I have 2 Macro.src virus's that I had Norton quarantine. They are located in C:\RECYCLED\NPROTECT. I don't know what I should do now. I can't find anything on this one. Norton says it can't repair. Please tell me what to do.

I tried to send a report to Symantec, but it didn't work and I didn't understand the line of sending then the files, as weather I should or what ever, Sure wish that I was a lot smarter.

Keep in mind that it is 5 am and I have been up all night doing the virus scan and all and my brain isn't funtioning too well, kids will be up in a couple of hours for school.

Anyway, I have had some problem with my email around the 4th of this month. I had made a post about it here. But a while after that post I had gotten my Microsoft Outlook to work again and I somehow gotten duplicate Outlook Today menu and outbox. inbox etc. I had to use the new inbox to get my email. The origonal one wouldn't work. This might have been caused from when I repaired my Microsoft word and had it reset to default. I really don't know. Maybe I had this virus back then and Norton's didn't look for it at that time?

My grand child was on the computer when I had gotten the exploit 6 virus a couple of weeks ago. I don't know if this is related either.

Tonight I got an email from a friend of mine. It looked normal. I had copied and pasted the message into a new email that I opened and I sent it to a few friends.

Then I thought that I would for the heck of it send myself an email just to make sure there wasn't any virus's attaching files to the email that I send. I have it set to check for new email every 5 minutes. Well it had been about that when I had this popup box that said I had a USER.EXE error and it had to shut down my outlook. So I clicked OK.

Then I went to google and did a search on this. Boy, I really think some really smart tech who isn't afraid of virus's and stuff, who knows a lot about codes should go where I went and check out this site. I don't suggest anyone else go there because this is where Norton detected my virus's. I forgot to copy down the internet address, but I can tell you exactly where it is. In the google search, I typed in "Microsoft Outlook USER.EXE". Then when I got to the second page and down to the heading "WARNING". This where Norton caught the Macro.scr virus's.

This page is odd. It is internet code and it is talking about 2 virus's. Maybe I'm wrong about thinking this way and I don't know very much about computers, but I do know a little about what code looks like.

This site page starts out like this: 3/14/2004 jai Intituve virus EMILIE, vbs.sbsug.Emilie. There is a lot of lines of code after this stuff.

Then towards the bottom there is another virus talked about: lautre pt1 dermer, celui de melissa, Melissa Virus Source Code.

Anyway I am thinking that my NPROTECT is not working since this virus is quarantined. Norton says that the surface C:\ is at 49 percent and I am not shutting down yet. Optium is at 97 percent and this is almost where I start having windows troubles usually, freezings.

Please let me know as quick as you can!!!

Description, prevention steps and removal instructions for "macro" viruses.

http://securityresponse.symantec.com/avcenter/venc/data/macro.viruses.html

_________________________
Computers work with absolute flawless perfection, until the first person touches them!

Problem 1)
I read the instructions at Symantec. First of all I didn't even know that this Word program had a security setting so I made a password setting in there. Then I set it on high.

I went up to number 4 as I listed below. I didn't have anything in the startup Folder name box.

a) Start Microsoft Word.
b) Click Tools, and click Options.
c) Click the File Locations tab.
In the File types box, double-click Startup.
d) Write down the path that is displayed in the Folder name box. This is the folder in which files that start when Microsoft Word starts are stored.

So what do I do now about Word?

Problem 2)
I had to finally shut down and restart my computer and when it rebooted a box came up and said that NPROTECT has caused an error in unknown. NPROTECT will close. So I guess I am not running this program now.

The second question is, what am I supose to do about NPROTECT now How do I fix Norton NPROTECT program? Remember I don't know anything about these files nor much of anything else. Please give me simple instructions.

One last Question)
A while back I changed my computer to show all hidden files. I have noticed lately, don't know if the "show hidden files" has anything to do with this or if the virus does, but on my desktop in the startup menu, I have Desktop 1 and Desktop 2. Also I have 3 listing for "Launch Internet Explorer Brouser (1), (2), (3).
Is this normal?

