen.com> wrote in message
news:eMfp44O7DHA.1460@tk2msftngp13.phx.gbl...
> iworm/ronoper.u
> http://www.computercops.biz/postlite12401-.html
>
> iworm/sddrop
> http://www.computercops.biz/postlite16406-iworm+sddrop.html
>
> HijackThis
> http://www.merijn.org/files/hijackthis.zip
>
>
> MowGreen [MVP]
> *-343-* Never Forgotten
>
>
> Help me !!! wrote:
>
> > Ok so i got the two viruses which i posed about earlier
> > which is the iworm/ronoper.u and the iworm/sddrop. I
> > downloaded grisoft and it found the files that were
> > infected but it couldnt delete or remove them in any kind
> > of way. There are about 160 files infected. My system
> > restore isnt working. It shows me as having no back up
> > points. So i download norton and i scanned it and it
> > showed the infected files but when i went to the registry
> > and tryed to turn back what the worm had done it said
> > adminastrator wont let me or something like that. Said i
> > could not do it in other words. So i deleted norton
> > antivirus from my system and ran grisoft again and the
> > same thing happened. So i dont know what to do? Also when
> > i go into my computer, the windows file that on the c
> > drive is gone. I cant locate it anywhere. I need some
> > major help lol .... thanks :)
>


Top

Re: Ok viruses wont leave by Richard

Richard
Fri Feb 06 20:44:06 CST 2004

I think you and David are having a disconnect in discussion here.

The very first thing you need to do when you find a file that can't be
cleaned is to get on the Internet, go to your antivirus manufacturer's Web
site, and research the name of the virus that was found. DO NOT RESEARCH
THE NAME OF THE FILE THAT CANNOT BE CLEANED, as that will likely do you no
good. Many viruses make up random names for their virus-infected files.
Find the name of the virus itself that was found and read all about it.

In most cases the reason a file cannot be "cleaned" is because it is the
virus itself, and in these cases the proper thing to do with the
un-cleanable file is to either delete it or move it into quarantine. Then
you need to follow the rest of the directions as the antivirus web site so
you know what else needs cleaning.

--
Richard G. Harper [MVP Win9x] rgharper@email.com
* PLEASE post all messages and replies in the newsgroups
* for the benefit of all. Private mail is usually not replied to.
* HELP us help YOU ... http://www.dts-l.org/goodpost.htm

