Results 1 to 10 of 10

Thread: Virus

  1. #1
    New Lounger
    Join Date
    Jul 2002
    Posts
    13
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Virus

    I am using Windows 2000 Professional. Just recently my computer was infected with a "trojan" virus. There are six files that are infected. Neither McAfee nor Norton Antivirus can clean, repair or delete them. The infected files are in: WINNTsystem 32 and in Documents and Settings. I get some strange messages stating that it is a "trojan" virus and IRC. How do I fix this problem. I believe this virus has infected my printer setup. I have been trying to reinstall my injet but I am constantly told that the printer is not hooked up to the computer (I know that it is hooked up). Therefore, I'm stuck with no printer.

    Please help. Thanks.

  2. #2
    Uranium Lounger
    Join Date
    Jan 2001
    Location
    Cincinnati, Ohio, USA
    Posts
    7,089
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Virus

    a) What is the detected virus/trojan

    and

    [img]/forums/images/smilies/cool.gif[/img] What are the files that you can't repair?
    -Mark

  3. #3
    Star Lounger
    Join Date
    Jan 2002
    Location
    Suffolk, England
    Posts
    60
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Virus

    WillyWilly is right with his questions, but it sounds like you might have been infected with 'bugbear', which is both brand new, and a serious nasty. As well as being a mass mailer like Klez, it acts as a Trojan, AND tries to close down your A-V system and firewall. Full details at http://www.eset.com

    it seem like several of the major vendors, including Symantec, are having problems coping with this one. If you go to http://www.eset.com you can get a cleaning tool which will work. Eset's NOD-32 is (fortunately for me) one of the few A-Vs which are not on its target list.

    If it's not 'Bugbear', you may find the trial version of 'TrojanHunter' useful. Available at http://www.trojanhunter.com.

    Let us know how you get on.

  4. #4
    5 Star Lounger
    Join Date
    Jan 2001
    Location
    Cumberland, Maryland, USA
    Posts
    880
    Thanks
    0
    Thanked 0 Times in 0 Posts

  5. #5
    New Lounger
    Join Date
    Jul 2002
    Posts
    13
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Virus

    I don't have bugbear. I did a virus check and was informed that it wasn't bugbear.
    I have "Trojan.IrcBounce. I downloaded the latest updates for Norton and it couldn't clean up the problem. On the internet I searched for "Trojan.IrcBounce" and the search took me to Symantec. The information within the site said that there was an easy removal for this virus. Unfortunately, nothing happened for me.
    I have at least 6 infected files. Some of them are: "c:winntsystem32abc2.dll (irc/flood.ba); c:winntsystem32adobea.exe (irc/flood.ba.mirc); c:winntsystem32mdm.exc (irc/flood.e); c:documents and settingse_computer@yahoo.ca/local settingsfilescontent.ie5mr2bshcjk2pop[1].htm; temptemporary internet; etc., etc.,

  6. #6
    Uranium Lounger
    Join Date
    Jan 2001
    Location
    Cincinnati, Ohio, USA
    Posts
    7,089
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Virus

    OK - that helps. My guess is that these files are part of the trojan and are thus in use when you try to delete them, which would result in a pause and then an error message. Can you confirm that the error message is "the file is in use" or something to that effect?
    -Mark

  7. #7
    New Lounger
    Join Date
    Jul 2002
    Posts
    13
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Virus

    Yes, that is the error message.

  8. #8
    Uranium Lounger
    Join Date
    Jan 2001
    Location
    Cincinnati, Ohio, USA
    Posts
    7,089
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Virus

    OK. Boot into Safe Mode and attempt to delete the files from there. Also check your startup items (Mike Lin's Startup Control Panel is a good utility to use in Win2000) and disable any untoward items that may be launching the trojan executables. Reboot into normal mode and see if you can clean the trojan out using your AV software from there.

    If that doesn't work, there are other steps to try - but knock this out first and see if you can get anywhere.
    -Mark

  9. #9
    New Lounger
    Join Date
    Jul 2002
    Posts
    13
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Virus

    Some of my infected files are "system" files. Can they be deleted without any major damage to my computer?

  10. #10
    Uranium Lounger
    Join Date
    Jan 2001
    Location
    Cincinnati, Ohio, USA
    Posts
    7,089
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Virus

    Windows File Protection SHOULD replace them - but it also should have prevented them from being altered. I can't speak to the veracity of deleting them; try renaming the extension and see if they are replaced. You can also boot with the CD and run an Emergency Repair.
    -Mark

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •