General discussion

  • Creator
    Topic
  • #2346123

    MULTIPLE VIRUSES – NEED REMOVAL

    Locked

    by robert_smith ·

    I am in a rather difficult situation. I have been using Norton Antivirus 2001 for about half a year and I on a whim decided to change to another antivirus solution and started evaluating different trial versions by downloading them for eval.

    Well, the first was Trend Micro’s PC-Cillin 2000 and before even downloading it I ran their “Housecall” online scanner and was shocked to learn that I had no less than two trojans and four viruses. I say “I was shocked” and indeed I was, but in all fairness to the situation – I was not the person who ran the antivirus online. It was an associate of mine who did so – one whom I trust implicitly and who works with me. He erroneously noted ONLY the virus that REMAINED after the removal process andnot the complete list – and the symtoms I am experiencing are indicitive of a virus(s) still remaining. As this is often a long, time consuming process for non-antivirus experts like myself – I have chosen instead to place a whoping 9,000 points onthis question. However, in keeping with good standards of practice – I wish to award this to only ONE TechRepublic member who immediately offers the CORRECT solution that removes this clear and present danger from our LAN. Let there be no doubt: we have at least two or one real monster that exhibits several symptoms. Here goes the symtoms I am experiencing:

    (SEE COMMENTS AS I HAVE RUN OUT OF CHARACTERS)

All Comments

  • Author
    Replies
    • #3616306

      MULTIPLE VIRUSES – NEED REMOVAL

      by robert_smith ·

      In reply to MULTIPLE VIRUSES – NEED REMOVAL

      1) first and foremost are frequent keyboard lockups and crashed of various KERNEL.* programs should I ever hit CTRL-ALT-DEL to look at running processes. (I know there are utilities that you can use to see running processes and I will be downloading one today). What I do see when I get into the “Task Manager” via CTRL-ALT-DELETE of Windows 98 SE (all of our PC’s are Windows 98 SE except for one Windows ME installation) – On each of these machines, if there are enough processes running so thatyou can scroll down through the task list when you hit CTRL-ALT-DELETE – I scroll down and WITHOUT FAIL ALWAYS SEE A BLANK LINE AT THE BOTTOM. Microsoft had a REAL problem with this – first they couldn’t confirm it was normal or not; then when we called their legal people – they put a top-tech on who first said “..that should not be there..” then after a long exchange of why its there ONLY when you open Internet Explorer or anything on port 80 (your browsers port for HTTP protocol) he finally said its part of the way Internet Explorer works. NOT TRUE – in a non-Internet browsing environment, but instead browsing local files on the C: drive or the LAN – it does not show up at all. So this appears to be an INVISIBLE task of some nature. This is first on the list but apparently beneign in nature so far – maybe a trojan, I dont know.

    • #3616305

      MULTIPLE VIRUSES – NEED REMOVAL

      by robert_smith ·

      In reply to MULTIPLE VIRUSES – NEED REMOVAL

      2) The mouse first on another Windows 98 SE machine would move the opposite direction if you move it too fast. When moved slowly you can use it normally – however the slightest amount of speed AUTO CENTERS the mouse back to a starting point by reversing your direction – I thought this was just a hardware issue and planned to get this user a new mouse – then it showed up on my personal machine a few days later. Now two PC’s out of five have a misbehaving mouse. They are different mice, one isa generic two button and the other is an MS Intellimouse 1.1A with wheel. Uninstalling and reinstalling the mouse software does nothing. All local virus software downloaded and tried and three different online scanners detect nothing. This may the byproduct of the same virus or its own virus I dont know – as I dont know how to search the databases by SYMPTOM. None of the online services seem to have that feature.

      3) For certain we had the PE_FUNLOVE_4099 virus on at least one machine hereprobably three or more. We followed the removal instructions – but the removal software went right over the C:\WINDOWS\SYSTEM\FLCSS.EXE file without even noting it as a virus. Wrong removal software? It was Fixfun.exe from Symantec.

    • #3616304

      MULTIPLE VIRUSES – NEED REMOVAL

      by robert_smith ·

      In reply to MULTIPLE VIRUSES – NEED REMOVAL

      4) SOMETHING is robbing my personal system on 1MB of RAM – I noticed this in the most easy of ways by looking at the SYSTEM PROPERTIES box of My Computer (Windows Key + Pause/Break key brings this up fast) This always shows 512 MB. Now it shows 511MB. While spending hours online researching various viruses trying to see exactly what I had – I recall seeing some virus that uses 1MB of your system RAM in this manner.

      4) The systems in question often get REALLY SLOW all of a sudden. The mouse freezes for a few seconds then comes back.

      5) When shutting down – all computers used to shutdown all the way to off. Now they say “You can now safely power off your computer or press CTRL-ALT-DELETE to reboot and this is not the normal graphic that we used to see with older installs of Win95/98 – THIS IS IN PLAIN TEXT in the upper left corner of the screen.

      6) Logging into the network take 30 seconds or so when it used to take 3-4 seconds. (That 1MB is doing something…)

      7) Most noticable is the proliferation of files that just APPEAR in the Windows directory beginning with ff, fff, or ffff and lots of numbers and dashes all ending with .TMP. An actual file name that just created moments ago is:
      ff8391d9_{C55CCEC0-C6E2-11D5-9249005004C2E3C9}.tmp

      I had just deleted 30 of them 15 mins ago and two are back – this is on two machines here, the Windows Millenium PC and my Windows 98 SE PC.

    • #3616299

      MULTIPLE VIRUSES – NEED REMOVAL

      by robert_smith ·

      In reply to MULTIPLE VIRUSES – NEED REMOVAL

      The bottom line here is: I know how to backup and perform government level wipes of hard drives, check for boot sector viruses, etc. But thus is the first time I have encountered something I cannot detect even at this point but still exhibits all the symtoms. We have backed up most of the affected systems, but many applications and data we cannot afford to lose and need to migrate to new systems – but only after they are confirmed CLEAN. We are actively copying data only (no executables or files that are likely infected- but we will build a clean VIRUS REMOVAL station today for scanning all CD-ROMS and floppies – we could use some BEST STANDARDS OF PRACTICE advice here on doing this. Again we want to make CERTAIN that none of these malicious viruses/worms or trojans are following us to the new systems. If I notice any new symptoms I will post more comments.

      I need a solid ANTIVIRUS BEST OF BREED software recommendation – and advice from someone who does this sort of thing regularly and WINS the battles against these viruses more often than losing them. So 9,000 points go to “my champion” who saves the day… to the victor go the spoils! All solid advice will be rewarded if it helps at all and is not commonplace knowledge read off of some website. We will just up the point value if we get alot of good advice from alot of people – but ideally we seek an antivirus guru to get this done quickly and efficiently and award him or her all of the 9,000 points. Help us please! And thanks in advance!

    • #3616298

      MULTIPLE VIRUSES – NEED REMOVAL

      by robert_smith ·

      In reply to MULTIPLE VIRUSES – NEED REMOVAL

      Point value changed by question poster. Lets make it a nice round figure….

    • #3616204

      MULTIPLE VIRUSES – NEED REMOVAL

      by mike (from canada) ·

      In reply to MULTIPLE VIRUSES – NEED REMOVAL

      Nice speech! these are my thoughts.

      If you have a bios with a disk utility, then use that to wipe out your hard drive. this will delete all viruses, files and make it unreadable in dos! If you dont have one, download an external disk wiping utility and run that off of a floppy. Now Use FDISK to create a new partition then format the drive. Now you have an empty drive with no viruses. Now copy all of the files back to the windows folder. Run the virus scanner to see which files are related tothe virus and delete all of them. If you cant run windows adter that, then download the same files you deleted off the internet. these ones probably wont have the virus.

    • #3616175

      MULTIPLE VIRUSES – NEED REMOVAL

      by computechie ·

      In reply to MULTIPLE VIRUSES – NEED REMOVAL

      I had a very similiar experice to yours on our LAN recently, and here’s what we did to get rid of it. We switched from Norton Anti-Virus to Trend Office Scan. After installing the Trend software, we started to notice virii on machines that Norton had said were clean… We brought our servers down, as they were infected, and would take more cleaning. With the servers down, we powered off all hubs and switches to keep the virus from spreading via the network. We went from machine to machine and ran the Trend Office Scan (with the newest available updates) and let it clean the virus. Any machine that could not remove a virus, was powered down and brought to our office for further work. After each machine was cleaned, we turned them off, and told the user NOT to turn it back on until we said so. After cleaning our servers, which took quite some time as many user files were infected, we brought them back online, and powered on our hubs and switches. After we knew FOR SURE, that every machine on our LAN had been cleaned, we let the users know that it was safe to resume using their PC’s. The machines that the software could not remove the virus from, we saved the user’s files and email, and formatted and reinstalled everything on them. This process took us about 2 days to complete, but the virus never showed back up, due to the fact that all machines were cleaned, then left off until we were without doubt sure that every machine was clean. Cleaning virus’s that spread via the network are very hard to get rid of any other way, and this is the only way we have found thus far to get rid of them, and not have them come back. I would highly recommend products from Trend Micro, as they are the only solution that seems to find all virus’s, and does a very good job of getting rid of 99.5% of them.

      • #3616173

        MULTIPLE VIRUSES – NEED REMOVAL

        by computechie ·

        In reply to MULTIPLE VIRUSES – NEED REMOVAL

        Ran out of room there…

        The Norton products are no longer used by us, nor myself personally because they just let too many things slip by. Trend does a very good job at releasing updates as soon as they find a new virus. They usually have updates several times a week in fact, where Norton usually had a few updates per month. I wish you the best of luck conquering that virus, and if you need any more help, email me and I’ll be glad to help in any way.

      • #3662941

        MULTIPLE VIRUSES – NEED REMOVAL

        by robert_smith ·

        In reply to MULTIPLE VIRUSES – NEED REMOVAL

        The question was auto-closed by TechRepublic

    • #3637020

      MULTIPLE VIRUSES – NEED REMOVAL

      by ddraigcoch2 ·

      In reply to MULTIPLE VIRUSES – NEED REMOVAL

      Go to start, find, files & folders and type flcss.exe ? if your system detects the file, delete it. Then go to the sites below for further advice:

      http://pspl.com/virus_info/win32/funlove.htm http://service1.symantec.com/sarc/sarc.nsf/info/html/fixflc.html

      Download CLEANFLC.EXE to a clean system,and save CLEANFLC.EXE into a floppy disk, Write protect the floppy disk to prevent it from becoming infected with FunLove.

      The fff.tmp files you keep seeing are actually being created by Machine Debug Manager which is installed as part of Office 2000. To disable this, go to start, run and type msconfig then press ok. Go across to the start up tab and uncheck it. This program is not required. You can therefore delete the file mdm.exe to prevent it recurring. All your fff.tmp files can be deleted.

      Caroline

    • #3637388

      MULTIPLE VIRUSES – NEED REMOVAL

      by tjc ·

      In reply to MULTIPLE VIRUSES – NEED REMOVAL

      I say you need to get a copy of mcafee anti-virus http://www.mcafee.com – you will need to take down the servers and clean each one off and install Netsheield and then go around and use Netshield to clean off each workstation.

    • #3637381

      MULTIPLE VIRUSES – NEED REMOVAL

      by gabacious ·

      In reply to MULTIPLE VIRUSES – NEED REMOVAL

      I don’t think the resolution to your problem lies in which brand of AV software you choose, all the major players are pretty comparable.

      You do need to make sure your definitions are up to date — did you update the PC Cillin defs after you loaded the software? Out of the box they won’t be current.

      If you suspect you have funlove on any of your workstations, get them off your network immediately. It is also possible that if funlove was detected and cleaned, that some of the windows and/or other executables were deleted in the cleaning process and are manifesting system instability. If your users have rights to write to server directories, you must also scan your network servers and you might strongly consider bringing disabling login to the network until scans are complete.

      It strikes me, though, as odd that your workstations wouldn’t begin manifesting the symptoms of potential infection until after you changed AV software and scanned all the workstations. It may simply be the case that the new AV software is not configured correctly for your environment and is causing some instability. For example, if there is separate scanning software running on your servers, you would want to exclude your workstation client fromscanning network drives or you may get some contentions.

      Re searching by symptoms, you can do so at last at http://www.sarc.com — go to the expanded virus list and type in “mouse” in the criteria window and you’ll get 36 hits.

      Hope this helps somewhat.

      G

    • #3637332

      MULTIPLE VIRUSES – NEED REMOVAL

      by jon pratt ·

      In reply to MULTIPLE VIRUSES – NEED REMOVAL

      Robert,
      There have been several recommendations for using TrendMicro’s virus solution and I agree with those suggestions(I use it on my network and it seems to be the best out there). When I’ve had viruses that are undedectable but the symptoms are present I employ a useful little tool that comes with the Visual Studio 6.0 programming suite called SPY++. Spy allows you to spy ALL and I do mean ALL processes and threads that are running on a machine. It also gives you the ability to capture the individual windows’ messages(API calls such as WM_LButtonDown = left click by mouse) that are going to each window. I once used SPY++ to track down a password capturing vyrus that had been loaded on a machine. Using SPY++ I was even able totrack down an ICQ account that was recieving the captured passwords. I’m not sure if you can get the tool without purchasing the entire Visual Studio package but if you’re determined to root out the vyrus(s) and conventional scanning isn’t producing results then you might want to see if doing a little SPYing will expose the culprit. Good Luck!

    • #3637326

      MULTIPLE VIRUSES – NEED REMOVAL

      by paul d. masley ·

      In reply to MULTIPLE VIRUSES – NEED REMOVAL

      Robert:

      Welcome to the virus world. I ran into this problem with Norton Antivirus about six months ago. My problem was a little different. I had a virus that attacked Norton itself, then Norton attacked my systems. The strangest thing is thatthe attack occurred after an update of the definitions. It spread through my network, first the work stations, then the servers. The result was that Norton said the system(s) were clean. As I run a simple network, have a general main backup, and update every night, shutting down sections did not pose a problem. I completely closed off a subnet, and unplugged the router. Completely reflashed this section and reinstalled Norton and the update. RETURN OF THE VIRUS!!. I did not install the virus. The subnet (server down) was not even up. All workstations were infected and not even connected together. This pulled my hair.

      My solution, was a simple free to home user virus detection program from CAI. It traced the virus direct to the Norton Update. Needless to say, Norton is now drawing dust on the top shelf. CAI bought their license right out fromm under them. CAI updates their protection dailey. It is an instant update. I have not had a penetration in six months.

      Paul

    • #3624546

      MULTIPLE VIRUSES – NEED REMOVAL

      by vagab0nd ·

      In reply to MULTIPLE VIRUSES – NEED REMOVAL

      Well, here are some ideas.

      First of all – try DOS virus scan on infected PC not connected to network – this doesn’t require installation and cleans up system files as well as infected Antivirus (it’s not a joke, there are several viruses that infect AV soft and therefore can not be cleaned by it) as these files are usually cannot be cleaned under Windows. There are two quite good products called Dr.Web and AVP which are not so well known as they are made in Russia, but they do their work great and both available in Win32 and DOS versions.
      Then if you still in trouble – try installing different AVs on different infected PCs – this may give you some really interesting results 🙂 – there is no single AV that can find all viruses (it’s true, no matter that they all promise “ultimate virus protection”).
      If you have connection to internet – check Symantec on-line security scan – it will scan your PC for most of known trojans – you might be uploaded a virus each time you clean it (it’s much easier than you might think – especially if you have a permanent connection to I-net).