"Dapper Dan" <dapperdan@home.com> wrote in message
news:u0B369P7DHA.2812@TK2MSFTNGP11.phx.gbl...
> Thanks for the clarification. If I read you correctly, I understand
> that if an AV program finds a virus, but can't "clean" it, then one
> should reboot into SAFE MODE and try to "clean" it again.
>
> "David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message
> news:%23VVpuTO7DHA.2952@TK2MSFTNGP09.phx.gbl...
>> The situation is usually Open File Handles, thus the files can't be
> cleaned nor deleted.
>> When you boot into Safe Mode only core Win32/NT components are
> loaded (albeit, there are
>> viruses that get around that by loading from the Registry SHELL
> command) and thus the vast
>> majority of infectors are not loaded and can be easily dealt with.
> Unfortunately, I keep
>> forgetting that AVG is one that doesn't like Safe Mode. McAfee,
> Norton, Trend, etc, have
>> no problem. McAfee also has their mixed Win32/NT/DOS Command Line
> Scanner that has NO
>> problems running in any mode of DOS or Windows in even incorporates
> its own memory manager
>> under DOS so HIMEM.SYS and EMM386.EXE are not needed.
>>
>> Dave
>>
>>
>>
>> "Dapper Dan" <dapperdan@home.com> wrote in message
>> news:u0FQfLO7DHA.2432@TK2MSFTNGP10.phx.gbl...
>> | Dave
>> | The problem is not necessarily the virus, but what to do with it
> now
>> | that he found one. I've been there, and from other recent posts in
>> | this and other NG's, others have too. Our AV program finds the
> virus
>> | but can't repair it ! So the question is what is the proper
> procedure
>> | if one's AV program finds but cannot repair a virus ????
>> |
>> | "David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message
>> | news:uvZRsbN7DHA.2416@TK2MSFTNGP10.phx.gbl...
>> | > Really ?
>> | >
>> | > Where in your second post did you state that you applied my
>> | suggestion ?
>> | >
>> | > In any case -- re-install Norton AV and perform a Full Scan in
> Safe
>> | Mode using NAV.
>> | >
>> | > Dave
>> | >
>> | >
>> | >
>> | > <anonymous@discussions.microsoft.com> wrote in message
>> | > news:bcff01c3ecd4$96db6b50$a401280a@phx.gbl...
>> | > | Dude i did as you said and when it found the viruses it
>> | > | said it could not delete them or move them. I was in safe
>> | > | mode when i did it. anyone else have any ideas? If i just
>> | > | reboot with the disc and erase everything and start from
>> | > | scratch .. will that help it? i think its called reformat
>> | > |
>> | > |
>> | > | >-----Original Message-----
>> | > | >And I answered your question ! One LAST time !
>> | > | >
>> | > | >Reboot your PC into Safe Mode and then re-scan your
>> | > | platform using AVG.
>> | > | >
>> | > | >Dave
>> | > | >
>> | > | >
>> | > | >
>> | > | >"Help me !!!" <anonymous@discussions.microsoft.com> wrote
>> | > | in message
>> | > | >news:bf5001c3ecc7$bafdd430$a601280a@phx.gbl...
>> | > | >| Ok so i got the two viruses which i posed about earlier
>> | > | >| which is the iworm/ronoper.u and the iworm/sddrop. I
>> | > | >| downloaded grisoft and it found the files that were
>> | > | >| infected but it couldnt delete or remove them in any
>> | > | kind
>> | > | >| of way. There are about 160 files infected. My system
>> | > | >| restore isnt working. It shows me as having no back up
>> | > | >| points. So i download norton and i scanned it and it
>> | > | >| showed the infected files but when i went to the
>> | > | registry
>> | > | >| and tryed to turn back what the worm had done it said
>> | > | >| adminastrator wont let me or something like that. Said
>> | > | i
>> | > | >| could not do it in other words. So i deleted norton
>> | > | >| antivirus from my system and ran grisoft again and the
>> | > | >| same thing happened. So i dont know what to do? Also
>> | > | when
>> | > | >| i go into my computer, the windows file that on the c
>> | > | >| drive is gone. I cant locate it anywhere. I need some
>> | > | >| major help lol .... thanks :)
>> | > | >
>> | > | >
>> | > | >.
>> | > | >
>> | >
>> | >
>> |
>> |
>>
>>
>
>


Top

Re: Ok viruses wont leave by MowGreen

MowGreen
Fri Feb 06 20:55:47 CST 2004

Dapper,

If you keep AVG updated and scan your system on a regular basis then you
don't need to pay to have your email scanned. Just don't open any
attachments without first scanning them.

Online scans can be done at :

PandaActiveScan
http://www.pandasoftware.com/activescan/activescan.asp?Language=2&Country=63&Partner=1&Ref=EN-PR-AS-107

McAfee
http://us.mcafee.com/root/mfs/default.asp

Trend Micro (PC-Cilin)
http://housecall.trendmicro.com/housecall/start_corp.asp

You should also download and run CWShredder :
http://216.180.233.153/~merijn/files/CWShredder.exe

Delete the copy of CWShredder. It is constantly being updated and the
CoolWebSearch variants are constantly evolving ... or devolving, in this
case. You won't get the Control Panel error message anymore.

