| Author |
cycovision - pc help thread |
max99
Joined: Nov 24, 2004
Posts: > 500
From: Manchester (@ Uni)
PM |
looks like they are still there 
[addsig] |
|
|
Cycovision
Joined: Nov 30, 2003
Posts: > 500
From: England
PM, WWW
|
You're right mate, this is a really nasty worm that generates regularly changing filenames to hide it's identity.
The manual removal instructions are here:
http://securityresponse.syman[....]er/venc/data/vbs.gaggle.d.html
It's quite long winded but if you can get your browser open long enough to print it out, you might be in with a chance.
By far the easiest way would be to get a copy of AVG on a CD (download it on a different computer and burn it to CD), install it, update the definations and run a scan in safe mode.
After that, you'd need to put the XP install disk in, click start, run and type sfc /scannow. This is because the worm deletes or damages certain system files and they'll need to be replaced.
The other alternative would be to operate! Get the hard drive out of the infected PC, wire it in as a slave or use a USB to IDE converter to connect it to a healthy PC with antivirus software installed and scan it that way. You'd still need to do the sfc /scanow and the registry fixes on the symantec site once you've put the hard drive back in the PC
|
max99
Joined: Nov 24, 2004
Posts: > 500
From: Manchester (@ Uni)
PM |
right downloading avg now
so i run it in safe mode ?
_________________
My Ebay Items (Check My ME page out)
[ This Message was edited by: max99 on 2006-02-28 16:45 ] |
haynesycop
Joined: Mar 10, 2004
Posts: > 500
PM |
Here you go it is the premium version hope this is the right one:
http://www.grisoft.cz/softw/70/filedir/inst/avg71f_375a716.exe
|
Cycovision
Joined: Nov 30, 2003
Posts: > 500
From: England
PM, WWW
|
Yeah, run it safe mode because AV programs have a better chance of deleting viruses if the viruses aren't running at the time. Doesn't always work because many viruses still get loaded and run even in safe mode, but it generally gives you the best chance.
|
max99
Joined: Nov 24, 2004
Posts: > 500
From: Manchester (@ Uni)
PM |
its been scanning for 32 mins
and found...
2790 infected files and counting 
3029 now
4500+ now , and going for 1 hour 13mins, and i reckon its about 1/3 way through :s , gonna take ages
6500 now 2hours gone
_________________
My Ebay Items (Check My ME page out)
[ This Message was edited by: max99 on 2006-02-28 17:38 ]
[ This Message was edited by: max99 on 2006-02-28 18:10 ]
[ This Message was edited by: max99 on 2006-02-28 18:57 ] |
dude_se
Joined: Dec 16, 2004
Posts: > 500
From: Evesham, UK
PM |
as i said on msn. if you can go on trend micro and do a scan
dude_se
10 +'ve feedback's, 0 -'ves
--------------------------- |
max99
Joined: Nov 24, 2004
Posts: > 500
From: Manchester (@ Uni)
PM |
cyco , when i get to end do i heal or delete files ? or w/e it says at end of avg scan
[addsig] |
Cycovision
Joined: Nov 30, 2003
Posts: > 500
From: England
PM, WWW
|
Heal first, delete any that it can't heal 
|
max99
Joined: Nov 24, 2004
Posts: > 500
From: Manchester (@ Uni)
PM |
cheers  , will do that when its finished
just general Q whats diff between heal n delete
_________________
My Ebay Items (Check My ME page out)
[ This Message was edited by: max99 on 2006-02-28 20:45 ] |
Cycovision
Joined: Nov 30, 2003
Posts: > 500
From: England
PM, WWW
|
Heal is used when the virus has attached itself to another, legitimate file. AVG tries to delete just the nasty bit tagged onto the end and repair the original file so that it still works properly.
Delete just gets rid of the whole file!
|
max99
Joined: Nov 24, 2004
Posts: > 500
From: Manchester (@ Uni)
PM |
arr k, wicked, ur a star #:D
quick update: 10100 infected files now
also right i got 40gb h/d i know small, 37.6 or summit is used, i deleted 20 odd gb of music from itunes n from recycle bin yet the free space has no changed and still says 37.6. bit odd hey 
_________________
My Ebay Items (Check My ME page out)
[ This Message was edited by: max99 on 2006-02-28 21:14 ]
[ This Message was edited by: max99 on 2006-02-28 21:14 ] |
dude_se
Joined: Dec 16, 2004
Posts: > 500
From: Evesham, UK
PM |
reboot
dude_se
10 +'ve feedback's, 0 -'ves
--------------------------- |
Cycovision
Joined: Nov 30, 2003
Posts: > 500
From: England
PM, WWW
|
When you say you deleted them from Itunes, did you delete them from one of it's various playlists or did you delete the actual files themselves?
I'd guess that the files are still there somewhere! Try doing a windows search for *.mp3 (EDIT: and other music file extensions) and see what comes up!
_________________
'He who laughs last, laughs longest. Or didn't get the joke...'
[ This Message was edited by: Cycovision on 2006-02-28 22:16 ] |
max99
Joined: Nov 24, 2004
Posts: > 500
From: Manchester (@ Uni)
PM |
thanks
well i left the scan on last nite and was still goin this morninig so i stopped it, cuz it was goin soooo slow
i duno wat 2 do . lol just keeps reappearin everywhere
[addsig] |
|
|
Posted: 2006-02-27 22:04
