before the pc has flying lessons!!!!

Discussion in 'malware problems & news' started by lutindiable, Jun 3, 2006.

Thread Status:
Not open for further replies.
  1. lutindiable

    lutindiable Registered Member

    Joined:
    Mar 1, 2006
    Posts:
    23
    i got a friend who wanted his pc fixed so i took a look its infected from top to bottom in w32.nimda, the best way is to format it but theres no os disc so its not an option, i tried the symantec nimda removal, it said it removed 1 file but the virus was still there causing problems, avast cant cope it jus wont let you do owt, i never trust norton, i been told to use avg, i just laughed at them, adaware did nowt, spybot either i didnt think it would but hey, i tried x-cleaner, yet aagain i remain outta options, its goin for flyin lessons the hard way soon!!
    all ideas welcome
     
  2. bigc73542

    bigc73542 Retired Moderator

    Joined:
    Sep 21, 2003
    Posts:
    23,873
    Location:
    SW. Oklahoma
  3. vlk

    vlk AV Expert

    Joined:
    Dec 26, 2002
    Posts:
    618
  4. lutindiable

    lutindiable Registered Member

    Joined:
    Mar 1, 2006
    Posts:
    23
    i tried all these patches and programs n not one of them will remove the virus
    it seems to activate a process called net.exe or net1.exe or even both but it did it earlier and it accually hit 100 processes because of this net.exe and net1.exe, i cant use firefox because of the readme.eml it opens 30 firefox windows, i stripped the machine of all the recomended registry keys, i stripped all the temp files, and temp internet files, i cleared the cache, i removed history then did the antivirus again n its cleared it but as soon as you reboot the pc its back
     
  5. divedog

    divedog Registered Member

    Joined:
    Jun 7, 2004
    Posts:
    265
    Location:
    Seabeck WA
    Here is some info about this worm it looks like an old one that affects unpatched systems. There is a removal tool along with some instructions at the bottom of the page. I hope this helps.