You might also have to replace the rundll.exe file :

Posted by Mike Maltby, MS-MVP

" Rundll32.exe is contained in WIN_17.CAB of the Win Me cab set and can
be restored using MSConfig | General | Extract File ... and following
the prompts. The "cab" files are in the Win9x folder on the Win Me CD
and/or in a sub-folder of Windows\Options. See MS KB129605 - "HOW TO:
Extract Original Compressed Windows Files"
(http://support.microsoft.com?kbid=129605). "

The most likely cause for CWS infestation is a vulnerability in the
MSJVM. Go to the WINDOWS folder and right click on Jview.exe, choose
Properties, Version ... it should be 5.0.3810.0 . If not , update it
directly from this link :

http://www.softwarepatch.com/windows/javavm.html

Close IE before installing it.


MowGreen [MVP]



Dapper Dan wrote:

> Thanks for your feedback too, MowGreen. I just visited the
> computercops website and wonder, does it make sense to sign up to the
> e-mail scan service that they offer, or would I be covered by my own
> AV program, assuming I update regularly ?
>
> "MowGreen [MVP]" <mowgreen@nownadzen.com> wrote in message
> news:eMfp44O7DHA.1460@tk2msftngp13.phx.gbl...
>
>>iworm/ronoper.u
>>http://www.computercops.biz/postlite12401-.html
>>
>>iworm/sddrop
>>http://www.computercops.biz/postlite16406-iworm+sddrop.html
>>
>>HijackThis
>>http://www.merijn.org/files/hijackthis.zip
>>
>>
>>MowGreen [MVP]
>>*-343-* Never Forgotten
>>
>>
>>Help me !!! wrote:
>>
>>
>>>Ok so i got the two viruses which i posed about earlier
>>>which is the iworm/ronoper.u and the iworm/sddrop. I
>>>downloaded grisoft and it found the files that were
>>>infected but it couldnt delete or remove them in any kind
>>>of way. There are about 160 files infected. My system
>>>restore isnt working. It shows me as having no back up
>>>points. So i download norton and i scanned it and it
>>>showed the infected files but when i went to the registry
>>>and tryed to turn back what the worm had done it said
>>>adminastrator wont let me or something like that. Said i
>>>could not do it in other words. So i deleted norton
>>>antivirus from my system and ran grisoft again and the
>>>same thing happened. So i dont know what to do? Also when
>>>i go into my computer, the windows file that on the c
>>>drive is gone. I cant locate it anywhere. I need some
>>>major help lol .... thanks :)
>>
>
>

Top

Re: Ok viruses wont leave by Steve

Steve
Sat Feb 07 00:11:04 CST 2004

Where did it find it ?

"Dapper Dan" <dapperdan@home.com> wrote in message
news:u0FQfLO7DHA.2432@TK2MSFTNGP10.phx.gbl...
> Dave
> The problem is not necessarily the virus, but what to do with it now
> that he found one. I've been there, and from other recent posts in
> this and other NG's, others have too. Our AV program finds the virus
> but can't repair it ! So the question is what is the proper procedure
> if one's AV program finds but cannot repair a virus ????
>
> "David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message
> news:uvZRsbN7DHA.2416@TK2MSFTNGP10.phx.gbl...
> > Really ?
> >
> > Where in your second post did you state that you applied my
> suggestion ?
> >
> > In any case -- re-install Norton AV and perform a Full Scan in Safe
> Mode using NAV.
> >
> > Dave
> >
> >
> >
> > <anonymous@discussions.microsoft.com> wrote in message
> > news:bcff01c3ecd4$96db6b50$a401280a@phx.gbl...
> > | Dude i did as you said and when it found the viruses it
> > | said it could not delete them or move them. I was in safe
> > | mode when i did it. anyone else have any ideas? If i just
> > | reboot with the disc and erase everything and start from
> > | scratch .. will that help it? i think its called reformat
> > |
> > |
> > | >-----Original Message-----
> > | >And I answered your question ! One LAST time !
> > | >
> > | >Reboot your PC into Safe Mode and then re-scan your
> > | platform using AVG.
> > | >
> > | >Dave
> > | >
> > | >
> > | >
> > | >"Help me !!!" <anonymous@discussions.microsoft.com> wrote
> > | in message
> > | >news:bf5001c3ecc7$bafdd430$a601280a@phx.gbl...
> > | >| Ok so i got the two viruses which i posed about earlier
> > | >| which is the iworm/ronoper.u and the iworm/sddrop. I
> > | >| downloaded grisoft and it found the files that were
> > | >| infected but it couldnt delete or remove them in any
> > | kind
> > | >| of way. There are about 160 files infected. My system
> > | >| restore isnt working. It shows me as having no back up
> > | >| points. So i download norton and i scanned it and it
> > | >| showed the infected files but when i went to the
> > | registry
> > | >| and tryed to turn back what the worm had done it said
> > | >| adminastrator wont let me or something like that. Said
> > | i
> > | >| could not do it in other words. So i deleted norton
> > | >| antivirus from my system and ran grisoft again and the
> > | >| same thing happened. So i dont know what to do? Also
> > | when
> > | >| i go into my computer, the windows file that on the c
> > | >| drive is gone. I cant locate it anywhere. I need some
> > | >| major help lol .... thanks :)
> > | >
> > | >
> > | >.
> > | >
> >
> >
>
>

Top

Re: Ok viruses wont leave by Shane

Shane
Sat Feb 07 07:47:19 CST 2004


"Richard G. Harper" <rgharper@email.com> wrote in message
news:OpUjzPS7DHA.1804@TK2MSFTNGP12.phx.gbl...
> I think you and David are having a disconnect in discussion here.
>
> The very first thing you need to do when you find a file that can't be
> cleaned is to get on the Internet, go to your antivirus manufacturer's Web
> site, and research the name of the virus that was found. DO NOT RESEARCH
> THE NAME OF THE FILE THAT CANNOT BE CLEANED, as that will likely do you no
> good. Many viruses make up random names for their virus-infected files.
> Find the name of the virus itself that was found and read all about it.
>
> In most cases the reason a file cannot be "cleaned" is because it is the
> virus itself, and in these cases the proper thing to do with the
> un-cleanable file is to either delete it or move it into quarantine. Then

Indeed. Or rename it's extension (which the AV prog really ought to have an
option for).

As for viruses that run (regardless of whether in Safe Mode), AVG can be run
from real mode DOS, ie C:\Progra~1\Grisoft\AVG6\AVG.EXE. Of course one
wouldn't want to do so with a boot disk made since infection.


Shane


Top

Re: Ok viruses wont leave by Joan

Joan
Sat Feb 07 08:00:29 CST 2004

Hi Shane,
Did you get my email.
Joan

Shane wrote:
> As for viruses that run (regardless of whether in Safe Mode), AVG can
> be run from real mode DOS, ie C:\Progra~1\Grisoft\AVG6\AVG.EXE. Of
> course one wouldn't want to do so with a boot disk made since
> infection.
>
>
> Shane


Top

Re: Ok viruses wont leave by Dapper

Dapper
Sat Feb 07 08:11:50 CST 2004

Thanks.

