Computing.Net > Forums > Security and Virus > Worm/Virus?

Specialty Forums
Security and Virus
General Hardware
CPUs/Overclocking
Networking
Digital Photo/Video
Office Software
PC Gaming
Console Gaming
Programming
Database
Web Development
Digital Home

General Forums
Windows XP
Windows Vista
Windows 95/98
Windows Me
Windows NT
Windows 2000
Win Server 2008
Win Server 2003
Windows 3.1
Linux
PDAs
BeOS
Novell Netware
OpenVMS
Solaris
Disk Op. System
Unix
Mac
OS/2

Drivers
Driver Scan
Driver Forum

Software
Automatic Updates

BIOS Updates

My Computing.Net

Howtos

Site Search

Message Find

Data Recovery

About

Worm/Virus?

Reply to Message Icon
Original Message
Name: Andy Quittner
Date: September 3, 2002 at 06:49:16 Pacific
Subject: Worm/Virus?
Comment:

Something has inserted - probably in the registry - some code that generates - every time I boot up - a random "exe" program that resides in "program files." The program doesn't appear to do anything. Can't directly delete, but removes with "resman" Norton, PCillin and other detectors don't find it. There is no reference to trace it back to the registry (running Win98). File name changes each time - random letters and numbers dot exe. Any ideas??


Report Offensive Message For Removal

Response Number 1
Name: Tim Allen
Date: September 3, 2002 at 12:13:48 Pacific
Subject: Worm/Virus?
Reply: (edit)

You can do 2 things,
1 - go to symantec.com and run a virus check straight from their website, if it is there that will find it.
2 - run regedit and look for the program then delete it. If it is running when you boot up it is more than likely in your registry files and changes each time to keep it hidden. Do not change any of your registry files unless you are positive it is the one that is causing the exe prog. What is the name of the file that comes up in program files?


Report Offensive Follow Up For Removal

Response Number 2
Name: Andy Quittner
Date: September 3, 2002 at 12:53:33 Pacific
Subject: Worm/Virus?
Reply: (edit)

The problem is that the AV programs don't pick it up. Also - the name of the running program changes each time I boot up - there is no specific program, that I can find, anywhere. Whatever the the registry key is, it generates a new random name (e.g. zhqt3r.exe) that is a dos level program. This dos level program appears only in the "root" of the program files directory. I am hoping that someone will have an idea of where in the registry to begin looking.


Report Offensive Follow Up For Removal

Response Number 3
Name: Tim Allen
Date: September 3, 2002 at 13:18:52 Pacific
Subject: Worm/Virus?
Reply: (edit)

Boot to dos and try this command line, SCANPM /ADL /CLEAN /ALL , it sounds like a a memory resident virus called offspring.1924


Report Offensive Follow Up For Removal

Response Number 4
Name: Jaz
Date: September 3, 2002 at 23:58:12 Pacific
Subject: Worm/Virus?
Reply: (edit)

The klez virus does what you're experiencing. Get this free removal tool and run it and see if it finds klez. Let us know.

http://securityresponse.symantec.com/avcenter/venc/data/w32.klez.removal.tool.html

If that tool doesn't find klez and if you have windows 95, 98, or ME download Startlog.com from the link below into any folder then doubleclick on the file and run it. It'll create 2 text files on your desktop. Copy and paste the results of just Startlog (not the stubpaths file) to your reply here so we can see it.

http://home.earthlink.net/~rmbox/Reticulated/Only_IE.html



Report Offensive Follow Up For Removal







Use following form to reply to current message: 

   Name: From My Computing.Net Settings
 E-Mail: From My Computing.Net Settings

Subject: Worm/Virus?

Comments:
         

 


  Homepage URL (*): 
Homepage Title (*): 
         Image URL:
 
Data Recovery Software



Parallels and Windows Domains

OS Install Failure

Vista and Dual Core Athlon

How to stop scanning while opening

open dialog

All Posts Awaiting Replies