    http://www.f-secure.com/v-descs/nimda.shtml
     
  6. nadirah

    nadirah Registered Member

    Joined:
    Oct 14, 2003
    Posts:
    3,647
    A regenerative virus? As soon as you reboot the machine it is back. [FONT=Arial, sans-serif][SIZE=-1][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][COLOR=#000040][FONT=Arial, sans-serif][SIZE=2][COLOR=#000040][FONT=Arial, sans-serif][SIZE=2][COLOR=#000040][FONT=Arial, sans-serif][SIZE=2][COLOR=#000040][FONT=Arial, sans-serif][SIZE=2][COLOR=#000040][FONT=Arial, sans-serif][SIZE=2][COLOR=#000040][FONT=Arial, sans-serif][SIZE=2][COLOR=#000040][FONT=Arial, sans-serif][SIZE=2][COLOR=#000040][FONT=Arial, sans-serif][SIZE=2][COLOR=#000040][FONT=Arial, sans-serif][SIZE=2][COLOR=#000040][FONT=Arial, sans-serif][SIZE=2][COLOR=#000040][FONT=Arial, sans-serif][SIZE=2][COLOR=#000040][FONT=Arial, sans-serif][SIZE=2][COLOR=#000040][FONT=Arial, sans-serif][SIZE=2][COLOR=#000040][FONT=Arial, sans-serif][SIZE=2][COLOR=#000040][FONT=Arial, sans-serif][SIZE=2][COLOR=#000040][FONT=Arial, sans-serif][SIZE=2][COLOR=#000040][FONT=Arial, sans-serif][SIZE=2][COLOR=#000040][FONT=Arial, sans-serif][SIZE=2][COLOR=#000040][FONT=Arial, sans-serif][SIZE=2][COLOR=#000040][FONT=Arial, sans-serif][SIZE=2][COLOR=#000040][FONT=Arial, sans-serif][SIZE=2][COLOR=#000040][FONT=Arial, sans-serif][SIZE=2][COLOR=#000040][FONT=Arial, sans-serif][SIZE=2][COLOR=#000040][FONT=Arial, sans-serif][SIZE=2][COLOR=#000040][FONT=Arial, sans-serif][SIZE=2][COLOR=#000040][FONT=Arial, sans-serif][SIZE=2][COLOR=#000040][FONT=Arial, sans-serif][SIZE=2][COLOR=#000040][FONT=Arial, sans-serif][SIZE=2][COLOR=#000040][/COLOR][/SIZE][/FONT][/COLOR][/SIZE][/FONT][/COLOR][/SIZE][/FONT][/COLOR][/SIZE][/FONT][/COLOR][/SIZE][/FONT][/COLOR][/SIZE][/FONT][/COLOR][/SIZE][/FONT][/COLOR][/SIZE][/FONT][/COLOR][/SIZE][/FONT][/COLOR][/SIZE][/FONT][/COLOR][/SIZE][/FONT][/COLOR][/SIZE][/FONT][/COLOR][/SIZE][/FONT][/COLOR][/SIZE][/FONT][/COLOR][/SIZE][/FONT][/COLOR][/SIZE][/FONT][/COLOR][/SIZE][/FONT][/COLOR][/SIZE][/FONT][/COLOR][/SIZE][/FONT][/COLOR][/SIZE][/FONT][/COLOR][/SIZE][/FONT][/COLOR][/SIZE][/FONT][/COLOR][/SIZE][/FONT][/COLOR][/SIZE][/FONT][/COLOR][/SIZE][/FONT][/COLOR][/SIZE][/FONT][/COLOR][/SIZE][/FONT][/COLOR][/SIZE][/FONT][/COLOR][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/SIZE][/FONT]
    This means that the worm has done something to allow itself to startup each time windows boots up. Which version of windows is your friend's pc running on?
    If its running on Windows ME or Windows XP, there may be a copy of the worm within the system restore files too.
    Nothing can remove the virus at all in the current situation. You've tried using all antivirus programs but to no avail because something keeps restoring the virus back. Note that if the infected computer is running on Windows ME or XP, there is a feature of ME and XP called system restore. You must disable system restore before attempting any disinfection of the infected computer.