"MowGreen [MVP]" <mowgreen@nownadzen.com> wrote in message
news:OV54hXS7DHA.360@TK2MSFTNGP12.phx.gbl...
> Dapper,
>
> If you keep AVG updated and scan your system on a regular basis then
you
> don't need to pay to have your email scanned. Just don't open any
> attachments without first scanning them.
>
> Online scans can be done at :
>
> PandaActiveScan
>
http://www.pandasoftware.com/activescan/activescan.asp?Language=2&Country=63&Partner=1&Ref=EN-PR-AS-107
>
> McAfee
> http://us.mcafee.com/root/mfs/default.asp
>
> Trend Micro (PC-Cilin)
> http://housecall.trendmicro.com/housecall/start_corp.asp
>
> You should also download and run CWShredder :
> http://216.180.233.153/~merijn/files/CWShredder.exe
>
> Delete the copy of CWShredder. It is constantly being updated and
the
> CoolWebSearch variants are constantly evolving ... or devolving, in
this
> case. You won't get the Control Panel error message anymore.
>
> You might also have to replace the rundll.exe file :
>
> Posted by Mike Maltby, MS-MVP
>
> " Rundll32.exe is contained in WIN_17.CAB of the Win Me cab set and
can
> be restored using MSConfig | General | Extract File ... and
following
> the prompts. The "cab" files are in the Win9x folder on the Win Me
CD
> and/or in a sub-folder of Windows\Options. See MS KB129605 - "HOW
TO:
> Extract Original Compressed Windows Files"
> (http://support.microsoft.com?kbid=129605). "
>
> The most likely cause for CWS infestation is a vulnerability in the
> MSJVM. Go to the WINDOWS folder and right click on Jview.exe, choose
> Properties, Version ... it should be 5.0.3810.0 . If not , update it
> directly from this link :
>
> http://www.softwarepatch.com/windows/javavm.html
>
> Close IE before installing it.
>
>
> MowGreen [MVP]
>
>
>
> Dapper Dan wrote:
>
> > Thanks for your feedback too, MowGreen. I just visited the
> > computercops website and wonder, does it make sense to sign up to
the
> > e-mail scan service that they offer, or would I be covered by my
own
> > AV program, assuming I update regularly ?
> >
> > "MowGreen [MVP]" <mowgreen@nownadzen.com> wrote in message
> > news:eMfp44O7DHA.1460@tk2msftngp13.phx.gbl...
> >
> >>iworm/ronoper.u
> >>http://www.computercops.biz/postlite12401-.html
> >>
> >>iworm/sddrop
> >>http://www.computercops.biz/postlite16406-iworm+sddrop.html
> >>
> >>HijackThis
> >>http://www.merijn.org/files/hijackthis.zip
> >>
> >>
> >>MowGreen [MVP]
> >>*-343-* Never Forgotten
> >>
> >>
> >>Help me !!! wrote:
> >>
> >>
> >>>Ok so i got the two viruses which i posed about earlier
> >>>which is the iworm/ronoper.u and the iworm/sddrop. I
> >>>downloaded grisoft and it found the files that were
> >>>infected but it couldnt delete or remove them in any kind
> >>>of way. There are about 160 files infected. My system
> >>>restore isnt working. It shows me as having no back up
> >>>points. So i download norton and i scanned it and it
> >>>showed the infected files but when i went to the registry
> >>>and tryed to turn back what the worm had done it said
> >>>adminastrator wont let me or something like that. Said i
> >>>could not do it in other words. So i deleted norton
> >>>antivirus from my system and ran grisoft again and the
> >>>same thing happened. So i dont know what to do? Also when
> >>>i go into my computer, the windows file that on the c
> >>>drive is gone. I cant locate it anywhere. I need some
> >>>major help lol .... thanks :)
> >>
> >
> >
>


Top

Re: Ok viruses wont leave by Dapper

Dapper
Sat Feb 07 08:43:29 CST 2004

Thanks for the clarification Richard; it is greatly appreciated. You
too Shane.

Steve, I don't have a virus. The original poster was requesting
assistance and although Dave Lipman was responding, they weren't
communicating. I simply jumped in because I had "been there and done
that", hoping that it would subsequently provide an answer to the
original poster.
Several months ago, my AV program found a virus after a scan and
because it was unable to clean and/or repair, I directed it to the
quarantine file. However, I was uncomfortable with it remaining on my
system and ended up deleting it from my quarantine file. Needless to
say, problems ensued, which I eventually resolved but it was
complicated.
By re-asking the question, I was hoping, not only that the poster
would avoid the same mistake, but that the hundreds or thousands of
others that peruse these NG's would be provided with a solution, to be
used in a panic-free environment, if and when required.

"Steve Baron - KB3MM" <SteveBaron@StarLinX.com> wrote in message
news:%23T0hAUU7DHA.1428@TK2MSFTNGP12.phx.gbl...
> Where did it find it ?
>
> "Dapper Dan" <dapperdan@home.com> wrote in message
> news:u0FQfLO7DHA.2432@TK2MSFTNGP10.phx.gbl...
> > Dave
> > The problem is not necessarily the virus, but what to do with it
now
> > that he found one. I've been there, and from other recent posts in
> > this and other NG's, others have too. Our AV program finds the
virus
> > but can't repair it ! So the question is what is the proper
procedure
> > if one's AV program finds but cannot repair a virus ????
> >
> > "David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message
> > news:uvZRsbN7DHA.2416@TK2MSFTNGP10.phx.gbl...
> > > Really ?
> > >
> > > Where in your second post did you state that you applied my
> > suggestion ?
> > >
> > > In any case -- re-install Norton AV and perform a Full Scan in
Safe
> > Mode using NAV.
> > >
> > > Dave
> > >
> > >
> > >
> > > <anonymous@discussions.microsoft.com> wrote in message
> > > news:bcff01c3ecd4$96db6b50$a401280a@phx.gbl...
> > > | Dude i did as you said and when it found the viruses it
> > > | said it could not delete them or move them. I was in safe
> > > | mode when i did it. anyone else have any ideas? If i just
> > > | reboot with the disc and erase everything and start from
> > > | scratch .. will that help it? i think its called reformat
> > > |
> > > |
> > > | >-----Original Message-----
> > > | >And I answered your question ! One LAST time !
> > > | >
> > > | >Reboot your PC into Safe Mode and then re-scan your
> > > | platform using AVG.
> > > | >
> > > | >Dave
> > > | >
> > > | >
> > > | >
> > > | >"Help me !!!" <anonymous@discussions.microsoft.com> wrote
> > > | in message
> > > | >news:bf5001c3ecc7$bafdd430$a601280a@phx.gbl...
> > > | >| Ok so i got the two viruses which i posed about earlier
> > > | >| which is the iworm/ronoper.u and the iworm/sddrop. I
> > > | >| downloaded grisoft and it found the files that were
> > > | >| infected but it couldnt delete or remove them in any
> > > | kind
> > > | >| of way. There are about 160 files infected. My system
> > > | >| restore isnt working. It shows me as having no back up
> > > | >| points. So i download norton and i scanned it and it
> > > | >| showed the infected files but when i went to the
> > > | registry
> > > | >| and tryed to turn back what the worm had done it said
> > > | >| adminastrator wont let me or something like that. Said
> > > | i
> > > | >| could not do it in other words. So i deleted norton
> > > | >| antivirus from my system and ran grisoft again and the
> > > | >| same thing happened. So i dont know what to do? Also
> > > | when
> > > | >| i go into my computer, the windows file that on the c
> > > | >| drive is gone. I cant locate it anywhere. I need some
> > > | >| major help lol .... thanks :)
> > > | >
> > > | >
> > > | >.
> > > | >
> > >
> > >
> >
> >
>


Top

Re: Ok viruses wont leave by MowGreen

MowGreen
Sat Feb 07 13:32:20 CST 2004

You're welcome ... somehow I confused you with the OP. Hope he reads it ;)

MG

Dapper Dan wrote:

