W32.Randex Persistent Problem.

Discussion in 'malware problems & news' started by dimiterb2000, Jan 29, 2005.

Thread Status:
Not open for further replies.
  1. dimiterb2000

    dimiterb2000 Registered Member

    Joined:
    Jan 29, 2005
    Posts:
    43
    :( My antivirus system is Norton 2002. Since yesterday I have been getting frequent announcements that I have virus W32.Randex in C:\WINNT\System32\msgfix.exe, and that Norton full scancan not fix the file. I ran Norton several times to no avail. Then I contatcted Symantec online support, and according to their instructions ran it in Safe Mode, also nothing happened. As per the online support I went through the Registry, only to find that the things they tell to delete were simply not there. Could any one advise what to do? Could this be a false alarm? I should note that the Symantec site is not very helpful in offering a way to put this question to them directly. :mad:
    Thanks in advance.
     
  2. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,719
    Location:
    Texas
  3. dimiterb2000

    dimiterb2000 Registered Member

    Joined:
    Jan 29, 2005
    Posts:
    43
    WEll, I have more of the things suggested and run them quite regularly. A systematic step-by- step execution, especially of the first link, would take at least a couple of hours as I can see, I might do that tomorrow. I wonder if I should post a log at HiJackThis right away, what do you think? :doubt:
     
  4. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,719
    Location:
    Texas
    That would be a good idea. Wilders no longer does logs but you can look here
    for forums that do.

    http://a-sap.org/
     
  5. dimiterb2000

    dimiterb2000 Registered Member

    Joined:
    Jan 29, 2005
    Posts:
    43
    :rolleyes: While I have been trying the various approaches advised/ with no success/, the warning messages that I have the worm have stopped. Could this mean it has somehow disappeared? o_O
     
  6. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    When you run through General Cleaning does your system now show as being clean?

    Cheers :D
     
  7. dimiterb2000

    dimiterb2000 Registered Member

    Joined:
    Jan 29, 2005
    Posts:
    43
    Re: W32.Randex-ADDITIONAL expalanation needed.

    I think there is a contradiction between the advice of https://www.wilderssecurity.com/showthread.php?t=50662
    andhttp://www.claymania.com/removal-trojan-adware.html
    The first link says:
    "NOTE: do NOT install an additional Anti-virus or Anti-Trojan software program if you currently have one, as this may cause further problems.",
    while the secomd one suggests quite a few such downloads. For instance, I have Norton Antivirus, would adding a McAfee tool be safe?
    I would be very grateful for explanations. :oops:
     
  8. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Re: W32.Randex-ADDITIONAL expalanation needed.

    The McAfee tool is a stand-alone piece of software designed to scan your system, it will not effect you in any way, I have used it on many many systems.

    Cheers :D
     
    Last edited: Jan 30, 2005
  9. dimiterb2000

    dimiterb2000 Registered Member

    Joined:
    Jan 29, 2005
    Posts:
    43
    :D In that case, thank you, I will proceed and inform. Running all this 3 times in safe mode will surely take a bit of time.... :ninja:
     
  10. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Indeed, though it is very comprehensive and should confirm that your system is clean, after which I would suggest looking at some additional software to keep your system that way, and we can help you with some suggestions ;) :D

    Cheers :D
     
  11. dimiterb2000

    dimiterb2000 Registered Member

    Joined:
    Jan 29, 2005
    Posts:
    43
    :( Sic Transit Gloria Mundi....
    Just running the Stinger/ which pronounced everything O.K/ took almost 2 hours. The comprehensive package, in Safe Mode at that, would take much more time than I can afford, I am afarid. Could you pinpoint the most vital operationso_O Sorry if the question sounds stupid... :doubt:
    p.s. I am almost certain I got the worm through playing FIFA games. let people be warned.
     
  12. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Just let it run and go for a walk ;) :D As a minimum I would next run Spybot Search and Destroy as well as Adaware.

