Anyone familiar with these worms and trojans? What should I do now? Results of Complete Test, date and time 8/20/2003 22:12:12 : Testing C:\ serial 289F-9FD5 C:\Documents and Settings\DEFAULT\NTUSER.DAT Cannot open; not checked! C:\Documents and Settings\DEFAULT\ntuser.dat.LOG Cannot open; not checked! C:\Documents and Settings\DEFAULT\Local Settings\Application Data\Microsoft\WINDOWS\USRCLASS.DAT Cannot open; not checked! C:\Documents and Settings\DEFAULT\Local Settings\Application Data\Microsoft\WINDOWS\UsrClass.dat.LOG Cannot open; not checked! C:\WINDOWS\SYSTEM\FREE_S~1.exe repaired C:\WINDOWS\SYSTEM32\BROWSE~1.exe repaired C:\WINDOWS\SYSTEM32\IPCNL.exe Virus identified Win32/Valla.2048 C:\WINDOWS\SYSTEM32\MY_TEENS.exe repaired C:\WINDOWS\SYSTEM32\NTSERV~1.BAT Virus found Worm/Muma C:\WINDOWS\SYSTEM32\WINS\DLLHOST.exe repaired Test finished, duration 00:23:11.1 s 30700 objects tested, 6 found infected The virus names were: Trojan Horse Dowmloader.Small.AC Win32/Valla.2048 Trojan Horse Downloader.Delf.W Worm/Muma Worm/Nachi

worms are the delivery & re-infection vehicles for viruses. Your scan results show the worm files (vehicle) that brought you the actual evil-doers (viruses) - though you have to cleanup both to assure no re-infection. Info & removal tools are available at vil.nai.com/vil/default.asp and securityresponse.symantec.com/avcenter/vinfodb.html. THE IDEAL RESPONSE: "Massaging" your files by using your computer (even turning it on & off) can trigger viruses & worms to do further damage. In fact they are often designed to lurk indefinately in a system - in hopes of gaining more opportunities to infect other machines - and not do damage to the infected host-machine until they are "massaged" into thinking they're about to be discovered usually the launching of an AV program. Your infection has, it sounds, done precisely this and attacked the AV program when it feared it was near detection. Further stimulation, if you will, of either the virus files or the worm files can further the damage to your system. So the safest thing to do is pull the plug, remove the infected drive(s), and attach them as "slaves" (secondary drives) to a known clean system with a known up-to-date AV scanner & clean them from there, then re-install into their "home" computer. That's not practical for most users, so the second best option is to go to a known good machine & download a DOS based scanner & boot to DOS from a floppy to run it. This takes a bit more technical savvy than some care to invoke, so - thirdly - there are sometimes windows-based tools designed to run directly on infected machines. These often cannot entirely remove the infection upon first use and/or result in more data-loss - but usually not. Whether or not there are such tools for your particular infect I do not know - you'll have to read-up on it. In any event you probably want to use another, clean machine to obtain the tools. If all of this sounds terribly daunting then go down to your nearest highschool computer lab or gameroom and offer to buy beer for the geekiest looking kid you can find. (though you may want to make that offer away from school grounds ;-)) Or, more probable, pay a nephew or neighbor kid 10$. G'luck! -jp