0
oldnewbie

Computer experts:virus help

By oldnewbie, in The Bonfire

Recommended Posts

oldnewbie    0

oldnewbie
:(:( Ok, my norton antivirus caught a virus in my computer. Its a backdoor.coreflood virus. I looked it up on the norton website, and it explains how to get rid of it. I'm following those directions. Now the problem!!!:S:S

If quarantined the virus, however it could not clean the virus according to the antivirus program. This is the second time it has detected this virus. Yesterday was the first day. I deleted it yesterday, but i didn't go into the *regedit* and delete the added line!!! I assume that is why it is back.

I have gone into *regedit* and found the added line. The line reads something like this *\windows\system32\xxxxxx.exe*. According to norton, this is the line the must be deleted. I guess the *exe* file keeps the virus going. Hence the next question!!!:o:o

Do i delete just the *xxxxxx.exe* or the *windows\system32\xxxxxx.exe* and anything else in that window??

Can anybody help with this??? Or any advice other than *take it in*, since that does cost money!!!lol

Thanks in advance!!

Share this post

Link to post
Share on other sites

CrazyIvan    0

CrazyIvan
Quote

Thanks for the reply CrazyIvan!! Then registry entry would be what??? I know what the *exe* file is but i'm not sure what the entry is. The *exe* file is listed under *data* in the regedit, is the entry listed under the *name and type*?? Thanks again



The registry entry is the one you find when opening REGEDIT, the other entry is just the location of the EXE, you must delete both.
__________________________________________
Blue Skies and May the Force be with you.

Share this post

Link to post
Share on other sites

Casch    0

Casch
I actually just had to deal with a similar virus, a worm called W32.Supova.worm where the *.exe file was a random named file placed in my system32 folder, and it created hundreds of 40kb files named after popular software titles so that people would download it through Kazaa and thus spread the virus.

I ran Norton to find and quarentine all the *.exe's that were spread around my harddrive with random names. Then after I quarantined them, I deleted them. You will most likely not be able to clean the quarantined files, and in my case, there was no need because they became their own files, they did not take over my own files.

In order to delete the regestry key type regedit in the run box.

Follow the directions to the key that are posted on symantecs website. Most likely it will be something like

HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSON\RUN

because any key that is placed into that folder will tell your computer to run that specific program at startup.

Now look through the window on the right side of the Registry Editor and there is a list of "Strings". You probably have one called "RDLL" and under data it says "RunDll16.exe" That's a good one....leave it alone :P but find the one that points to the infected *.exe file.

Right Click on it, and hit delete. Then exit the registry and MAKE SURE!!! that you've not only quarantined the virus, but deleted it. If Norton can't clean it, you don't want it. Then REBOOT. And all SHOULD be well.

Share this post

Link to post
Share on other sites

oldnewbie    0

oldnewbie
Thanks for the help!!!:)
Its seems like this has solved the problem with the virus. I've shut down the computer several times, and run the norton , and it no longer picks up the viruses. Hopefully it won't appear again!!

FYI It seems like I picked this virus up when I actually purchased a game, and tried loading it. I read the instructions (the first time ever) and it said to shut down any firewall, so i did, and to also shut down any other programs. I shut down my DSL, so I thought. I found out later that you actually have to go and click *exit* to shut it down. While installing this, i went out (friday night and all) and when i came back, i realized that i had left the computer on, with the DSL still running, and the firewall (norton internet security) turned off. Well, the next day i had a virus. I'm sure there is a lesson to learn from this.

For some reason, the norton internet security flags down about 10 trojan horses trying to get into my computer every day. I should have known not to leave the dsl connected at all. Either this, or I've been downloading (my nephew of course, i'll blame it on him) lots of programs from kazaalite. Now if i only knew how to report those addresses, or hack them myself!!

Thanks again!!:)

Share this post

Link to post
Share on other sites

oldnewbie    0

oldnewbie
Does anybody know if there has been a problem with this website today??? I've tried to get for example mouths profile, and i didn't get a profile, but a CGI error, which said *connection error:too many connections!!! it had all kinds of info on mouth, and myself actually, including my password!!

i've had several other problems, minor, but problems non the less!! This virus i got, according to norton, the hacker somehow can *deny access* to different places, and things like that!!!

I hope it was just a server/website problem, but i don't know!!

Thanks again

Share this post

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
0
Go To Topic Listing