Results 1 to 5 of 5

Thread: Virus Alert

  1. #1
    2 Star Lounger
    Join Date
    Jan 2001
    Location
    Hidden Hills, CA, USA
    Posts
    117
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Virus Alert

    Kids picked up a virus on the net. Nasty thing -- disabled most of SYSTEM32 stuff including my anti-virus program (AVG), and System Restore. Found it as Cocuments and SettingsAll UsersStart MenuProgramsStartupWINOCK32.EXE. It couldn't be deleted, CUT, or renamed. Dug down through DOS and deleted the program, but the effects remained. Then tried System Restore initialized from the several places it should work. Nothing.
    Next time restarting with SAFE MODE. "..dialog box offers two useful buttons. Yes proceeds with the startup process, taking you to the Windows Desktop. Clicking No takes you directly to the System Restore screen." (excerpted from "Windows XP Pro, Second Edition). There was a restore date that made it all well. Huzza!
    Thought I would pass it along.
    Andy

  2. #2
    Plutonium Lounger
    Join Date
    Oct 2001
    Location
    Lexington, Kentucky, USA
    Posts
    12,107
    Thanks
    0
    Thanked 1 Time in 1 Post

    Re: Virus Alert

    Do you mind a followup question, Andy? I don't know if I'm alone in "the dark" on this one, but I searched The Lounge, Google, Answers That Work and Trend Micro looking for WINOCK32 and couldn't find anything. Where did you learn that this file was the culprit or did you just conclude so, based on the similarity to WINSOCK?

  3. #3
    2 Star Lounger
    Join Date
    Jan 2001
    Location
    Hidden Hills, CA, USA
    Posts
    117
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Virus Alert

    My apologies to all. My typing is ok but my handwriting is bad. The file that AVG found before it crashed was WINOCX32.EXE. At the time AVG couldn't remove or quarantine it. Hence the problems reported above. <img src=/S/confused3.gif border=0 alt=confused3 width=45 height=45>

  4. #4
    5 Star Lounger
    Join Date
    May 2002
    Location
    43.8N 81.0W, Ontario
    Posts
    815
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Virus Alert

    A search on "WINOCX32.EXE" gets lots of hits, including Redzip.com mentioned in my previous post.
    It is installed by a worm called Win32.Protoride.* where the * varies according to the reporting entity.
    You can find more info HERE and info and removal instructions HERE.

    Have a Great day!!!
    Ken
    <IMG SRC=http://www.wopr.com/w3tuserpics/KenK_sig.gif>

  5. #5
    5 Star Lounger
    Join Date
    May 2002
    Location
    43.8N 81.0W, Ontario
    Posts
    815
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Virus Alert

    WebFerret found these references:
    redzip.com I'm not going here as I don't know if I might pick up a "drive-by"

    Edited to remove reference to a forum that contained some questionable graphics. The forum identified the file as a "trojan".
    I have gone to Redzip.com and, after a brief browse, it seems to me to be a legitimate websitebut I have removed the link.
    See my second post below for more info.
    My sincere apologies if my forum link caused anyone embarrasment.
    Ken


    Have a Great day!!!
    Ken
    <IMG SRC=http://www.wopr.com/w3tuserpics/KenK_sig.gif>

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •