W32.Randex Persistent Problem.

My antivirus system is Norton 2002. Since yesterday I have been getting frequent announcements that I have virus W32.Randex in C:\WINNT\System32\msgfix.exe, and that Norton full scancan not fix the file. I ran Norton several times to no avail. Then I contatcted Symantec online support, and according to their instructions ran it in Safe Mode, also nothing happened. As per the online support I went through the Registry, only to find that the things they tell to delete were simply not there. Could any one advise what to do? Could this be a false alarm? I should note that the Symantec site is not very helpful in offering a way to put this question to them directly.
Thanks in advance.

 

WEll, I have more of the things suggested and run them quite regularly. A systematic step-by- step execution, especially of the first link, would take at least a couple of hours as I can see, I might do that tomorrow. I wonder if I should post a log at HiJackThis right away, what do you think?

 

While I have been trying the various approaches advised/ with no success/, the warning messages that I have the worm have stopped. Could this mean it has somehow disappeared?

 

Re: W32.Randex-ADDITIONAL expalanation needed.

I think there is a contradiction between the advice of https://www.wilderssecurity.com/showthread.php?t=50662
andhttp://www.claymania.com/removal-trojan-adware.html
The first link says:
"NOTE: do NOT install an additional Anti-virus or Anti-Trojan software program if you currently have one, as this may cause further problems.",
while the secomd one suggests quite a few such downloads. For instance, I have Norton Antivirus, would adding a McAfee tool be safe?
I would be very grateful for explanations.

 

In that case, thank you, I will proceed and inform. Running all this 3 times in safe mode will surely take a bit of time....

 

Sic Transit Gloria Mundi....
Just running the Stinger/ which pronounced everything O.K/ took almost 2 hours. The comprehensive package, in Safe Mode at that, would take much more time than I can afford, I am afarid. Could you pinpoint the most vital operations Sorry if the question sounds stupid...
p.s. I am almost certain I got the worm through playing FIFA games. let people be warned.

 

The problem is, I more or less make a living online, through the medium of this very PC...
Anyway, all of these: AdAware,Spybot, rerun of Norton, AND Panda online scan have issued a clean bill of health, and this is the maximum I can afford time wise.
Could we assume that the rascal has somehow been destroyed, or commited suicide??As I mentioned earlier, the warning messages have stopped. Amen.

 

Thanks for your extremely comprehensive advice. Will do the postings ASAP, and keep you informed.

 

Hello, HERE is a link to removal instructions for W32.Randex.
Pay particular attention to the bottom of the page with the registry fixes.

Just advice but Mcafee Stinger only detects a set number of specific viruses (info HERE ) if you know the name of the virus and it’s not on the Mcafee Stinger list, don’t bother.


Basic instructions for removing Trojans, stubborn viruses etc;

1. Update windows and security software.

2. Disable system restore.

3. Boot into safe mode.

4. Run security apps (Anti; virus, Trojan, Spyware etc.)

5. Delete any problems.

6. Boot normally.

It should then be clean if not;

Extended options,

1. If you know the name of the virus, Trojan etc, research on web for removal advice.

2. If the infected file has been identified, try to delete it manually. (Check the file name first, makes sure it’s not a legitimate file.)

3. Perform on line AV scan with a different AV to the 1 you regularly use.

4. Make a note of the running processes from task manager, research any that are not familiar. (Look very carefully, some are almost identical to the real processes, e.g.; Iexplore, lexplore. the latter is an L.)

5. Look in the windows Event viewer for errors, it can point to the area/file that is having problems.

6. Scan with HiJackThis, post log file at forum that does analysis.

7. Perform System file check. (Windows CD > CDROM drive, click start > run, type in CMD, when window opens type in "sfc /scannow will replace any changed/damaged system files with a clean copy.)

 

I am becoming popular...

 

Hi, you make valid points, although the chance of needing Winsock is very low, the basic instructions I posted are almost the same as those recommended by the leading AV companies.

If the infection has been identified, and Mcafee stinger does not have it in its data base why recommend the use of it?

mcafee stinger is a very good utility if it covers the problem you have, although ive found it to be quite slow, and a poor first choice considering its limited data base.

The general cleaning post is very good, and goes into a fair bit of detail, but it has flaws; very time consuming, alot of infected systems can have trouble downloading the needed software, download limits for those on restricted connections, conflicts with software on the system etc.

The majority of viruses/Trojans etc can be addressed directly, with a specific fix for the threat in a mater of minutes, which also gives the user some knowledge/education for future problems.

The first rule of IT security is to identify the problem if possible, and use the tools required, you don’t need a full toolbox to change a light bulb.

As far as experts go, I get paid for my opinion. We all learn off each other and the number of posts has nothing to do with their knowledge.

The general cleaning guide is good, I just prefer to deal with the problems in a more personal nature, you learn about the threats in detail, figure out how it got in, how can it be stopped next time etc

 

Edit, accidently posted twice..lol

 

I am proud to have triggerred off such a learned professional debate! Please note the opinion of a lesser mortal: the future lies with quicker fixes . What is at present recommended in "General Cleaning" ,for instance ,needs at least a couple of days...Morituri te salutant!

 

Re: W32.Randex Persistent Problem.-ADDIT.

By the way, i think this is what microsoft recommends to do inorder to avert further intrusions/ i am on windows 2000/:
Windows 2000
In Control Panel, double-click Network and Dial-up
Connections.
Right-click the interface that you use to access the
Internet, and then click Properties.
In the Components checked are used by this connection
box, click Internet Protocol (TCP/IP), and then click
Properties.
In the Internet Protocol (TCP/IP) Properties dialog
box, click Advanced.
Click the Options tab.
Click TCP/IP filtering, and then click Properties.
Click to select the Enable TCP/IP Filtering (All
adapters) check box.
There are three columns with the following labels:
TCP Ports
UDP Ports
IP Protocols
In each column, click the Permit Only option.
Click OK.
Do you advise me to do this?