- Community Home
- >
- Servers and Operating Systems
- >
- Legacy
- >
- Internet Products
- >
- Re: overrun with virus and no internet access... h...
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Forums
Discussions
Discussions
Discussions
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-12-2004 04:31 AM
06-12-2004 04:31 AM
overrun with virus and no internet access... help?
so, i was able to get online yesterday night and run mcafee's online free virus scan, and found out that i have the following viruses/worms:
Downloader-KL
Downloader-JU
JS/IEstart.gen.d
JS/Noclose.gen
VBS/Psyme
VBS/Alphx.worm
Keylog/Briss
also, i'm getting a looong stream of messages from zonealarm about how webrebates.exe is trying to setup a server which is, you know, vaguely disturbing.
since then, because i'm on a school server for internet, it's completely shut me out, so now even if i do happen to clean out my system, i won't be able to get online. so, you know, all online fixes are completely out of the question, and i've only got diskettes to transfer fixes.
messed up, non? if ANYONE can help me with this, i will buy them a great many chocolates.
thanks,
noiie.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-12-2004 05:49 AM
06-12-2004 05:49 AM
Re: overrun with virus and no internet access... help?
You could have cleaned the Viruses when you could scan them. However, before doing anything set a Restore Point.
Go to Start>Run>Accessories>System Tools>System Restore. Give the New Restore Point a Name that will remind you of what this Restore Point is about.
For JS/IEstart.gen.d and JS/Noclose.gen, do the following:
Description:
This registry script modifies the Internet Explorer home page and the search page.
Solution:
Removing Autostart Entries from the Registry
Removing autostart entries from the registry prevents the malware from executing during startup.
1. Open Registry Editor. To do this, click Start>Run, type REGEDIT, then press Enter.
2. In the left panel, double-click the following:
HKEY_LOCAL_MACHINE>Software>Microsoft>
Windows>CurrentVersion>Run
3. In the right panel, locate and delete the entry:
OPQFile
Removing Other Malware Entries from the Registry
This malware modifies the registry to change the start and search pages of the Internet Explorer browser. Depending on the version of this malware, some registry entries may not exist in the Registry Editor.
1. Still in Registry Editor, in the left panel, double-click the following:
2.HKEY_CURRENT_USER>Software>Microsoft>Internet Explorer In the right panel, delete the entry:
SearchURL
3.In the left panel, double-click the following:
HKEY_CURRENT_USER>Software>Microsoft>Internet Explorer>Main
4.In the right panel, delete the entries:
Default_Search_URL
Search Bar
SearchURL
Search Page
5.In the left panel, double-click the following:
HKEY_CURRENT_USER>Software>Microsoft>Internet Explorer>Search
6.In the right panel, delete the entries:
SearchAssistant
CustomizeSearch
7.In the left panel, double-click the following:
HKEY_LOCAL_MACHINE>Software>Microsoft>Internet Explorer>Search
8.In the right panel, delete the entries:
Search Assistant
CustomizeSearch
Search Page
Search Bar
Search URL
9.Close Registry Editor
Resetting Internet Explorer Homepage and Search Page
This procedure restores the Internet Explorer home page and search page to the default settings.
1.Close all Internet Explorer windows.
2.Open Control Panel. Click Start>Settings>Control Panel
3.Double-click the Internet Options icon.
4.In the Internet Properties window, click the Programs tab.
5.Click the â Reset Web Settingsâ ¦â button.
6.Select â Also reset my home page.â Click Yes.
7.Click OK.
For VBS/Psyme :
Kill these running processes with Task Manager:
1.exe
Remove these files if present:
1.exe
5.htm
5a.htm
error.jsp
gift-with-headers.html
ie-mediaplayer execute.htm
Both Files and Directories may be found and removed using Windows Explorer:
Right-click on the Start button (lower left of your screen).
Choose Explore.
Locate the file or directory of interest and highlight it.
Right-click to invoke the popup menu, and choose Delete.
For VBS/Alphx.worm manual removal:
Manual Removal Instructions
Apply the MS03-040 patch
Delete the following registry keys (Information on deleting registry keys )
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\
CurrentVersion\Run "Antivirus"
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main "Start Page"
Restart the computer
Delete the files (if present)
c:\a.exe
c:\av.ex
%WinDir%\av.exe
%WinDir%\b.exe
As far as Keylog/Briss, Upon execution, the trojan modifies the registry to automatically load itself into memory at the next startup.
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
"systray" = C:\test\A.EXE
You will need to run an Anti-Virus and clean the rest..there isn't manual removal for all viruses.
http://housecall.trendmicro.com/housecall/start_corp.asp
SpySweeper will remove more stuff including keyloggers:
http://www.spysweeper.com/download.html
Hope this help and consider ass
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-12-2004 05:51 AM
06-12-2004 05:51 AM
Re: overrun with virus and no internet access... help?
also, i'm getting a looong stream of messages from zonealarm about how webrebates.exe is trying to setup a server which is, you know, vaguely disturbing.
Tell ZoneAlram NO and it'll block it.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-13-2004 03:05 AM
06-13-2004 03:05 AM
Re: overrun with virus and no internet access... help?
Webrebates.exe is typically a file that is associated with a Spyware application. This isn't technically a virus, however it can be just as annoying!
Adaware calls this particular file (webrebates.exe) a TopMoxie object.
In any case, you should run a Spyware removal program on this PC, to clean off these programs. Both Adaware and Spybot are excellent FREE utilities that you can use to clean the Spyware off your PC.
Spybot
http://www.safer-networking.org/
Adaware
http://www.lavasoftusa.com/
Tim
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-13-2004 11:04 AM
06-13-2004 11:04 AM
Re: overrun with virus and no internet access... help?
On a friend's computer go to:
http://www.majorgeeks.com/downloads31.html
and get CWShredder and HijackThis unzip them (if they end in .zip) with Winzip -you can get a demo version at http://www.winzip.com and put them on a floppy (they will both fit on floppies) and install them on your PC.
First close all windows, right click on the Explorer Icon on your desktop and select Properties then select Delete Cookies and tell it OK. When that finishes hit Delete Files (check the box in front of Delete Off-line Content and tell it OK). This one can take a while to finish be patient. Close the properties window and any other programs y0u have running.
Now run the CWShredder and let it Fix your system. (If you are not infected with Cool Web Search it won't hurt anything.) If it asks you if a file name is random, write down the file name and tell it NO then ask us. You can always run the program again and say Yes if need be.
Now run Hijack This, click on Scan and copy the output to a floppy and have your frined post it here and we will tell you which ones to check so that HiJackThis can remove them.
Ron