    Cheers :D
     
  13. dimiterb2000

    dimiterb2000 Registered Member

    Joined:
    Jan 29, 2005
    Posts:
    43
    The problem is, I more or less make a living online, through the medium of this very PC...
    Anyway, all of these: AdAware,Spybot, rerun of Norton, AND Panda online scan have issued a clean bill of health, and this is the maximum I can afford time wise.
    Could we assume that the rascal has somehow been destroyed, or commited suicide??As I mentioned earlier, the warning messages have stopped. Amen. :doubt:
     
  14. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    I would think so, just to be sure you can download and run “Hijack This” found here and post your log at one of the forums found at A-SAP. The two bigger forums for HijackThis log processing, (meaning they process more log threads each day than most others) are: SpywareInfo.com and CastleCops.com. Be sure to read their posting policy in the links at their log review forum sections prior to posting.

    Let us know how you go...

    Cheers :D
     
  15. dimiterb2000

    dimiterb2000 Registered Member

    Joined:
    Jan 29, 2005
    Posts:
    43
    Thanks for your extremely comprehensive advice. Will do the postings ASAP, and keep you informed. :D
     
  16. Sweetie(*)(*)

    Sweetie(*)(*) Registered Member

    Joined:
    Aug 10, 2004
    Posts:
    419
    Location:
    Venus
    Hello, HERE is a link to removal instructions for W32.Randex.
    Pay particular attention to the bottom of the page with the registry fixes.

    Just advice but Mcafee Stinger only detects a set number of specific viruses (info HERE ) if you know the name of the virus and it’s not on the Mcafee Stinger list, don’t bother.


    Basic instructions for removing Trojans, stubborn viruses etc;

    1. Update windows and security software.

    2. Disable system restore.

    3. Boot into safe mode.

    4. Run security apps (Anti; virus, Trojan, Spyware etc.)

    5. Delete any problems.

    6. Boot normally.

    It should then be clean if not;

    Extended options,

    1. If you know the name of the virus, Trojan etc, research on web for removal advice.

    2. If the infected file has been identified, try to delete it manually. (Check the file name first, makes sure it’s not a legitimate file.)

    3. Perform on line AV scan with a different AV to the 1 you regularly use.

    4. Make a note of the running processes from task manager, research any that are not familiar. (Look very carefully, some are almost identical to the real processes, e.g.; Iexplore, lexplore. the latter is an L.)

    5. Look in the windows Event viewer for errors, it can point to the area/file that is having problems.

    6. Scan with HiJackThis, post log file at forum that does analysis.

    7. Perform System file check. (Windows CD > CDROM drive, click start > run, type in CMD, when window opens type in "sfc /scannow will replace any changed/damaged system files with a clean copy.)
     
  17. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Hi Sweetie, Dimiterb2000’s system is now clean according to a PM I have received. The advice you have given above is the same as that found in General Cleaning, without the detail. Thus if following your advice and Winsock becomes effected the person does not have a recall in being able to run a program or manually resolving the issue. General Cleaning was put together over a long period of time and checked through by specialists and team members of this forum, it is designed with safety in mind as well as education in learning about security, so that the person does not find themselves in the same situation again.


    Stinger has been constantly updated since 2002 covering major outbreaks of Trojans, Worms and Viruses, it is a very handy tool as part of an overall approach to cleaning a system, which is where General Cleaning has it’s place, in that it can confirm not only a single infection, but through a holistic approach it is generally able to confirm that a system is clean of Trojans, Viruses, Worms, Malware and Spyware overall, and if there remains an issue, then a change of direction is taken, and Hijack This is called upon with a log posted at a A-SAP forum where specialists take over.


    Covered in General Cleaning with greater detail.


    Also covered in General Cleaning with greater detail.


    Not covered, though has been added on occasion where required.

    Cheers

    Blackspear.
     
    Last edited: Jan 31, 2005
  18. dimiterb2000

    dimiterb2000 Registered Member

    Joined:
    Jan 29, 2005
    Posts:
    43
    I am becoming popular... :cool:
     
  19. Sweetie(*)(*)

    Sweetie(*)(*) Registered Member

    Joined:
    Aug 10, 2004
    Posts:
    419
    Location:
    Venus
    Hi, you make valid points, although the chance of needing Winsock is very low, the basic instructions I posted are almost the same as those recommended by the leading AV companies.

    If the infection has been identified, and Mcafee stinger does not have it in its data base why recommend the use of it?

    mcafee stinger is a very good utility if it covers the problem you have, although ive found it to be quite slow, and a poor first choice considering its limited data base.