> Thanks.
>
> "MowGreen [MVP]" <mowgreen@nownadzen.com> wrote in message
> news:OV54hXS7DHA.360@TK2MSFTNGP12.phx.gbl...
>
>>Dapper,
>>
>>If you keep AVG updated and scan your system on a regular basis then
>
> you
>
>>don't need to pay to have your email scanned. Just don't open any
>>attachments without first scanning them.
>>
>>Online scans can be done at :
>>
>>PandaActiveScan
>>
>
> http://www.pandasoftware.com/activescan/activescan.asp?Language=2&Country=63&Partner=1&Ref=EN-PR-AS-107
>
>>McAfee
>>http://us.mcafee.com/root/mfs/default.asp
>>
>>Trend Micro (PC-Cilin)
>>http://housecall.trendmicro.com/housecall/start_corp.asp
>>
>>You should also download and run CWShredder :
>>http://216.180.233.153/~merijn/files/CWShredder.exe
>>
>>Delete the copy of CWShredder. It is constantly being updated and
>
> the
>
>>CoolWebSearch variants are constantly evolving ... or devolving, in
>
> this
>
>>case. You won't get the Control Panel error message anymore.
>>
>>You might also have to replace the rundll.exe file :
>>
>>Posted by Mike Maltby, MS-MVP
>>
>>" Rundll32.exe is contained in WIN_17.CAB of the Win Me cab set and
>
> can
>
>>be restored using MSConfig | General | Extract File ... and
>
> following
>
>>the prompts. The "cab" files are in the Win9x folder on the Win Me
>
> CD
>
>>and/or in a sub-folder of Windows\Options. See MS KB129605 - "HOW
>
> TO:
>
>>Extract Original Compressed Windows Files"
>>(http://support.microsoft.com?kbid=129605). "
>>
>>The most likely cause for CWS infestation is a vulnerability in the
>>MSJVM. Go to the WINDOWS folder and right click on Jview.exe, choose
>>Properties, Version ... it should be 5.0.3810.0 . If not , update it
>>directly from this link :
>>
>>http://www.softwarepatch.com/windows/javavm.html
>>
>>Close IE before installing it.
>>
>>
>>MowGreen [MVP]
>>
>>
>>
>>Dapper Dan wrote:
>>
>>
>>>Thanks for your feedback too, MowGreen. I just visited the
>>>computercops website and wonder, does it make sense to sign up to
>
> the
>
>>>e-mail scan service that they offer, or would I be covered by my
>
> own
>
>>>AV program, assuming I update regularly ?
>>>
>>>"MowGreen [MVP]" <mowgreen@nownadzen.com> wrote in message
>>>news:eMfp44O7DHA.1460@tk2msftngp13.phx.gbl...
>>>
>>>
>>>>iworm/ronoper.u
>>>>http://www.computercops.biz/postlite12401-.html
>>>>
>>>>iworm/sddrop
>>>>http://www.computercops.biz/postlite16406-iworm+sddrop.html
>>>>
>>>>HijackThis
>>>>http://www.merijn.org/files/hijackthis.zip
>>>>
>>>>
>>>>MowGreen [MVP]
>>>>*-343-* Never Forgotten
>>>>
>>>>
>>>>Help me !!! wrote:
>>>>
>>>>
>>>>
>>>>>Ok so i got the two viruses which i posed about earlier
>>>>>which is the iworm/ronoper.u and the iworm/sddrop. I
>>>>>downloaded grisoft and it found the files that were
>>>>>infected but it couldnt delete or remove them in any kind
>>>>>of way. There are about 160 files infected. My system
>>>>>restore isnt working. It shows me as having no back up
>>>>>points. So i download norton and i scanned it and it
>>>>>showed the infected files but when i went to the registry
>>>>>and tryed to turn back what the worm had done it said
>>>>>adminastrator wont let me or something like that. Said i
>>>>>could not do it in other words. So i deleted norton
>>>>>antivirus from my system and ran grisoft again and the
>>>>>same thing happened. So i dont know what to do? Also when
>>>>>i go into my computer, the windows file that on the c
>>>>>drive is gone. I cant locate it anywhere. I need some
>>>>>major help lol .... thanks :)
>>>>
>>>
>
>

Top

Re: Ok viruses wont leave by David

David
Sat Feb 07 14:26:30 CST 2004

Yes - except I would re-phrase it as "clean/delete".

