| User | Post |
KsoftFusion
Posts: 62/71 |
I fixed it a few days ago. Those .COM files were officially dummy files that did nothing. I had to go into safe mode and turn on system file viewing to delete them. Rescanned and got nothing. |
Sukasa
Posts: 850/1981 |
Oh, and those methods will both have a good chance of working, I've had to use them both a couple of times. Unrestricted access is a plus, definitely. The only thing is, be careful NOT TO LET THE VIRUSES BEGIN EXECUTION!!!!!
That happened to me.. Damn I hated having to deal with that. The problem was, when I tried to delete the virus, it executed before it was deleted, and infected my system. thank god for system restore. |
HyperLamer
Posts: 4929/8210 |
If you have another computer (or even another OS), yes, that's definetely a good way to do it. Some viruses like to nest in the boot sector or OS kernel. Just make sure you don't accidentally infect that OS too.  (Plus, since your OS wouldn't be running off that drive, you would have unrestricted access; the system won't be hiding files or not letting you tinker with it.) |
Sukasa
Posts: 846/1981 |
And if this helps, try removing the hard drive, and running it on another computer. I've found that normally the viruses add something to the startup sequence, but if the drive is accessed by another computer, the viruses remain dormant. You could also try running msconfig.exe, then going to the startup tab. |
HyperLamer
Posts: 4917/8210 |
AVG has always worked for me. Also, make sure you delete all those .COMs and scan again, because no doubt running them will re-infect you. |
Tanookirby
Posts: 61/509 |
Have you ever considered using Norton Antivirus? It's a good program to use to scan for viruses. |
KsoftFusion
Posts: 58/71 |
Crap. Reformat the drive? I'd have to back up 100 GB of data!!!
I just noticed that I can't see my SYSTEM32 directory any more. Viewing hidden files and folders is on, but it's not there.
I run NTFS, BTW.
EDIT: I found out I can get to the SYSTEM32 directory using the command prompt. It just won't appear in Explorer.
EDIT2: I just found out this virus was dropped into a file as C:\XZ.exe by "Win32.Alcan.B". Im going to try removing it.
EDIT3: I got rid of the virus by deleting C:\Program Files\Winupdate. It's the Win32.Alcan.B virus. I'm not getting the virus alerts any more, but one of the symptoms of the virus is that it creates fake .com files in SYSTEM32 that keep me from running those apps unless I type the full path (typing regedit in run would open regedit.com, which is fake, so I must type C:\windows\regedit.exe) I went into command prompt and tried deleting the COM files, but it claims they do not exist. Also, I still can't see my SYSTEM32 directory. |
FreeDOS
Posts: 1480/1657 |
They're non-existent you say? It could be hidding... and that's basically what a rootkit is. They're very hard to remove without formatting the hard disk.
You can run ClamAV from SystemRescueCd. Tell me what filesystem you use on your computer and I'll go through checking your system for you. |
KsoftFusion
Posts: 57/71 |
Sure, that'd be great, but apparently this virus has over 4000 variants, and each one uses a different name. I don't know what files could be if I don't know which variant it is (all the variants have the same name in virus databases) |
ExKay
Posts: 736/1114 |
Start you computer in safe mode, make a virus check and remove all files related to this virus, then check again and restart in normal mode.  |
KsoftFusion
Posts: 56/71 |
Whenever I boot up Windows, I get a message from my virus scanner that C:\XZ.EXE was infected with "W32/Sdbot.worm.gen.h". It comes up every time I start the computer-- seeming to make the file again and again on every boot. I looked it up, but it's hard to find info to remove it. McAfee says it makes two registry keys:
# HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\
CurrentVersion\Run "Services Host" = scchost.exe
# HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\
CurrentVersion\RunServices "Services Host" = scchost.exe
But they are not there. It also says it will copy itself to the Startup folder in the start menu, but it's not there. I don't know what to do, help!! |