      I’ll make comments if I have more ideas.
      Good luck

    • #3624416

      MULTIPLE VIRUSES – NEED REMOVAL

      by brian.krause ·

      In reply to MULTIPLE VIRUSES – NEED REMOVAL

      I have desktop virus protection update responsibility for about 700 users. The NT login script always runs the latest McAfee SuperDat update in the silent mode when each user logs in. This way the desktop is kept up to date with the newest .DAT files. I also force a scan of their entire HD once a week at login thru the script. This will still not protect from viruses like NIMDA which got spread before .DAT protection was available. Just my .02$

    • #3624306

      MULTIPLE VIRUSES – NEED REMOVAL

      by estebandelatorre ·

      In reply to MULTIPLE VIRUSES – NEED REMOVAL

      Hi,

      If you suspect you have funlove on any of your workstations, get them off your network immediately.
      It is also possible that if funlove was detected and cleaned, that some of the windows and/or other executables were deleted in the cleaningprocess and are manifesting system instability.
      If your users have rights to write to server directories, you must also scan your network servers and you might strongly consider bringing disabling login to the network until scans are complete.

      The fff.tmp files you keep seeing are actually being created by Machine Debug Manager which is installed as part of Office 2000.
      To disable this, go to start, run and type msconfig then press ok.
      Go across to the start up tab and uncheck it.
      This program is not required. You can therefore delete the file mdm.exe to prevent it recurring. All your fff.tmp files can be deleted.

      The way that I wlii take is:
      Disable logins to the network.
      Double check that the trend antivirus system has the lastest virus list and the latest scanning motor. MANY times, the scaning motor fails to update all dll’s or entries in the registry. You first need to know that your antivirus is working fina and correctly licenced in order to work properly.
      Setup a clean new machine, setup the antivirus, connect to the network shares and start browsing files. The utility (if working fine) should detect virus once you click a folder under the explorer. No need to open the file, this is important.

      • #3624305

        MULTIPLE VIRUSES – NEED REMOVAL

        by estebandelatorre ·

        In reply to MULTIPLE VIRUSES – NEED REMOVAL

        Once you check that a workstation is antivirus protected and shielded from the virus onto the server, setup the AV into the server. From the wks you can check if the server instalation was able or not to clean files!!!. This is important.
        Also makea scan & report first, in order to have a list of infected files, speccialy those .exe files that belongs to the OS. You should replace them prior a scan & remove.
        Once the server is clear and shielded, start with the workstations, one by one, thusis installing AV locally & manulally(recommended) or using the trend’s script
        Hope it helps!!

      • #3662890

        MULTIPLE VIRUSES – NEED REMOVAL

        by robert_smith ·

        In reply to MULTIPLE VIRUSES – NEED REMOVAL

        The question was auto-closed by TechRepublic

    • #3624270

      MULTIPLE VIRUSES – NEED REMOVAL

      by stormin2b1 ·

      In reply to MULTIPLE VIRUSES – NEED REMOVAL

      I would run ontrack System suite 4.0 has a very good virus program and gets updates just about every other day.
      it tends to get the brand new troj. viruses.
      it also works well with norton as a live scanner.
      and ontrack as the main engine.
      Stormin

    • #3638229

      MULTIPLE VIRUSES – NEED REMOVAL

      by lordinfidel ·

      In reply to MULTIPLE VIRUSES – NEED REMOVAL

      Robert,

      Your best bet here is to start sifting thru your registry.

      If you have multiple virus’ on your system, first… Disconnect it from the network.

      Next open up my computer and go to view/options and make sure that you can see all hidden and system files, and unhide extensions of known files.

      This will allow you to see everything on your system.

      Next look in your start up folders/autoexec.bat/config.sys. Look for anything odd that is not supposed to be there.

      If there is something there, write it down. The exact name. Then right click on it and get it’s properties and location. Especially the Date/Time.

      Once you get the name for it, go to one of the anti-viral sites like mcaffee or trend micro. Look for removal instructions, try to stay away from the programs. The reason is is that you want to go thru this line by line to disinfect your system.

      Now you may want to go thru your registry at this time (start/run/regedit) Do a search for ff8391d9. See what is there and what it associates itself with. Write down everything you see.

      You may also want to see if you have some sort of IRC trojan/zombie on your system.

      Open a command prompt (start/run/command) and type in netstat -a Look for anything that is odd, nothing should be trying to connect to any odd ports/foreign address.

      • #3638226

        MULTIPLE VIRUSES – NEED REMOVAL

        by lordinfidel ·

        In reply to MULTIPLE VIRUSES – NEED REMOVAL

        Once you have everything written down that seems odd.

        Start searching for any files that match the date on any files that you found.

        Look at each one and note it’s name. If you see a whole bunch of files that match the same date/time, then you have a good clue to look at.

      • #3638223

        MULTIPLE VIRUSES – NEED REMOVAL

        by lordinfidel ·

        In reply to MULTIPLE VIRUSES – NEED REMOVAL

        **************************************************************READ***********READ****************

        For Fun Love read this document… Very Important

        http://download.nai.com/products/Mcafee-AVERT/CLFunLove.rtf

        Also here and do a search for funlove
        http://vil.mcafee.com/default.asp?

      • #3638216

        MULTIPLE VIRUSES – NEED REMOVAL

        by lordinfidel ·

        In reply to MULTIPLE VIRUSES – NEED REMOVAL

        Next as far as Antiviral Best Of Practices.

        99% of all viruses are transferred via e-mail, including trojans.

        So the question is how do you stop virus from coming thru via e-mail.

        First what kind of e-mail gateway are you using?

        The combination that I use is Exchange with mcafee Groupshield 4.5 sp2.

        All desktops have Mcafee Virscan 4.5 installed.

        At the e-mail gateaway (exchange) I block the following file extenstions:??_,000,386,a,acm,asp,ax,bak,bat,bin,cab,cat,cfg,chm,com,cpi,cpl,dat,dev,dll,dnu,dot,drv,enu,esn,exe,fnt,fra,h,hlp,hta,htt,hxx,ice,inf,ini,iss,ita,jfx,js,jse,lnk,log,mod,msc,msi,nls,nt,ocx,olb,ole,pci,pdf,pif,pot,prx,qtp,qts,qtx,reg,rnd,scr,sep,sex,shs,sql,str,sve,sys,trn,twd,twm,uce,vbe,vbp,vbs,vxd,wsh,xxx
        This allows me to have full control over what enters my network.

        After 1 1/2 years of this setup- we have not had a single instance of a virus infecting our network.

      • #3662933

        MULTIPLE VIRUSES – NEED REMOVAL

        by robert_smith ·

        In reply to MULTIPLE VIRUSES – NEED REMOVAL

        The question was auto-closed by TechRepublic

    • #3616585

      MULTIPLE VIRUSES – NEED REMOVAL

      by sixfourtykilo ·

      In reply to MULTIPLE VIRUSES – NEED REMOVAL

      VIRUS SCANNERS:
      Ok I’m seeing alot of “beating around the bush” answers but nothing really solid. One person mentioned that pretty much all of the major virus utility manufacturers are comparible to each other and tend to release updates as soon as new viruses arrive. I think what your company ultimately relies on for detection is what is most compatible with the programs it runs. Norton AV is very good and reliable but I don’t know of too many companies that run it. McAfee is excellent, easy to distribute but has alot of overhead.

      VIRUS INFORMATION:
      You mentioned several times indications of a CMOS virus but nobody approached it. You can FDISK your computer all you want, but until you clean your CMOS, the virus won’t go away.You absolutely MUST disconnect the infected PCs from the network and clean them every which way you can. McAfee comes with a boot system so that it ensures that the bootable floppy you use is clean in order to clean an infected system. There are also utilities you can find that clean the CMOS specifically.

      DISASTER RECOVERY:
      It may be that these systems need to ultimately be rebuilt. Sometimes chasing around the virus can be a nightmare. You may think that every systems has been cleanedand then it pops up out of nowhere. Its NOT a very pratical solution, indeed, but in the same respect you may be able to work with McAfee or Norton to track down this virus and clean it once and for all.

      ADDITONAL INFO:
      I’ll post more info if Icome up with some for you.

      640k

      • #3553755

        MULTIPLE VIRUSES – NEED REMOVAL

        by sixfourtykilo ·

        In reply to MULTIPLE VIRUSES – NEED REMOVAL

        ADDITIONAL INFO:
        Its apparant here that everyone agrees that alot of your viruses most likely originated through email. It doesn’t seem the origination is your original problem though. I’d like to know how you are doing with this process and how far along you have come.

      • #3560633

        MULTIPLE VIRUSES – NEED REMOVAL

        by sixfourtykilo ·

        In reply to MULTIPLE VIRUSES – NEED REMOVAL

        DUMB COMMENTS:
        I like how people are saying answers are redundant and then they add to the redundancies… 🙂

      • #3561122

        MULTIPLE VIRUSES – NEED REMOVAL

        by sixfourtykilo ·

        In reply to MULTIPLE VIRUSES – NEED REMOVAL

        MORE ADVICE:
        Was thumbing through your question again and noticed an anomaly: you said you had begun copying data files (not executables) in an attempt to get the systems up and running again. Well you may be shooting yourself in your foot! Ifyou have a nasty enough virus, those precious data files will become infected as well. You really need to find a virus scanner that will check the CMOS and BOOT SECTOR without booting off the installed OS. McAfee provides its own boot files and I believe will allow you to create a bootable CD to ensure the tightest security. 😉

      • #3662942

        MULTIPLE VIRUSES – NEED REMOVAL

        by robert_smith ·

        In reply to MULTIPLE VIRUSES – NEED REMOVAL

        The question was auto-closed by TechRepublic

    • #3616495

      MULTIPLE VIRUSES – NEED REMOVAL

      by mdeshame ·

      In reply to MULTIPLE VIRUSES – NEED REMOVAL

      Ship one of the infected PCs to me, I will then be able to clean the system, and documnet what you need to do step by step with print screens.
      In the mean time turn OFF ALL PCs, printers, hubs, routers, Servers, switches, and anything else that requires electricity.

    • #3627144

      MULTIPLE VIRUSES – NEED REMOVAL

      by chris hirst ·

      In reply to MULTIPLE VIRUSES – NEED REMOVAL

      I think you seem to have a mixture of problems not all actually virus related,

      The erratic mouse behaviour and missing 1M and the strange shut down message could be related, In that the message you see ( if memory serves ) was what appeared afterclosing windows down from running inside a windows dos box eg running a full screen DOS session and then typing win this caused some very strange effects indeed. Also a dos mouse driver installed with the windows mouse driver can exhibit similar problems. So a good place to check would be the config.sys and autoexec.bat for strange commands appearing, As to anti-virus software I have just done the same routine of evaluating lots of products and ended up back where I started and upgrading to the McAfee (Network Associates) Active Virus Defence. We are already using Total Virus Defence from NAI and in 20 months have not had one virus escape onto the network and on average we have 6 incidents each month. The problem of the temp fileswith GUI references is known issue with MS Office as I recall seeing a reference to the issue in a mass of KB articles for a service pack (SP1 I think), Also a lot of problems may be caused by the AV solution evals as all installs and removal leave behind extra DLL etc which can cause unpredictable results you did not state how many m/c you tested the downloads on but if ‘live’ machines have been used, The extra overheads could be contibuting to some of the problems. It would possibly a good investment to have some one take on the task of tracing and solving the issues at you are probably looking at the wrong view, I always look to a second or third opinion from outside if we are getting lost in the problem by looking too far into it, an outside pair of eyes are always useful.
      Hope this helps

    • #3636348

      MULTIPLE VIRUSES – NEED REMOVAL

      by avswamy ·

      In reply to MULTIPLE VIRUSES – NEED REMOVAL

      Halo Mr smith,

      i my self a system admin My network is often bang with virusus-typically i say for cleaning all virusus in this world i can’t say one soft is best i.e., no one is best- every antivirus soft has it advantages and disadvantages u have to decide which one is best in ur kind of network.

      In my personnel feeling is some soft has some advant for some jobs. if the system is infected u must clean on under any cost, so let me explain my personnel exp-here i am clarifing u i am not giving any procedure-i am assuming that u know it. Here i am giving my experience only.

      there are three types basically i configured my self for scanning and cleaning. Before going to the the actual job, let me expaing first

      1. scanning for a virus in ur system-so get the list by which virus ur system is
      infected.

      2. Repairing the system/data files with the cleaning/repaing with a soft-so
      u have got a infected files list.

      3. On the catagory of virus only u have to select the cleaning process-(for
      scanning virus all most all anti virus
      softs are good but for cleaning all are not good).

      My personnel check list for diff type of things is follows:

      a. If the system is infected with boot sectorvirus then cleaning/repairing
      soft is norton.

      b. If system is infected with malicuous virus then cleaning/repaing soft is mcafee.
      c. If the system is infected with trojans then cleaning/repairing soft is pc-cilin.

      I am not saying this is only the best oneto do the things, this is my personnel experience and i make this list, for ur type it may vary-but i should say one thing u also has to make a check list on ur finding
      and trouble shouting, later on u can follow ur own way.
      Finally i will say oneword- There is no definitions for any kind of work u have to
      make ur own definition. if u want any further help feel free to contact me.

      i hope u get a way

      swamy

    • #3553897

      MULTIPLE VIRUSES – NEED REMOVAL

      by pyromaniac ·

      In reply to MULTIPLE VIRUSES – NEED REMOVAL

      I don’t know how many machines are on your network but if you have the problems as you stated (this is just my opinion) I would go through and find the user files and files containing un-replacable data that are not infected and back them up on diskof cd. Once you have those stored securely I would take any important data that it infected and back it up to a sererate disk and use which ever of the AV programs you have found to work the best to clean them. After you have that done I would take every thing offline and reformat and reinstall all of your server and workstation software, and put the backed up files back in place. I will not make any suggestions as to what AV or security software you should run as I do not know enough about younetwork situation, and it’s mostly opion about what works best for this or that anyway. I know this is probaly not what you want to hear but it may be the best way to be sure you have eliminated all the virus’s you have.

      • #3553894

        MULTIPLE VIRUSES – NEED REMOVAL

        by pyromaniac ·

        In reply to MULTIPLE VIRUSES – NEED REMOVAL

        Also I just thought about this. Most of your virus’s are probably coming through email, so you may want to hold the email on the server(or a seperate serverif posible) and screen it there then desiminate it to every one after you check it for virus’s. Doing this and limiting what your users can access on the www should keep your virus’s to a very small amount and you would be able to keep email virus’s confined to one machine. Hope I was of some help. Contact me if you have any Q’s for me or I can help in anyother way.

      • #3662934

        MULTIPLE VIRUSES – NEED REMOVAL

        by robert_smith ·

        In reply to MULTIPLE VIRUSES – NEED REMOVAL

        The question was auto-closed by TechRepublic

    • #3554473

      MULTIPLE VIRUSES – NEED REMOVAL

      by otl ·

      In reply to MULTIPLE VIRUSES – NEED REMOVAL

      Logically speaking have you tried a “clean OS” and move the files to that computer (off line)with anti-viral software running? Then reload the server and reload the anti-virus and run it? This will take away most of you weekend, but will make you a hero, if you can clean up the system while preserving the data.

      Looking back the fff*.tmp is a c:\windows files that appears after IE is loaded an run, could this be a function of IE logging, will try to report after reboot on this particular question.

      • #3563988

        MULTIPLE VIRUSES – NEED REMOVAL

        by otl ·

        In reply to MULTIPLE VIRUSES – NEED REMOVAL

        They still come back after dumping the IE logging also creates temp*.$vm files will subscribe to question to see if anyone has a good fix without running a “DEL C:\WINDOWS\ff*.*” and “DEL C:\WINDOWS\TEMP*.*” on startup. To keep the Windows dir clean.

      • #3570995

        MULTIPLE VIRUSES – NEED REMOVAL

        by otl ·

        In reply to MULTIPLE VIRUSES – NEED REMOVAL

        The temp*.$vm ‘s quit after turning off the logging. Still have not found what is causing the ff*.* files, although they only started after IE was invoked.

      • #3662876

        MULTIPLE VIRUSES – NEED REMOVAL

        by robert_smith ·

        In reply to MULTIPLE VIRUSES – NEED REMOVAL

        The question was auto-closed by TechRepublic

    • #3552777

      MULTIPLE VIRUSES – NEED REMOVAL

      by csmith ·

      In reply to MULTIPLE VIRUSES – NEED REMOVAL

      I have run into this problem of Norton not detecting certain viruses, even with the latest updates.
      We use a “throw the sink at it” approach.
      We will scan with Norton, Mcafee, and Trend, as a start.
      The virus mentioned, that is a retrovirus that attacks Norton, may be a version of “The Monk”.
      It is very rare, but it is a bastard to get rid of. (It diables Norton, and inserts itself into NAV files.)(Use McAfee on a boot floppy for first cleaning attempt, then Trend. )
      Zero Filling the hard drives is the only true way to insure a clean drive. A scrambled drive can still be infected.
      Good Luck.
      Regards, Chris

    • #3552765

      MULTIPLE VIRUSES – NEED REMOVAL

      by bhrdwh ·

      In reply to MULTIPLE VIRUSES – NEED REMOVAL

      Norton does the work pretty well. But for some unique viruses you need individual tools.
      akash

    • #3555411

      MULTIPLE VIRUSES – NEED REMOVAL

      by istal ·

      In reply to MULTIPLE VIRUSES – NEED REMOVAL

      Just try this url :

      housecall.antivirus.com!!!

      All best.

    • #3565033

      MULTIPLE VIRUSES – NEED REMOVAL

      by bjewel ·

      In reply to MULTIPLE VIRUSES – NEED REMOVAL

      From BJewel

      Best thing in my opinion
      if you have copies of all your work….
      If you dont first copy everything….

      Then completely erase everything on your hard Drive S,
      Reboot your PC
      Erase everything Totally
      Start all over
      With everything Clean
      Then reinstall your software…

      If you freq browse the net
      the I would suggest you purchase a fire wall blocker
      which is not software
      I am talking about a piece of Hard ware
      This will block most unwanted stuff
      & secure your Pc muchtighter….

      I think ours is ‘Link sys’ but dont quote me !!

      hahaha
      I hope this helps You

      Blessings….

      BJeweled!

    • #3565757

      MULTIPLE VIRUSES – NEED REMOVAL

      by philthegreat ·

      In reply to MULTIPLE VIRUSES – NEED REMOVAL

      I have met a strange experience like that; but I use a very special way to solve it.
      I get all the recommended anti-virus scanners (trial version; with updated virus updates)

      I have found that some anti-virus scanners can kill some virus that others cannot kill.
      (This has been confirmed by a report; but I have forgotten the link; I will provide this if it is needed.)

      Try the following ones (together one by one) if you still have scanned the virus with Norton:
      1) F-secure Anti-virus
      2)McAfee Virus Scan 6.01
      3) Trend Micro’s PC-Cillin 2000

      I am sorry to tell you the truth is “No anti-virus scanner is absolutely powerful to kill ALL virus.” Sometimes a multi-scanner is a must for dangerous situation.

      But the best way is to prevent it:
      1) from the internet
      2) from the staffs’ floppy disks and behavior (don’t install or use foreign disks).
      A detailed suggestion on all the prevention strageties may be found in techrepublic or internet.

    • #3563659

      MULTIPLE VIRUSES – NEED REMOVAL

      by pan 13 x ·

      In reply to MULTIPLE VIRUSES – NEED REMOVAL

      we use the Norton 2001 corp. edition for servers and workstations. the software is better the the standard home version. we also use mcafee and v-scan. with the 3 virus programs running and updating every day at mid-night there is usually nothing that gets by.

    • #3566159

      MULTIPLE VIRUSES – NEED REMOVAL

      by m8dmechanic ·

      In reply to MULTIPLE VIRUSES – NEED REMOVAL

      Well, I agree with alot of these answers but overall they are missing one thing which I will get to later.

      1. Most AntiVirus tools are the same.

      2. Yea, ship your fastest most expensive server to me and I will make sure that the thing is damnclean before I load my software on it.

      3. Wiping your hard drive is great but don’t forget about the boot sector. A simple “format c:” does not wipe your Master Boot Record. You must do a “format /MBR” 3 times for luck.

      4. Try running “drwatson”. This is an often overlook tool in 98. But it works. I bet that you have a program called slave.exe or something similiar running as a service. And be warned do not try and remove that baby alone as alone the master can. Look it up.

      I do not have much time to really look over this case but thought I might mention these tidbits as they seem more useful then some of the repetitive junk.

      Write me if you still encounter the problem.

    • #3561378

      MULTIPLE VIRUSES – NEED REMOVAL

      by psychokitty2 ·

      In reply to MULTIPLE VIRUSES – NEED REMOVAL

      after skimming the answers here is what i would do:

      save work on floppies
      format c:
      install dos 6.22
      enter command fdisk /mbr

      install software

    • #3552085

      MULTIPLE VIRUSES – NEED REMOVAL

      by yves ·

      In reply to MULTIPLE VIRUSES – NEED REMOVAL

      I can’t help but ask some questions:

      1. Was your NAV an Enterprise edition? If, no, did you fine tune it (Options)?
      2. What’s on your server (OS, messaging), do you have a server at all?
      3. DO you have the latest patches for 98SE (shut down problems…)?
      4. What new systems will you get (OS, apps…)?

      just to shed some lights on the scpe of the problem (if, by now there is still problems…

    • #3551304

      MULTIPLE VIRUSES – NEED REMOVAL

      by ericl ·

      In reply to MULTIPLE VIRUSES – NEED REMOVAL

      Robert did any of the Answers help if so which? Thanks. Hope they helped you out. There where many good answers.

      Eric

    • #3550854

      MULTIPLE VIRUSES – NEED REMOVAL

      by bhrdwh ·

      In reply to MULTIPLE VIRUSES – NEED REMOVAL

      1. Most AntiVirus tools are the same.

      2. Wiping your hard drive is great but don’t forget about the boot sector. A simple “format c:” does not wipe your Master Boot Record. You must do a “format /MBR” 3 times for luck.

      3. Try running “drwatson”. This is an often overlook tool in 98. But it works. I bet that you have a program called slave.exe or something similiar running as a service. And be warned do not try and remove that baby alone as alone the master can. Look it up.

      I do not have much time to really look over this case but thought I might mention these tidbits as they seem more useful then some of the repetitive junk.

    • #3563473

      MULTIPLE VIRUSES – NEED REMOVAL

      by tar12 ·

      In reply to MULTIPLE VIRUSES – NEED REMOVAL

      A couple of things you might try:
      First of all – upgrade the bios on the affected computers if there is an upgrade available. this should wipe out any residual of the virus’ left in the boot sector.

      Second – use of Trend MicroScan is a good idea. This product saved us thousands of times. Make sure that the dat files are automatically pushed to your lan computers regularly (we did it every friday at noon).

      Next – you didn’t say what email program you are running so I’ll assume exchange. Trend makes an exchange companion for scanning email coming in before it ever hits the users computer. I think the name was Trend MicroExchange, but don’t quote me. This program literally would catch thousands of bugs each week.

      Another option is to limit the types of files coming into your email program. This can be done through the exchange server. Make sure that no .vbs, .exe, or other potentially bad extensions can be brought in. By quarantining these within the virus program you can look at them individually and relay if necessary. However, it does eliminate a great deal of the “oops I opened an email and it was a virus” problem.

      Trend is probably the best product I have come across. If you need further clarification on anything in this message let me know. Hope this helps.

    • #3571318

      MULTIPLE VIRUSES – NEED REMOVAL

      by lsoper ·

      In reply to MULTIPLE VIRUSES – NEED REMOVAL

      I went through much of the above, removing entries from the registry etc., but found that they just came back. Then a virus advisor at Norton ($35.00) asked me to read off the startups I had. There was one that he didn’t recognize and neither did I.It had a logical and innocuous name like “PowerManager”. On deleting it and scrubbing the registry once again, the virus was gone for good. And I was ready to re-format. Note also that the re-infecting file may have a variety of names. Look for something strange.

    • #3571194

      MULTIPLE VIRUSES – NEED REMOVAL

      by wim vermeer ·

      In reply to MULTIPLE VIRUSES – NEED REMOVAL

      Maybe this may solve (at least part of) the problem
      1- keyboard lockups and crashes of KERNEL processess. Seems to be inherent to MS Windows; don’t the promise “a more stable system” each and every time ?
      2- Mouse not responding. Not sure why, this could be part of Plug and Pray (have problems after you installed new hardware ?)
      3- 512MB changed into 511MB. MS has a ‘unique’ way of calculating free space (my 1.44 MB disk only holds 1.38MB).
      4- The system gets real slow of a sudden. Has MS FastFind activated itself? Check settings of MS scheduler
      5- shutdown: the box seems to indicate WindowsNT or 2000 (or other corruption)
      6- logging on. Has anything changed in the
      protocols you use when you introduced a new computer?
      7- MS seems to like zero length files (MSCREATE.DIR is one with is particularly pointless). The ff*.tmp files appear in pairs when one starts Windows.

      The best solution I can offer is.
      Backup data in readable “open” format (ie can be read by other applications).
      Format harddisks.
      Install another operating system (something beginning in lin- and ending in -ux, ).
      A lot the application for that operating system are quite cheap.
      Not too many virii have been developed for that operating system.

      Hope this helps.

      Wim Vermeer

    • #3569540

      MULTIPLE VIRUSES – NEED REMOVAL

      by greymat ·

      In reply to MULTIPLE VIRUSES – NEED REMOVAL

      Integrity master may help you identify infected files. My only experience with it led me to ditch it as too cumbersome, time consuming and high maintenance as virus protection, but my understanding of it is that it could detect your virus if you run a few full scans and your computer inbetween.

      Look at http://www.stiller.com/intmast.htm

    • #3570591

      MULTIPLE VIRUSES – NEED REMOVAL

      by dmiles ·

      In reply to MULTIPLE VIRUSES – NEED REMOVAL

      The Virus may have infected the MRB,apperently the disk you are using is reinfecting the computer instead of removing the virus
      Disconnect the computer from the network and start with a backup of the files on the hard drive
      Use a clean,locked bootdisk and run the antivirus from a location other than the hardrive,using a ERD of the antivirus software and run from a DOS prompt,start from a cold boot,using a clean locked boot disk,after boot,eject and insert a clean,locked anti-virus disk,and run the anti-virus from the A: drive
      Using locked disk prevents emergency disk from becoming infected,after this process,reboot the machine from the hard drive and run the anti-virus software.

    • #3547086

      MULTIPLE VIRUSES – NEED REMOVAL

      by maxwell edison ·

      In reply to MULTIPLE VIRUSES – NEED REMOVAL

      I must say that you have an interesting situation and have received a lot of great suggestions. I too think that most virus software is pretty much the same, e.g. Norton, McAfee, Trend, etc. Personally, I’ve had more problems with the McAfee “fixes”, and prefer Norton over the others. I also suggest that you totally rebuild your system. There is too much instability for you to even consider doing otherwise. Save the data on tapes and/or CDs, repartition and reformat the drives, and start fresh.I would even go so far as to flashing the BIOS on all affected machines in case any virus has planted itself there. I believe that a fresh system is the only way you can be certain to be free of them.

      For future prevention, consider this. I’ve focused my efforts not on getting rid of those pesky little rascals once they get in, but on preventing them from getting into my system in the first place. Since then. I’ve caught scores of them trying to get in (by various means), but none have successfully entered and adversely affected my systems. My number one rule is this: If a virus is detected (and, like I said, I use Norton – AND REMAIN CURRENT ON UPDATES), it will be deleted. I never try to “repair” an infected file. I never try to “clean” an infected email. I don’t care what it is or whom it’s from. If a virus is attached to something, it’s gone. I delete it, no discussions, and no exceptions.

      About 20 months ago, TechRepublic had a download available titled, “Virus prevention checklist” A link is provided for anyone who is interested:

      http://www.techrepublic.com/download_item.jhtml?src=search&id=dr00620000330gcn01.htm

      (Don’t forget to remove those pesky SPACES from the pasted URL.)

      I won’t paste the article into this answer, as it’s much too long. But I do adhere to most of the items suggested, and have added some of my own for my particular situation.

      Best of luck,

      Maxwell

    • #3546224

      MULTIPLE VIRUSES – NEED REMOVAL

      by wb7nqm ·

      In reply to MULTIPLE VIRUSES – NEED REMOVAL

      Robert, I am not sure this is still an issue since the original post is almost 2 months old, but … we use Norton’s Corporate Edition on all servers and computers. In the home office, we run the “managed” feature and the Live Update feature at remote sites. We also have Norton’s for Exchange on our email server. We run all updates religiously, MS and Norton?s.
      After getting hit hard by the Nimda virus, we followed the advice given by quite a few others: shut down the network, clean and cleanagain all servers then the individual computers before bringing the network and servers up one by one. We also used Trend Micro’s clean disk along with Norton’s for a complete process, hitting every computer in the company. We had to completely reformat and reinstall about a dozen machines to clean them completely. Additionally, we installed the update patches for IE and Outlook Security. The full process took almost a week but the network and core systems were up in just under 2 days. Consequently, we sailed through the latest threat (goner) with only 2 systems being infected and those we determined the security patches were either not done at all or not done correctly.
      I’m not sure I added anything of value to this discussion. Just thought I would add another “real world” scenario. Good luck and Happy Holidays, Carolyn

    • #3566495

      MULTIPLE VIRUSES – NEED REMOVAL

      by bwalsh ·

      In reply to MULTIPLE VIRUSES – NEED REMOVAL

      1) Find out what virus(s) you have.
      2) If your not sure don’t worry.
      3) From your description it sounds like you have an embedded virus so forget any windows scanning software.
      4) Download a dos based program. F-Prot is my personal favorite though it does have problems with Windows 2000 and I have not tried it with XP machines but the problems are minimal. Also make sure you have the most up to date virus def’s.
      for 95/98/xp
      5) create a dos boot disk (preferably on an unaffected machine). Windows 98 is the best option.
      for 2000
      5) hit F8 during boot up and select the boot to command prompt
      6) boot to dos than copy fprot over to the exposed drive
      7) run f-prot
      8) On the first menu -start- select scan all harddrives; disinfect/query; dumb scan of all files.
      a) Windows 9x machines it will scan all files no problem.
      b) Windows NT machines it scan all non-active files but will list them for you
      9) On the options menu select to scan archives and toggle to scan compressed files
      10) go to start and start the scan.
      11) If virus(s) is found note its name and remove it from your system.
      12) if the virus is known and recognized it will be listed and you will be able to research it via macafee, symantec, newsgrous toidentify the virus its charecterstics and any removal tools currently available.
      13) Once you know what you have you can browse the above sites to find out what the virus does, what files it infects and how to remove it from your system.
      14) develop a removal plan than execute it.
      (sorry out of space but this is the core)

    • #3566348

      MULTIPLE VIRUSES – NEED REMOVAL

      by timthetoolman ·

      In reply to MULTIPLE VIRUSES – NEED REMOVAL

      Hi Robert,

      Is this problem really still open?

      I’m not necessarily saying I’ll be able to fix your problem, but I’m sure as hell not going to waste my time with it if you simply like having you’re problem at the top of the outstanding problemslist…

      How about writing a little more on what you’ve found/tried in the last couple of months! At least let us know you haven’t succumed to a virus 🙂

      Cheers,
      Tim.

    • #3566347

      MULTIPLE VIRUSES – NEED REMOVAL

      by timthetoolman ·

      In reply to MULTIPLE VIRUSES – NEED REMOVAL

      …alright I’m going to answer just in case you might be reading these…

      Firstly you’ll need to identify what viruses you have.

      Only an expert can do that so I suggest you send an infected file on floppy to CA and Norton etc.

