Welcome to SecurityForumz.com!
FAQFAQ      ProfileProfile    Private MessagesPrivate Messages   Log inLog in

about virus

  
   Security Forums (Home) -> General Discussions RSS
Next:  Netspy trogan  
Author Message
q & y

External


Since: Jun 27, 2003
Posts: 3



(Msg. 1) Posted: Fri Jun 27, 2003 3:12 pm
Post subject: about virus
Archived from groups: alt>comp>virus (more info?)
Hello,
Help me please.

When I browse internet, I often get virus warning messages:
Virus name: W32/Deloder.worm
Infected file: C:\WINNT\system32\Dvldr32.exe
and
Virus name: BackDoor-ARG.dr
Infected file: C:\WINNT\system32\inst.exe

Neither files can be cleaned or deleted. If I select WINNT\system32
directory and run virus scanner, no virus can be found !

What is wrong and what I should do?

my virus scanner is McAfee :
version: VirusScan v4.5.1 SP1
scan engine 4.2.40
virus def. 4.0.4270

my OS is win2k.

Thank you in advance for your help!
regards
Yantz

 >> Stay informed about: about virus 
Back to top
Login to vote
Nick FitzGerald

External


Since: Jul 03, 2003
Posts: 179



(Msg. 2) Posted: Sun Jun 29, 2003 12:33 am
Post subject: Re: about virus [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
"q & y" <q.xiao.RemoveThis@home.nl> wrote:

> Help me please.

Sure...

> When I browse internet, I often get virus warning messages:
> Virus name: W32/Deloder.worm
> Infected file: C:\WINNT\system32\Dvldr32.exe
> and
> Virus name: BackDoor-ARG.dr
> Infected file: C:\WINNT\system32\inst.exe
>
> Neither files can be cleaned or deleted. If I select WINNT\system32
> directory and run virus scanner, no virus can be found !
>
> What is wrong and what I should do?

Boot into safe mode with command prompt, run the command line scanner
and have it scan and disinfect your whole machine.

Restart normally and _before connecting to the Internet_ either disable
file and print sharing, or if you really _must_ leave it enabled, at
least unbind it from any TCP/IP interfaces that connect to the Internet.

If you only have one network interface, say because you have an Ethernet
interface that plugs into a cable or DSL router or mini-hub-cum-router)
and "need" to retain F&PS (because you have another PC and want to share
files/printers across the LAN) then you must enable IPX or NetBEUI (on
both PCs) and bind F&PS to that _only_ (though few, if any, "consumer
market" cable or DSL devices will handle anything but TCP/IP you may
want to make sure that yours doesn't route IPX if you choose that
protocol for your LAN's F&PS).

As protocol and service binding and unbinding is dynamic in Win2K you
may not need to restart after doing all that (although, if you have to
add either of those protocols to your config you may have to restart).
If you do need to restart, do so and test the LAN connections all work
before going back on the Internet. Also check that any other machines
on the LAN that share the Internet connection do not have F&PS bound to
their TCP/IP interfaces. Once you are happy the LAN is all working
fine, try conencting to the Internet -- you should not have any more
problems with those viruses reappearing.

Finally, you should set meaningful passwords on _all_ accounts on your
Win2K machine, as those things initially got to you because you were
exposed to the Internet via F&PS (which we've just fixed) _AND_ because
you have really lame-arse passwords on your admin account(s).


--
Nick FitzGerald

 >> Stay informed about: about virus 
Back to top
Login to vote
Display posts from previous:   
   Security Forums (Home) -> General Discussions All times are: Pacific Time (US & Canada) (change)
Page 1 of 1

 
 You can post new topics in this forum
You can reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



[ Contact us | Terms of Service/Privacy Policy ]