|
Posted by =?Utf-8?B?TW9uc2Fs?= on July 19, 2005, 4:56 pm
If you were Registered and logged in, you could reply and use other advanced thread options
Please could someone help? First posted this in Windows XP Security but told
to post question here. I'm using XP Home Edition with SP2 and Norton AV
alerts to a virus attack by W32.Gaobot.SN the first time I go online each
day. Six messages - unable to repair, access denied, auto deleted, unable to
repair, access denied, auto deleted. Followed removal info (scan in safe
mode) but values were not in registry and scan found nothing. A few days
later Norton found 3 infected files of trojan Languard.exe, which is in the
registry but I don't dare delete it from there as XP came installed on the pc
and seems to have no backup utility. Downloaded AdAware SE, Spybot S+D and
SpywareBlaster, updated them and AdAware found 10 critical, Spybot found
about 70 inc negligible threat. I also deleted everything in Downloaded
Program Files in IE Tools, Internet Options. On startup later there were a
lot of IE script error boxes and they continue to appear on startup (40 of
them today). The error says 'Object doesn't support property or method MS
play/run' in one box, and the rest say the same but for
MSmedia.CreateTextFile. The url is file://C:\Doc and Settings\All users\Start
menu\Programs\Startup\WindowsUpdate.hta. Full system scans with Norton,
AdAware and Spybot found nothing today.
|
|
Posted by David H. Lipman on July 19, 2005, 6:30 pm
If you were Registered and logged in, you could reply and use other advanced thread options
| Please could someone help? First posted this in Windows XP Security but told
| to post question here. I'm using XP Home Edition with SP2 and Norton AV
| alerts to a virus attack by W32.Gaobot.SN the first time I go online each
| day. Six messages - unable to repair, access denied, auto deleted, unable to
| repair, access denied, auto deleted. Followed removal info (scan in safe
| mode) but values were not in registry and scan found nothing. A few days
| later Norton found 3 infected files of trojan Languard.exe, which is in the
| registry but I don't dare delete it from there as XP came installed on the pc
| and seems to have no backup utility. Downloaded AdAware SE, Spybot S+D and
| SpywareBlaster, updated them and AdAware found 10 critical, Spybot found
| about 70 inc negligible threat. I also deleted everything in Downloaded
| Program Files in IE Tools, Internet Options. On startup later there were a
| lot of IE script error boxes and they continue to appear on startup (40 of
| them today). The error says 'Object doesn't support property or method MS
| play/run' in one box, and the rest say the same but for
| MSmedia.CreateTextFile. The url is file://C:\Doc and Settings\All users\Start
| menu\Programs\Startup\WindowsUpdate.hta. Full system scans with Norton,
| AdAware and Spybot found nothing today.
Download MULTI_AV.EXE from the URL --
http://www.ik-cs.com/programs/virtools/Multi_AV.exe
It is a self-extracting ZIP file that contains the Kixtart Script Interpreter {
http://kixtart.org Kixtart is CareWare } three batch files, five Kixtart
scripts, one Link
(.LNK) file, this PDF instruction file and two utilities; UNZIP.EXE and
WGET.EXE. It will
simplify the process of using; Sophos, Trend and McAfee Anti Virus Command Line
Scanners to
remove
viruses and various other malware.
C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in C:\AV-CLS}
This will bring up the initial menu of choices and should be executed in Normal
Mode. This
way all the components can be downloaded from each AV vendor’s web site.
The choices are; Sophos, Trend, McAfee, Exit the menu and Reboot the PC.
You can choose to go to each menu item and just download the needed files or you
can
download the files and perform a scan in Normal Mode. Once you have downloaded
the files
needed for each scanner you want to use, you should reboot the PC into Safe Mode
[F8 key
during boot] and re-run the menu again and choose which scanner you want to run
in Safe
Mode. It is suggested to run the scanners in both Safe Mode and Normal Mode.
When the menu is displayed hitting 'H' or 'h' will bring up a more comprehensive
PDF help
file.
To use this utility, perform the following...
Execute; Multi_AV.exe { Note: You must use the default folder C:\AV-CLS }
Choose; Unzip
Choose; Close
Execute; C:\AV-CLS\StartMenu.BAT
{ or Double-click on 'Start Menu' in C:\AV-CLS }
NOTE: You may have to disable your software FireWall or allow WGET.EXE and/or
FTP.EXE to go
through your FireWall to allow them to download the needed AV vendor related
files.
* * * Please report back your results * * *
--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm
|
| Similar Threads | Posted | | error messages received from the microsoft antispyware beta | November 1, 2005, 2:58 pm |
| Security pop up messages about virus activity/software | August 25, 2005, 1:25 pm |
| What does "cannot find script file "H:\Bha.dll.vbs"" mean? | March 31, 2007, 2:25 pm |
| OT: - no-ads.pac :-) (proxy configuration script) | June 22, 2007, 2:54 pm |
| Arp virus attack? | August 15, 2006, 7:19 am |
| Attack unknown virus | December 26, 2006, 6:28 am |
| Suspicious E-Mail Messages | January 13, 2007, 4:37 am |
| unknown messages being sent from MS Outlook 2007 | April 14, 2007, 2:44 pm |
| Windows Anti-Spyware - suppress normal messages? | July 13, 2005, 11:33 am |
| Error loading OS. Is this virus activity? | February 17, 2007, 6:20 pm |
|
XML site map