      How do you find an infected file?

      You could do the following…

      1. Build a clean system.
      2. Use Norton Ghost to create an image of it.
      3. Expose the clean system to the virus(es) but dont change any files if possible – just run a few things off your infected systems.
      4. Again use Norton ghost to create an image of the infected system.

      Now you have two images. One containing infected files and one not.

      On a clean PC, restore both images to two separate partitions. Dont run anything on the infected one. You dont want to infect anything on your clean PC!

      Do a difference of every file in each partition.

      Different files will need to be examined and you’ll need to decide if its “legitimately different”. For example due to a different SID.

      Put the infected file on floppies and send them away…

      Hopefully Norton et al. will come up with an innoculation for you. Which you’ll be able to apply.

      If you get re-infected, then the virus will be living in the CMOS and you’ll be able to get an expert to help fix that.

      Apply a good virus protection scheme.

      Cross your finger it never happens again…

      Good luck,
      Tim.

    • #3559876

      MULTIPLE VIRUSES – NEED REMOVAL

      by steffen.hornung ·

      In reply to MULTIPLE VIRUSES – NEED REMOVAL

      So, although this might be quite late:
      FIRST TO ALL – have your backups handy?
      No? Then make one NOW! Though your systems are infected, cleaning them without a backup might clean your business AS WELL!

      SECOND – So all your systems are Win95/98/ME?
      Clean your systems from DOS! I recommend the FREE F-PROT – version 3.11 is latest. But from Floppy and check your systems.

      NOT NECESSARY TO TELL: No working on the systems til virus elimination! You NEVER make things better when you let thevirus work. This includes downloading etc.!!!!!

    • #3545158

      MULTIPLE VIRUSES – NEED REMOVAL

      by juanita marquez ·

      In reply to MULTIPLE VIRUSES – NEED REMOVAL

      Some simple points to consider just in case you haven’t…

      Win98 has a bug that messes up operation of comps with over 511MG of RAM installed. You have to manually set it to think it has 511 MGs of RAM else it will function oddly. I don’t know how much RAM your machines have but I had this problem at home and it fixed it. Consult the knowledge database at search.support.microsoft.com/ and do a search on Win98 and 511.

      You may be getting some viruses through old browsers. IE 5.5 and lower have holes that allow certain viruses to be let through simply by browsing sites. If someone at your company is consistently browsing an infected site, this could be part of your problem. You need to make sure your users have the most current versions of IE, Netscape, or whatever ones you use in-house, with ActiveX scripting and so forth disabled. One of our users got a virus this way but fortunately we quarantined it before it hit the network.

      You also need to make sure your company internet server (if you have one) has all current security patches, particularly if you are using IIS. Viruses can take advantage of security holes in these as well.

      Good luck.

    • #3556253

      MULTIPLE VIRUSES – NEED REMOVAL

      by sdraney ·

      In reply to MULTIPLE VIRUSES – NEED REMOVAL

      Robert, I hate to say this but the all-in-one solution you’re looking for doesn’t exist. At least not after you’re infected.
      I’ve dealt with all of the virus/trojan/backdoor symptoms you mention and here’s what I would do…
      1. Lock down you’re mail and access quick. Someone is opening mail/web or .exe files with little regard or knowledge of what could happen if it’s malicious code. Make sure only admins are allowed to install software and make each machine report to you any security breaches/attempts from the user or outside-intrusion. Personally, I’d switch everyone to Win2k or NT4.0sp6a so you can truly lock down your LAN and keep and eye on it. You won’t lose anything with 2K.
      2. Isolate all machines from the LAN physically until they have been cleaned and tested/certified. The trojan/backdoor programs will occasionally use shares to re-infect another machine and you can’t REALLY be sure if it’s on the LAN while being cleaned/tested.
      3. Uninstall all garbage/adware/spyware, etc. and make sure you uninstall ALL virus packages. You can sometimes cause virus-like symptoms by installing more than one package.
      4. I use Norton personally but also recommend McAfee, Network Associates and Computer Associates virus packages. I’ddo some research and see which has the features you need, the control you currently don’t have and which one has the best/longest lasting support because…if all else fails, call-em and see if they’ve dealt with it.
      Thanks,
      Sam.

    • #3566756

      MULTIPLE VIRUSES – NEED REMOVAL

      by colby ·

      In reply to MULTIPLE VIRUSES – NEED REMOVAL

      Please help us here…is this still an issue for you Robert? Here’s my 02 cents

      our organization uses both TrendMicro and Computer Associates since we have found no one antivirus alone to be perfect, these two work great together and don’t trample each other – Norton and Computer associates tend to think each other is a virus and cause issues. I recommend:

      Start/Run/RegEdit

      Go to a folder called:
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
      —Delete all items in here.

      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

      Grab a sheet of paper and write down all items in this folder, the names and keys. Then delete all that are not the antivirus program. The following keys are the only ones that should be there when you are finished (note you may not have ALL of these but there should not be any OTHER than these):

      VetTray, Vet Start Up, and eTrustCIPE

      Install Computer Associates EZ Antivirus: (free 60-day trial here) https://www2.my-etrust.com/commerce/buy.it/Antivirus and then use AutoDownload to get the updated signaures.

      DO NOT REBOOT AFTER THE INSTALL. Open the program and go through the Options/Options Wizard to configure it. Tell it to scan ALL files, not just executables. All other settings should be set.

      Now reboot. After the system is back to the desktop, hit CTRL+ALT+DEL and end-task everything except “explorer” and “systray” and “VET***” (meaning anything starting with VET). Now open up the antivirus program, click the “My Computer” and click the “Go” button. That will verify if all viruses are off the machine.

      Now for trojans….
      I recommend Anti-Trojan by http://www.anti-trojan.net/at.asp?l=en – Install and run under the same manner of the antivirus program – end-task everything but explorer, systray and the virus program then run the scan on all drives on this machine.
      …TO BE CONTINUED…

      • #3566755

        MULTIPLE VIRUSES – NEED REMOVAL

        by colby ·

        In reply to MULTIPLE VIRUSES – NEED REMOVAL

        Report any viruses &/or trojans found to this forum and we can help you remove any the programs could not remove completely.

        If this works, add back in the registry keys you deleted from the “Run” folder one at a time to see if there are any system issues. If there are none, you’re all set. If, after adding back a key, you see an issue, you know what problem is causing it.

        If you still have issues after removing the trojans &/or viruses, first, try running the system file checker from acommand prompt – “sfc /fix” and if that doesn’t stabilize things, I suggest you take the advice of many who have posted before me – reformat low-level. Chances are a virus/trojan changed files that screwed up windows.

        I don’t claim to be an expert at virus removal, but it is one of my jobs and I do it regularly with the procedure I have outlined here.

        Colby Marks
        BurlingtonVT Services
        http://www.BurlingtonVT.Com

      • #3662921

        MULTIPLE VIRUSES – NEED REMOVAL

        by robert_smith ·

        In reply to MULTIPLE VIRUSES – NEED REMOVAL

        The question was auto-closed by TechRepublic

    • #3546123

      MULTIPLE VIRUSES – NEED REMOVAL

      by peter johnstone ·

      In reply to MULTIPLE VIRUSES – NEED REMOVAL

      If looking for a good AV package with a commercial orientation then I would recommend checking out SOPHOS. Goto http://www.sophos.com It is expensive but is certainly one of the best.
      Regards,
      PJ

    • #3546122

      MULTIPLE VIRUSES – NEED REMOVAL

      by peter johnstone ·

      In reply to MULTIPLE VIRUSES – NEED REMOVAL

      If looking for a good AV package with a commercial orientation then I would recommend checking out SOPHOS. Goto http://www.sophos.com It is expensive but is certainly one of the best.
      Regards,
      PJ

    • #3577452

      MULTIPLE VIRUSES – NEED REMOVAL

      by wordmaster1 ·

      In reply to MULTIPLE VIRUSES – NEED REMOVAL

      I run into these problems on a regular basis with a number of clients. Thanks to MS for making such vulnerable OS’s and proggies to help maintain the income of people like myself.