    [FONT=Arial, sans-serif][SIZE=-1][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][COLOR=#000040][FONT=Arial, sans-serif][SIZE=2][COLOR=#000040][FONT=Arial, sans-serif][SIZE=2][COLOR=#000040][FONT=Arial, sans-serif][SIZE=2][COLOR=#000040][FONT=Arial, sans-serif][SIZE=2][COLOR=#000040][FONT=Arial, sans-serif][SIZE=2][COLOR=#000040][FONT=Arial, sans-serif][SIZE=2][COLOR=#000040][FONT=Arial, sans-serif][SIZE=2][COLOR=#000040][FONT=Arial, sans-serif][SIZE=2][COLOR=#000040][FONT=Arial, sans-serif][SIZE=2][COLOR=#000040][FONT=Arial, sans-serif][SIZE=2][COLOR=#000040][FONT=Arial, sans-serif][SIZE=2][COLOR=#000040][FONT=Arial, sans-serif][SIZE=2][COLOR=#000040][FONT=Arial, sans-serif][SIZE=2][COLOR=#000040][FONT=Arial, sans-serif][SIZE=2][COLOR=#000040][FONT=Arial, sans-serif][SIZE=2][COLOR=#000040][FONT=Arial, sans-serif][SIZE=2][COLOR=#000040][FONT=Arial, sans-serif][SIZE=2][COLOR=#000040][FONT=Arial, sans-serif][SIZE=2][COLOR=#000040][FONT=Arial, sans-serif][SIZE=2][COLOR=#000040][FONT=Arial, sans-serif][SIZE=2][COLOR=#000040][FONT=Arial, sans-serif][SIZE=2][COLOR=#000040][FONT=Arial, sans-serif][SIZE=2][COLOR=#000040][FONT=Arial, sans-serif][SIZE=2][COLOR=#000040][FONT=Arial, sans-serif][SIZE=2][COLOR=#000040][FONT=Arial, sans-serif][SIZE=2][COLOR=#000040][FONT=Arial, sans-serif][SIZE=2][COLOR=#000040][FONT=Arial, sans-serif][SIZE=2][COLOR=#000040][FONT=Arial, sans-serif][SIZE=2][COLOR=#000040][FONT=Arial, sans-serif][SIZE=2][COLOR=#000040][FONT=Arial, sans-serif][SIZE=2][COLOR=#000040][FONT=Arial, sans-serif][SIZE=2][COLOR=#000040][FONT=Arial, sans-serif][SIZE=2][COLOR=#000040][FONT=Arial, sans-serif][SIZE=2][COLOR=#000040][FONT=Arial, sans-serif][SIZE=2][COLOR=#000040][FONT=Arial, sans-serif][SIZE=2][COLOR=#000040][FONT=Arial, sans-serif][SIZE=2][COLOR=#000040][FONT=Arial, sans-serif][SIZE=2][COLOR=#000040][FONT=Arial, sans-serif][SIZE=2][COLOR=#000040][FONT=Arial, sans-serif][SIZE=2][COLOR=#000040][FONT=Arial, sans-serif][SIZE=2][COLOR=#000040][FONT=Arial, sans-serif][SIZE=2][COLOR=#000040][FONT=Arial, sans-serif][SIZE=2][COLOR=#000040][FONT=Arial, sans-serif][SIZE=2][COLOR=#000040][FONT=Arial, sans-serif][SIZE=2][COLOR=#000040][FONT=Arial, sans-serif][SIZE=2][COLOR=#000040][FONT=Arial, sans-serif][SIZE=2][COLOR=#000040][FONT=Arial, sans-serif][SIZE=2][COLOR=#000040][FONT=Arial, sans-serif][SIZE=2][COLOR=#000040]Locate SYSTEM.INI file in your Windows directory and open it with Wordpad or Notepad. Replace the string "shell=explorer.exe load.exe -donotloadold" with "shell=explorer.exe" string. This should prevent the virus from starting up with windows.[/COLOR][/SIZE][/FONT][/COLOR][/SIZE][/FONT][/COLOR][/SIZE][/FONT][/COLOR][/SIZE][/FONT][/COLOR][/SIZE][/FONT][/COLOR][/SIZE][/FONT][/COLOR][/SIZE][/FONT][/COLOR][/SIZE][/FONT][/COLOR][/SIZE][/FONT][/COLOR][/SIZE][/FONT][/COLOR][/SIZE][/FONT][/COLOR][/SIZE][/FONT][/COLOR][/SIZE][/FONT][/COLOR][/SIZE][/FONT][/COLOR][/SIZE][/FONT][/COLOR][/SIZE][/FONT][/COLOR][/SIZE][/FONT][/COLOR][/SIZE][/FONT][/COLOR][/SIZE][/FONT][/COLOR][/SIZE][/FONT][/COLOR][/SIZE][/FONT][/COLOR][/SIZE][/FONT][/COLOR][/SIZE][/FONT][/COLOR][/SIZE][/FONT][/COLOR][/SIZE][/FONT][/COLOR][/SIZE][/FONT][/COLOR][/SIZE][/FONT][/COLOR][/SIZE][/FONT][/COLOR][/SIZE][/FONT][/COLOR][/SIZE][/FONT][/COLOR][/SIZE][/FONT][/COLOR][/SIZE][/FONT][/COLOR][/SIZE][/FONT][/COLOR][/SIZE][/FONT][/COLOR][/SIZE][/FONT][/COLOR][/SIZE][/FONT][/COLOR][/SIZE][/FONT][/COLOR][/SIZE][/FONT][/COLOR][/SIZE][/FONT][/COLOR][/SIZE][/FONT][/COLOR][/SIZE][/FONT][/COLOR][/SIZE][/FONT][/COLOR][/SIZE][/FONT][/COLOR][/SIZE][/FONT][/COLOR][/SIZE][/FONT][/COLOR][/SIZE][/FONT][/COLOR][/SIZE][/FONT][/COLOR][/SIZE][/FONT][/COLOR][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/SIZE][/FONT]

    [FONT=Arial, sans-serif][SIZE=-1][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][COLOR=#000040][FONT=Arial, sans-serif][SIZE=2][COLOR=#000040][FONT=Arial, sans-serif][SIZE=2][COLOR=#000040][FONT=Arial, sans-serif][SIZE=2][COLOR=#000040][FONT=Arial, sans-serif][SIZE=2][COLOR=#000040][FONT=Arial, sans-serif][SIZE=2][COLOR=#000040][FONT=Arial, sans-serif][SIZE=2][COLOR=#000040][FONT=Arial, sans-serif][SIZE=2][COLOR=#000040][FONT=Arial, sans-serif][SIZE=2][COLOR=#000040][FONT=Arial, sans-serif][SIZE=2][COLOR=#000040][FONT=Arial, sans-serif][SIZE=2][COLOR=#000040][FONT=Arial, sans-serif][SIZE=2][COLOR=#000040][FONT=Arial, sans-serif][SIZE=2][COLOR=#000040][FONT=Arial, sans-serif][SIZE=2][COLOR=#000040][FONT=Arial, sans-serif][SIZE=2][COLOR=#000040][FONT=Arial, sans-serif][SIZE=2][COLOR=#000040][FONT=Arial, sans-serif][SIZE=2][COLOR=#000040][FONT=Arial, sans-serif][SIZE=2][COLOR=#000040][FONT=Arial, sans-serif][SIZE=2][COLOR=#000040][FONT=Arial, sans-serif][SIZE=2][COLOR=#000040][FONT=Arial, sans-serif][SIZE=2][COLOR=#000040][FONT=Arial, sans-serif][SIZE=2][COLOR=#000040][FONT=Arial, sans-serif][SIZE=2][COLOR=#000040][FONT=Arial, sans-serif][SIZE=2][COLOR=#000040][FONT=Arial, sans-serif][SIZE=2][COLOR=#000040][FONT=Arial, sans-serif][SIZE=2][COLOR=#000040][FONT=Arial, sans-serif][SIZE=2][COLOR=#000040][/COLOR][/SIZE][/FONT][/COLOR][/SIZE][/FONT][/COLOR][/SIZE][/FONT][/COLOR][/SIZE][/FONT][/COLOR][/SIZE][/FONT][/COLOR][/SIZE][/FONT][/COLOR][/SIZE][/FONT][/COLOR][/SIZE][/FONT][/COLOR][/SIZE][/FONT][/COLOR][/SIZE][/FONT][/COLOR][/SIZE][/FONT][/COLOR][/SIZE][/FONT][/COLOR][/SIZE][/FONT][/COLOR][/SIZE][/FONT][/COLOR][/SIZE][/FONT][/COLOR][/SIZE][/FONT][/COLOR][/SIZE][/FONT][/COLOR][/SIZE][/FONT][/COLOR][/SIZE][/FONT][/COLOR][/SIZE][/FONT][/COLOR][/SIZE][/FONT][/COLOR][/SIZE][/FONT][/COLOR][/SIZE][/FONT][/COLOR][/SIZE][/FONT][/COLOR][/SIZE][/FONT][/COLOR][/SIZE][/FONT][/COLOR][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/SIZE][/FONT]
     
  7. lutindiable

    lutindiable Registered Member

    Joined:
    Mar 1, 2006
    Posts:
    23
    i forgot all about system restore hahaha, ill have to remove the virus again, or throw the pc off the 9th floor n tell him i slipped n he now requires a new pc lol, cheers to all who helped your advice did the trick
     
Loading...
Thread Status:
Not open for further replies.