JS.CASSANDRA

Discussion in 'malware problems & news' started by Mua-Kell, Mar 26, 2004.

Thread Status:
Not open for further replies.
  1. Mua-Kell

    Mua-Kell Registered Member

    Joined:
    Jun 30, 2003
    Posts:
    54
    Location:
    Vancouver WA USA
    Greetings.I accidently downloaded a trojan/worm?called JS.Cassandra.The cleaner removed it from my system yet AVG anti-virus still detects it in D:\_RESTORE\TEMP\A0021934.CPY .I cannot delete or remove this file as it is sys restore(of course!).Cannot use sys restore or undo sys restore.Do I need to revert to WIN 98 SE and reinstall ME or F-disc?Something less radical hopefully.Using WIN ME.Stupid me firewall was disabled.AVG detected it immedeately tho. :) Thanks you guys are the best if anyone can do it you can.I havent been beaten by a BUG YET!!!Also I keep deleting a file in Windows called TEMP,it keeps coming back!
     
  2. puff-m-d

    puff-m-d Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    4,451
    Location:
    North Carolina, USA
    Hi Mua-Kell,

    Welcome to Wilders!!!

    Have you tried this:

    To clean out your System Restore, do the following:

    Turn OFF System Restore.
    1. On the Desktop, right-click My Computer.
    2. Click Properties.
    3. Click the System Restore tab.
    4. Check the box beside "Turn off System Restore".
    5. Click Apply, and then click OK.
    6. Restart the computer. (You must restart your computer to clear the old Restore Points)

    To Turn System Restore back ON.
    1. Follow the above Steps 1 to 3
    2. UNcheck the box beside "Turn off System Restore".
    3. Click Apply, and then click OK.
    4. Restart your computer.
    5. Then CREATE a new restore point.

    HTH....

    Regards,
    Kent
     
  3. Mua-Kell

    Mua-Kell Registered Member

    Joined:
    Jun 30, 2003
    Posts:
    54
    Location:
    Vancouver WA USA
    Will try and thx!
     
  4. Mua-Kell

    Mua-Kell Registered Member

    Joined:
    Jun 30, 2003
    Posts:
    54
    Location:
    Vancouver WA USA
    Nope it wont let me do that either.I click apply and nothing happens.This is a nasty one!
     
  5. puff-m-d

    puff-m-d Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    4,451
    Location:
    North Carolina, USA
    Hi Mua-Kell,

    Go HERE and follow the instructions.

    Regards,
    Kent

    Edit to fix link : kent
     
  6. subratam

    subratam Registered Member

    Joined:
    Nov 14, 2003
    Posts:
    1,310
    Location:
    Issaquah, WA
  7. Mua-Kell

    Mua-Kell Registered Member

    Joined:
    Jun 30, 2003
    Posts:
    54
    Location:
    Vancouver WA USA
    Trying Subratams solution.The link on Puffs post could not be displayed.
     
  8. puff-m-d

    puff-m-d Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    4,451
    Location:
    North Carolina, USA
    :rolleyes: I fixed the link :cool: .....
     
  9. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    Please stick to Pufss advice - that way we are most probably able to help you out not only for now, but on the long term as well ;).

    regards.

    paul
     
  10. Mua-Kell

    Mua-Kell Registered Member

    Joined:
    Jun 30, 2003
    Posts:
    54
    Location:
    Vancouver WA USA
    Apparently the virus scan deleted the file I'll scan with AVG and report back :)
     
  11. Mua-Kell

    Mua-Kell Registered Member

    Joined:
    Jun 30, 2003
    Posts:
    54
    Location:
    Vancouver WA USA
    I have adaware and Spybot:),Have used Hijack this will proceed.THX
     
  12. subratam

    subratam Registered Member

    Joined:
    Nov 14, 2003
    Posts:
    1,310
    Location:
    Issaquah, WA
    Nice to see and hear that the scan caught it. Do post the hijacklog as adviced as that would make experts get rid off any evil left off(if any).

    Good day :)
     
  13. Mua-Kell

    Mua-Kell Registered Member

    Joined:
    Jun 30, 2003
    Posts:
    54
    Location:
    Vancouver WA USA
    CLEAN! Thanks people.It was nasty but nowhere near as bad as condusive flexpacks,wild tangent or N-case.The moral of the story is never ever attempt to view photos of Jeri Ryan in a bikini while your firewall is disabled! :D
     
  14. Mua-Kell

    Mua-Kell Registered Member

    Joined:
    Jun 30, 2003
    Posts:
    54
    Location:
    Vancouver WA USA
    Log-file of hilack this after on-line virus scan caught and deleted JS.CASSANDRA,a small downloader trojan that infected my system restore and could not be cleaned or deleted manually.
     
  15. ?2xredd

    ?2xredd Guest

    try reamoving it in safe mode using the cleaner
     
Thread Status:
Not open for further replies.