Thanks for your time. I am really glad you guys are here for us!!

'This site page starts out like this: 3/14/2004 jai Intituve virus EMILIE, vbs.sbsug.Emilie. There is a lot of lines of code after this stuff.'

The site you found is written in French.

actually just the comments there are in French. It is a disclaimer, but it is a French site. The code is Visual Basic Script.

The virus alarm you got is a false alarm, you can't get infected there.

I don't know to fix your problem, but that site didn't cause it.

I went ahead and had norton delete these 2 files. I ran Norton antivirus program again and it didn't find anything from the scan.

I forgot to mention this, but early yesterday I had programed Norton to notify me of any virus like activity. Now everytime I start up my computer Norton says that "C:\Windows\System\KRNL386.EXE is attempting to write to the file C:\WINDOWS\System, Norton will ask me if I want to Stop/Continue/Exclude. I have been telling it to continue, except this last time I said stop.

I am thinking it might be Spywareblaster or the 30 day trial of TrojanHunter. But I thought I had better ask someone in case it is a virus of another kind.

I am having problems the last few days with my MS Word program not wanting to shut down. It acts like it wants to freeze.

but if I wait about 15 seconds or so it usually completes the shutdown. Mean while I can't even so anything on my computer cause it is also affected from it. So I suspected something else might be wrong.

So I checked for updates for my Adaware, Spybot S&D, and nortons. I ran my HiJackThis program, but I haven't updated it for about a month. I wanted to get the virus off before I download anything of that size just yet.

I got the CWShredder's update a few days back and I did a scan today. I'm not sure if I understand the scan reading. Is the scan listing viurs's from my computer or is this the items it will fix? Please explain this scan, if it is normal or the virus so I will know the next time. Here are the scan resaults.

CWShredder v1.53.2 scan only report
Please understand that a CWShredder 'Scan only' report
might not be sufficient to troubleshoot an infected system.
You can use HijackThis for that:
http://www.merijn.org/files/hijackthis.zip
http://www.spywareinfo.com/~merijn/files/hijackthis.zip

Windows ME (4.90.3000 )
Windows dir: C:\WINDOWS
Windows system dir: C:\WINDOWS\system
AppData folder: C:\WINDOWS\Application Data
Username: Wanda

Found Hosts file: C:\WINDOWS\hosts (168 bytes, A)
Found CWS.Control (if filesize is over 50k) file: C:\WINDOWS\control.exe (2144 bytes, A)
CWS.Oslogo (if value is 2) Registry value: Domains: *.coolwebsearch.com [*] dword:4
CWS.Oslogo (if value is 2) Registry value: Domains: *.coolwwwsearch.com [*] dword:4
CWS.Googlems.2 (if value is 2) Registry value: Domains: *.xxxtoolbar.com [*] dword:4
CWS.Googlems.4 (if value is 2) Registry value: Domains: *.teensguru.com [*] dword:4
Registry value: DefaultPrefix (should be http://) [] http://
Registry value: WWW Prefix (should be http://) [www] http://
Registry value: Mosaic Prefix (should be http://) [mosaic] http://
Registry value: Home Prefix (should be http://) [home] http://
Found Win.ini file: C:\WINDOWS\win.ini (8851 bytes, A)

I have a bad feeling, Pleeease make me SMILE, LOL Thanks everyone.
Found line in Win.ini: load=
Found line in Win.ini: Run=hpfsched
Found System.ini file: C:\WINDOWS\system.ini (2397 bytes, A)
Found line in System.ini: shell=Explorer.exe

- END OF REPORT -

I'm a little upset that no one came back to help me, but I am still searching to find out more on Macro viruses. I am posting this last issue, in hopes that it will help some of you that are searching for information about the Mirco virus. I ran across this site that gives a very understandable explaination about the kind that hides in Microsoft’s Word for Windows and Excel for Windows. Anyone who wants to learn more can go here and read more. http://vx.netlux.org/lib/static/vdat/epmacsol.htm

I hope this will help someone. I am still looking and trying to learn.