Topic: Virus Help!  (Read 2931 times)

0 Members and 1 Guest are viewing this topic.

Iceman

  • Guest
Virus Help!
« Reply #20 on: June 18, 2004, 04:04:00 pm »
If anyone knows anything about the new friends.scr virus much help would be appreciated! It basically starts your browser and tries to redirect your home page to some other one, and starts your AIM (or trillian, etc) and puts up its own away message with a link to the program.  I can't seem to shake it. I've run ad-aware, spybot, norton, and even tried Norton's manual fix. I can't find anything wrong.  

Iceman

  • Guest
Re: Virus Help!
« Reply #21 on: June 18, 2004, 04:10:19 pm »
Apparently its a version of  W32.Yaha.B@mm, however it doesn't disable your .exe's like tha one did.

 

MarianoDT

  • Guest
Re: Virus Help!
« Reply #22 on: June 18, 2004, 04:38:22 pm »
Sorry but I can't help. But you can use this as a chance to format and reinstall everything.
Everything runs smoother after a reinstall. I personally do that every 6 or 8 months.

Mariano
 

Javora

  • Guest
Re: Virus Help!
« Reply #23 on: June 18, 2004, 04:58:28 pm »
Try an online virus scan from someplace like Trend Micro or McAfee.  Sometimes this will fix the problem.  You can also reformat and reload the system, but I think that should be a last step.   Since the virus disabled the antivirus scan and update ability on your system you could also try to use the removal instructions at the Symantec site.  Hope this helps.
« Last Edit: December 31, 1969, 06:00:00 pm by Javora »

jualdeaux

  • Guest
Re: Virus Help!
« Reply #24 on: June 18, 2004, 08:44:54 pm »
What OS are you running? I am running XP and got a virus a while ago. I just started the install program from the CD and did a recovery. I had to download and install the updates again but everything else was saved.  Needless to say, I was much relieved.
« Last Edit: December 31, 1969, 06:00:00 pm by jualdeaux »

Iceman

  • Guest
Re: Virus Help!
« Reply #25 on: June 18, 2004, 09:30:29 pm »
I fixed it. well I got it from a friend and he fixed it so he showed me how. Seems it was a keystroke logger that periodically sent its logs to someone.  

Thanks for all the good advice though guys!
« Last Edit: June 18, 2004, 09:31:09 pm by Iceman »

Byzantine

  • Guest
Re: Virus Help!
« Reply #26 on: June 18, 2004, 11:35:11 pm »
Iceman,

Could you tell us anything about what your friend had you do to fix your system?  I have been a little paranoid of having picked up a keylogger for about a week now but I do not know any tricks to find it.  My Mcafee says I have no problems but I am always suspicious these days the the antivirals can be bypassed.

tx, byzantine

Iceman

  • Guest
Re: Virus Help!
« Reply #27 on: June 18, 2004, 11:55:10 pm »
Sure, first, if you're running XP (which I hope you are cause if not I don't know what to tell you) go to windows/system32, put the viewer in 'list' mode and set it to view the most recently modified.

If you see netstatt.exe in there, you've got a problem.

Restart your machine in safe mode (not networked) by pressing F8 on the boot screen.

Go to start>search "netstatt" (without the quotes, obviously)

If it finds anything, delete it. Also, be sure to delete the one in the system32 folder, as the search function didn't detect that one.

You'd probably know if you had it, it was very obvious. It'd take over (or launch) trillian, and put up an away message with a link to the file with the program in it, and send you to a page which presumably sent in the keylogger.txt (which you can also delete, in your system32 folder.)

Hope it helped.

Byzantine

  • Guest
Re: Virus Help!
« Reply #28 on: June 19, 2004, 12:48:51 pm »
Thank you for the info Iceman.  I think/hope I am clean.  (My PC at least, can't speak for my mind .)
« Last Edit: December 31, 1969, 06:00:00 pm by Byzantine »

Iceman

  • Guest
Re: Virus Help!
« Reply #29 on: June 19, 2004, 01:56:59 pm »
Yeah it wasn't hard, and it's a valuable tool (knowing how to check system 32, start in safe mode, etc) I just didn't know how to go about it. Good luck!