    The general cleaning post is very good, and goes into a fair bit of detail, but it has flaws; very time consuming, alot of infected systems can have trouble downloading the needed software, download limits for those on restricted connections, conflicts with software on the system etc.

    The majority of viruses/Trojans etc can be addressed directly, with a specific fix for the threat in a mater of minutes, which also gives the user some knowledge/education for future problems.

    The first rule of IT security is to identify the problem if possible, and use the tools required, you don’t need a full toolbox to change a light bulb.

    As far as experts go, I get paid for my opinion. We all learn off each other and the number of posts has nothing to do with their knowledge.

    The general cleaning guide is good, I just prefer to deal with the problems in a more personal nature, you learn about the threats in detail, figure out how it got in, how can it be stopped next time etc
     
  20. Sweetie(*)(*)

    Sweetie(*)(*) Registered Member

    Joined:
    Aug 10, 2004
    Posts:
    419
    Location:
    Venus
    Edit, accidently posted twice..lol
     
  21. dimiterb2000

    dimiterb2000 Registered Member

    Joined:
    Jan 29, 2005
    Posts:
    43
    :rolleyes: I am proud to have triggerred off such a learned professional debate! Please note the opinion of a lesser mortal: the future lies with quicker fixes . What is at present recommended in "General Cleaning" ,for instance ,needs at least a couple of days...Morituri te salutant! :D
     
  22. dimiterb2000

    dimiterb2000 Registered Member

    Joined:
    Jan 29, 2005
    Posts:
    43
    Re: W32.Randex Persistent Problem.-ADDIT.

    By the way, i think this is what microsoft recommends to do inorder to avert further intrusions/ i am on windows 2000/:
    Windows 2000
    In Control Panel, double-click Network and Dial-up
    Connections.
    Right-click the interface that you use to access the
    Internet, and then click Properties.
    In the Components checked are used by this connection
    box, click Internet Protocol (TCP/IP), and then click
    Properties.
    In the Internet Protocol (TCP/IP) Properties dialog
    box, click Advanced.
    Click the Options tab.
    Click TCP/IP filtering, and then click Properties.
    Click to select the Enable TCP/IP Filtering (All
    adapters) check box.
    There are three columns with the following labels:
    TCP Ports
    UDP Ports
    IP Protocols
    In each column, click the Permit Only option.
    Click OK.
    Do you advise me to do thiso_O? o_O
     
  23. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    It may be low, but it is still there, and we have had several instances of late…


    Sure, but like I stated above, we try to take a holistic approach, with not just tackling one issue but trying to cover a range of possible issues, rather than send the person away thinking they are clean, to have them return regarding other issues…


    It is the second step in General Cleaning, after the person using their Anti-virus software, it is an alternative, a second opinion, like the use of Ad-Aware AND Spybot.Search and Destroy, what one doesn’t pick up hopefully the other will ;) :D


    In the field I have found it useful, sometimes you can’t get to the internet first off, this is where having Stinger on CD is very useful.


    It is time consuming because it is very thorough.


    Conflicts I haven’t seen to date, and I and my staff do this for a living…


    Most viruses and Trojans can be fixed by using up-to-date definitions and running a scan in “Safe Mode”, however this does not address an overall approach to confirming the system is clean not only of Trojans, Viruses and Worms, but also Spyware and Malware, where as General Cleaning does.


    I can’t agree here, how does running a scan with your Anti-virus software gain you any further knowledge or education in the use of security and maintaining the security of your system?


    Agreed, however we are not talking an expert using their own tools, we are talking novices that will now have ½ a box of tools that we have given instruction in the use of, and advised not only to check the light bulb, but also the fuse box outside ;) :D

    As do I ;) :D


    Agreed, and agreed again, the number of posts has nothing whatsoever to do with experience and knowledge of the poster, it comes down to the advice given.


    Sure, for you that’s fine, for here where we can not see the persons system, then I’d rather be sure that overall their system is clean, and once clean try to educate them in not getting back into the same boat, even though the reality is that most will have at least one more infection of some sort before they choose to learn how to secure their system.

    Cheers :D
     
Loading...
Thread Status:
Not open for further replies.