Welcome to SecurityForumz.com!
FAQFAQ    SearchSearch      ProfileProfile    Private MessagesPrivate Messages   Log inLog in

about virus

  
   Security Forums (Home) -> General Discussions RSS
Next:  Netspy trogan  
Author Message
q & y

External


Since: Jun 27, 2003
Posts: 3



(Msg. 1) Posted: Fri Jun 27, 2003 3:12 pm
Post subject: about virus
Archived from groups: alt>comp>virus (more info?)
Hello,
Help me please.

When I browse internet, I often get virus warning messages:
Virus name: W32/Deloder.worm
Infected file: C:\WINNT\system32\Dvldr32.exe
and
Virus name: BackDoor-ARG.dr
Infected file: C:\WINNT\system32\inst.exe

Neither files can be cleaned or deleted. If I select WINNT\system32
directory and run virus scanner, no virus can be found !

What is wrong and what I should do?

my virus scanner is McAfee :
version: VirusScan v4.5.1 SP1
scan engine 4.2.40
virus def. 4.0.4270

my OS is win2k.

Thank you in advance for your help!
regards
Yantz

 >> Stay informed about: about virus 
Back to top
Login to vote
Nick FitzGerald

External


Since: Jul 03, 2003
Posts: 179



(Msg. 2) Posted: Sun Jun 29, 2003 12:33 am
Post subject: Re: about virus [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
"q & y" wrote:

> Help me please.

Sure...

> When I browse internet, I often get virus warning messages:
> Virus name: W32/Deloder.worm
> Infected file: C:\WINNT\system32\Dvldr32.exe
> and
> Virus name: BackDoor-ARG.dr
> Infected file: C:\WINNT\system32\inst.exe
>
> Neither files can be cleaned or deleted. If I select WINNT\system32
> directory and run virus scanner, no virus can be found !
>
> What is wrong and what I should do?

Boot into safe mode with command prompt, run the command line scanner
and have it scan and disinfect your whole machine.

Restart normally and _before connecting to the Internet_ either disable
file and print sharing, or if you really _must_ leave it enabled, at
least unbind it from any TCP/IP interfaces that connect to the Internet.

If you only have one network interface, say because you have an Ethernet
interface that plugs into a cable or DSL router or mini-hub-cum-router)
and "need" to retain F&PS (because you have another PC and want to share
files/printers across the LAN) then you must enable IPX or NetBEUI (on
both PCs) and bind F&PS to that _only_ (though few, if any, "consumer
market" cable or DSL devices will handle anything but TCP/IP you may
want to make sure that yours doesn't route IPX if you choose that
protocol for your LAN's F&PS).

As protocol and service binding and unbinding is dynamic in Win2K you
may not need to restart after doing all that (although, if you have to
add either of those protocols to your config you may have to restart).
If you do need to restart, do so and test the LAN connections all work
before going back on the Internet. Also check that any other machines
on the LAN that share the Internet connection do not have F&PS bound to
their TCP/IP interfaces. Once you are happy the LAN is all working
fine, try conencting to the Internet -- you should not have any more
problems with those viruses reappearing.

Finally, you should set meaningful passwords on _all_ accounts on your
Win2K machine, as those things initially got to you because you were
exposed to the Internet via F&PS (which we've just fixed) _AND_ because
you have really lame-arse passwords on your admin account(s).


--
Nick FitzGerald

 >> Stay informed about: about virus 
Back to top
Login to vote
Display posts from previous:   
Related Topics:
Why the PC Virus cannot attack my XP? I am the administrat.. - The answer is: I know the Virus better than you smart asses who give bogus reasons blaming the users for your ignorance, I went to the core blocking the entries of the Virus's. Like I told you, Microsoft Windows is the one allowing the Virus to come in...

Mail Anti-Virus,alt.comp.virus - My AV application: Kaspersky Anti-Virus (6.0.2.6210) According to http://www.oehelp.com/OETips.aspx#3 e-mail scanning does not provide any additional protection. Would it be safe/advisable to disable the Mail Anti-Virus function?

List of the Virus makers's IP, there is one Virus maker in.. - IP's to block: 208.100.132.167 208.100.170.5 208.100.244.206 67.215.12.210 Or you can create your own block list from this registry, this is for IE 6.0, XP SP2 Windows Registry Editor Version 5.00..

Have I a virus? - Avery now and then, randomly, no pattern a loud duck quack sounds from my computer. I have no WAV file ion my system for this and have searched evrywhere for something that would explain it. I have SPY BOT and AD-ware installed. n uptodate virus cvheck....

Is this a virus? - 'I keep on getting an e-mail with the subject "Love Nest Is Temp Out". It suggests that I have been trying to get in touch. Also I am getting the same message with a message that the ISP will keep trying to connect to address that sent the mes...
   Security Forums (Home) -> General Discussions All times are: Pacific Time (US & Canada)
Page 1 of 1

 
 You can post new topics in this forum
You can reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



[ Contact us | Terms of Service/Privacy Policy ]