Dave



"Dapper Dan" <dapperdan@home.com> wrote in message
news:u0B369P7DHA.2812@TK2MSFTNGP11.phx.gbl...
| Thanks for the clarification. If I read you correctly, I understand
| that if an AV program finds a virus, but can't "clean" it, then one
| should reboot into SAFE MODE and try to "clean" it again.
|
| "David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message
| news:%23VVpuTO7DHA.2952@TK2MSFTNGP09.phx.gbl...
| > The situation is usually Open File Handles, thus the files can't be
| cleaned nor deleted.
| > When you boot into Safe Mode only core Win32/NT components are
| loaded (albeit, there are
| > viruses that get around that by loading from the Registry SHELL
| command) and thus the vast
| > majority of infectors are not loaded and can be easily dealt with.
| Unfortunately, I keep
| > forgetting that AVG is one that doesn't like Safe Mode. McAfee,
| Norton, Trend, etc, have
| > no problem. McAfee also has their mixed Win32/NT/DOS Command Line
| Scanner that has NO
| > problems running in any mode of DOS or Windows in even incorporates
| its own memory manager
| > under DOS so HIMEM.SYS and EMM386.EXE are not needed.
| >
| > Dave
| >
| >
| >
| > "Dapper Dan" <dapperdan@home.com> wrote in message
| > news:u0FQfLO7DHA.2432@TK2MSFTNGP10.phx.gbl...
| > | Dave
| > | The problem is not necessarily the virus, but what to do with it
| now
| > | that he found one. I've been there, and from other recent posts in
| > | this and other NG's, others have too. Our AV program finds the
| virus
| > | but can't repair it ! So the question is what is the proper
| procedure
| > | if one's AV program finds but cannot repair a virus ????
| > |
| > | "David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message
| > | news:uvZRsbN7DHA.2416@TK2MSFTNGP10.phx.gbl...
| > | > Really ?
| > | >
| > | > Where in your second post did you state that you applied my
| > | suggestion ?
| > | >
| > | > In any case -- re-install Norton AV and perform a Full Scan in
| Safe
| > | Mode using NAV.
| > | >
| > | > Dave
| > | >
| > | >
| > | >
| > | > <anonymous@discussions.microsoft.com> wrote in message
| > | > news:bcff01c3ecd4$96db6b50$a401280a@phx.gbl...
| > | > | Dude i did as you said and when it found the viruses it
| > | > | said it could not delete them or move them. I was in safe
| > | > | mode when i did it. anyone else have any ideas? If i just
| > | > | reboot with the disc and erase everything and start from
| > | > | scratch .. will that help it? i think its called reformat
| > | > |
| > | > |
| > | > | >-----Original Message-----
| > | > | >And I answered your question ! One LAST time !
| > | > | >
| > | > | >Reboot your PC into Safe Mode and then re-scan your
| > | > | platform using AVG.
| > | > | >
| > | > | >Dave
| > | > | >
| > | > | >
| > | > | >
| > | > | >"Help me !!!" <anonymous@discussions.microsoft.com> wrote
| > | > | in message
| > | > | >news:bf5001c3ecc7$bafdd430$a601280a@phx.gbl...
| > | > | >| Ok so i got the two viruses which i posed about earlier
| > | > | >| which is the iworm/ronoper.u and the iworm/sddrop. I
| > | > | >| downloaded grisoft and it found the files that were
| > | > | >| infected but it couldnt delete or remove them in any
| > | > | kind
| > | > | >| of way. There are about 160 files infected. My system
| > | > | >| restore isnt working. It shows me as having no back up
| > | > | >| points. So i download norton and i scanned it and it
| > | > | >| showed the infected files but when i went to the
| > | > | registry
| > | > | >| and tryed to turn back what the worm had done it said
| > | > | >| adminastrator wont let me or something like that. Said
| > | > | i
| > | > | >| could not do it in other words. So i deleted norton
| > | > | >| antivirus from my system and ran grisoft again and the
| > | > | >| same thing happened. So i dont know what to do? Also
| > | > | when
| > | > | >| i go into my computer, the windows file that on the c
| > | > | >| drive is gone. I cant locate it anywhere. I need some
| > | > | >| major help lol .... thanks :)
| > | > | >
| > | > | >
| > | > | >.
| > | > | >
| > | >
| > | >
| > |
| > |
| >
| >
|
|


Top