last week i was on yahoo messenger and i noticed that a message that was supposed to be from me was there. the thing is i didnt write it. it was this message exactly.......( hey i wanted to show you this. http124.184.166.254:8180. ) i downloaded norton anti virus and it is now quarentined. my question now is even though it is quarentined will it still effect my computer? i also have 3 other viruses. one is a trojan horse-index.html (also quarentined) the other two are a w32.Aplore@mm virus. psecure2ox.cgi-install.version6.01.bin and the other one is explorer.exe....... the anti virus has quarentined the first three but it says that the explorer.exe was left alone. i really dont know much about viruses however i did an update before and the antivirus. i am still getting windows.exe massages and i dont know what i should do next. i went to a website and i told me to do this....point to start-run-regedit-then ok it. navigate to hkey_local_machine\software\microsoft\windows\currentversion\run... it then says in the right pane delete the following value.....explorer %sytem%\explorer.exe then click registry then exit.....but i didnt find that in my registry! does that mean that it is no longer a problem? i think i still have it because i am still getting strange messages. how do i get rid of my viruses!!!!!!!!!!!! PLEASE HELP ME!!!!!

Try online scans first at these sites

http://housecall.antivirus.com/housecall/start_corp.asp
http://security2.norton.com/ssc/home.asp?
http://www.pandasoftware.com/activescan/com/

Scan also with Ad-aware
http://www.webattack.com/get/adaware.shtml

and be careful, don't go from flower to flower on the Net.
(Melissa in Greek means Bee as you maybe know)

As a general rule do not bother with quarentine or clean file when you AV detects a virus always delete it if prompted. As to if you still have the infection, you will have to rescan and check the registry. If it is still present you will have to remove it from safe mode. for instuctions on this visit www.symantec.com and link to expanded threat click on the letter W and scroll down to W32aplore@MM

the viruses in quarantine are ok. your antivirus won't let them run. If you take them out of quarantine and try to run them, it'll get moved back to quarantine.

as for the virus that infected explorer....it couldn't be quarantined because explorer is your taskbar...and since it is running, it can't be quarantined. You'll have to end the explorer.exe process and fix it (without your taskbar running :(). You will need to replace explorer.exe. maybe try "sfc /scannow"?

found 2 virises on my computer how do i get rid of them they are com.tsr.viris and the other is win32.Magistr.24876 need help getting rid of these soon

hi roberto,
here's some info on win32magister24876:
after reading this go to wilders.org and download Trojan Hunter and do a complete scan of your machine it should clean it of this trojan worm.

When run, this virus will make a copy of an EXE or SCR file in the system directory, give it a slightly different name and infect the copy. The virus then adds a reference to this infected file to the following registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\

For example, under test conditions the virus copied "CFGWIZ32.EXE" to "CFGWIZ31.EXE" and added the key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\CFGWIZ31="C:\WINDOWS\SYST EM\CFGWZ31.EXE"

It may also add the filename to the "run=" line in WIN.INI.

On the next reboot, the infected copy will infect other .EXE and .SCR files in the System directory and its subdirectories.

The virus searches for e-mail addresses in Outlook Express and Netscape mailboxes, as well as the Windows address book (.WAB) files. It stores information about the location of these mailboxes in a hidden file in the Windows directory with the extension ".dat". The rest of the filename is randomly generated based on the computer name.

Using its own SMTP code (by connecting to the mailserver directly), the virus then sends an e-mail message to all of the addresses it has found. The subject and body of the e-mail are taken from files on the infected machine's hard drive, and therefore may be any collection of ASCII characters. An infected file is attached to the e-mail.

Besides using SMTP to spread, Magistr also tries to connect to shares in the network neighborhood. If it can connect to a network drive, it will try to copy itself to the following directories and add a "run=" line to the WIN.INI file on the remote machine to infect it on the next startup:

WIN95
WIN98
WINDOWS
WINNT

hope this helps,
murve