      First, don’t bother to set up any AV software on your computer until you know it is clean. It is too easy for a virus to cause screwy results with a proggie that is set up on your machine.

      Go to http://www.antivirus.com/pc-cillin/support/edisks.htm
      and follow the instructions to make a set of floppies.

      Do this on a clean machine that is totally unrelated to those that have the problem.

      Pick a machine to start on, totally physically disconnect it from all the other machines and follow the instructions to boot from and run the floppies you have made.

      This is of course a slow process, so go to lunch or something while it runs after all 6 floppies are loaded.

      This is always my first step when a client calls. Although I have had to repeat this process a few times, it has, so far, never failed to take care of the problem.

      This needs, of course, to be repeated on all the infected machines.

      BTW, it has been a long time since you put up the question. It is far past time for you to award the points or else let us know that you have tried all the suggestions and nothing worked. I have full confidence in the methodology I have put forth here. I am awaiting word from you….

    • #3576931

      MULTIPLE VIRUSES – NEED REMOVAL

      by mr. ezekial transistor ·

      In reply to MULTIPLE VIRUSES – NEED REMOVAL

      I hate to say you deserve it for trusting Norton and some schmuck but oh well. Mcafee has never let me down and Trend, AVP and FProt beat Norton. If your machines are still networked well you are helping it. Screw Symantec the newer Mcafee removes Fun Loving Criminal fine. You can see what it infects because it increases file sizes 4000 or more bytes. The blank process is FLCSS.EXE running of course it isn’t normal to have it only MS would say that. The virus probably came off the web through ActiveX. As for other infections I couldn’t consider those until you get Mcafee, the latest DAT, a boot disk off a known clean machine and follow http://download.nai.com/products/Mcafee-AVERT/CLFunLove.rtf

    • #3442065

      MULTIPLE VIRUSES – NEED REMOVAL

      by timthetoolman ·

      In reply to MULTIPLE VIRUSES – NEED REMOVAL

      To whom it may concern

      DONT POST TO THIS ANSWER ANYMORE.

      Robert is not interested and continual posts keep it open. Let TechRepublic auto-close it…eventually!

      DONT POST TO THIS ANSWER ANYMORE.

      Cheers,
      Tim.

    • #3440716

      MULTIPLE VIRUSES – NEED REMOVAL

      by amit321agrawal ·

      In reply to MULTIPLE VIRUSES – NEED REMOVAL

      I will tell you. Do the Followings:

      [1] remove all unwanted softwares, wallpapers, screensavers and other that you think are downloaded from the internet on installed from free CDs.
      [2] remove all utilities also like RAMFix. and Others. I am not responsible for the damage if caused to you in this way.

      [3] remove all antivirus softwares also.
      [4] from a fresh CD, or a Dump on even the infected machine, Load McAfee Antivirus select “scan memory before configuring” option also, select “Scan boot records at startup” options, download the latest sdat file from the mcafee site sdat4179 for intel system or as per your system specification and run it.

      [5] open virus scan console and enable Vshield,
      go to configure option also andselect all files.
      in the Action Panel select Automatically Clean,
      and in the exclusion panel remove the dafault entry “recycle bin” on “recycled”.

      [6]then remove all the Network Share on the PC, means no share should be their on the PC on which we are doing all these steps, then go to Network properties and disable file and printer sharing also.

      [7] now you need to disconnect the network cable from the PC.
      [8] reboot the Pc now, then by pressing F8 function key you select the option of DOS Prompt,
      [9] at the prompt, go to the following directory by typing cd command in steps or at one go.
      cd progra~1\common~1\networ~1\viruss~1\40~1.xx\ then press Enter Key.
      then type the following scanpm /ad/all/clean/nobreak

      [10] take a cup of cofee and relax. all your viruss will be cleaned.

      That is for sure.

      [11] if you make any network share please password protect it.

      [12] in case of any question / query please mail me at amit321agrawal@rediffmail.com, and if possible give me more than 10000 points.

      Thanks and Regards,
      Amit Agrawal,

      Executive IT,
      IEnergizer-inc,
      Noida, india

    • #3439424

      MULTIPLE VIRUSES – NEED REMOVAL

      by insatiable ·

      In reply to MULTIPLE VIRUSES – NEED REMOVAL

      Are you still having a problem with your systems?

      I’m a security administrator, as well as system administrator and oversee the networks for our environments.

      You need mor than the antiviral software, deployment and definitions updated on a weekly basis.

      We update our definitions two or three times a week.

      But what I think you truly need is a firewall.

      ZoneAlarm will watch your emails for viruses, and has other security features worked into their packages. If you use it on your local network, it can detect infestation among your other machines, but it will detect any viruses coming through your gateway as well.

      Good luck — and if you still need help — let us know!
      🙂
      Melissa

    • #3439341

      MULTIPLE VIRUSES – NEED REMOVAL

      by robert_smith ·

      In reply to MULTIPLE VIRUSES – NEED REMOVAL

      *********** IMPORTANT – PLEASE READ ************
      This is Robert – and MY GOD – I closed this question back in early December of 2001 when it had 20 or so responses, awarded the points and spent around TWO HOURS giving clear and concise feedback to each and every person who posted an answer to my question. As well I chose the recipients of the points and clicked away and it even showed up on my “MY QUESTIONS” section of the old TR.com page as a CLOSED question. There is NO chance I can personally respond at this point to 50 people (I remind you – TWO HOURS it took to respond to about 20) and I do not have that sort of time. So…. <<< MORE COMING >>>

    • #3439336

      MULTIPLE VIRUSES – NEED REMOVAL

      by robert_smith ·

      In reply to MULTIPLE VIRUSES – NEED REMOVAL

      (continue) So… I emplore you all to be patient and wait until I can personally contact TR and see what went wrong with their servers or whatnot. I have not even checked this account in almost a month and NEVER intended for this to go “seemingly unattended” for as long as it has. HOWEVER: Those mudslingers who would profess that I do not intend to close my question can count on ZERO points and a swift kick in the cyber-pants from me. If you post questions here on TR, and never follow-up and close them – your reputation is affected negatively. People will stop responding to your questions. So aside from that seemingly innocent slanderous remark – I will work out something with TR to see that points are awarded to all those who contributed intelligent content and those who merely said go to http://www.antivirus.com can get exactly what they earned: an education in “No Free Lunch 101”. Put a little more effort into your responses and don’t try to sneak in a little comment and expect points. As to how the points can be divied up – I will work something out and be back in a day or two to see that all is set straight.

      Thank you ALL for you responses, a special thankyou to those who wrote more than a one-liner or semi-paragraph! We need more like you!

      Be well all – J. Smith

    • #3440988

      MULTIPLE VIRUSES – NEED REMOVAL

      by csmith ·

      In reply to MULTIPLE VIRUSES – NEED REMOVAL

      Are You There?
      We run multiple package scans in this case.
      Then install a firewall.
      Regards, Chris

    • #3450051

      MULTIPLE VIRUSES – NEED REMOVAL

      by timthetoolman ·

      In reply to MULTIPLE VIRUSES – NEED REMOVAL

      Well Robert…

      Assuming you meant my attempt at having this question auto closed… If you dont award me points for my thoughtful answer… then Sour grapes, Robert.

      At that time, and for a looong time you WEREN’T interested in the question and it needed to be auto closed. Only the carrot of 10,000 points and being on the top of the list, was too much for most people to resist.

      I cant understand how you missed all those mail messages you must’ve been getting re: people answering your question.

      There must be a further bug in TechRepublic for you to have not been notified!

      You are right about reputations being damaged when questions are neglected. There are thousands of them on TechRepublic. But given the situation, I stand bymy comment.

      I hope you see what’s “right” in this matter.

      Tim.

      • #3419812

        MULTIPLE VIRUSES – NEED REMOVAL

        by timthetoolman ·

        In reply to MULTIPLE VIRUSES – NEED REMOVAL

        And just to prove a point…

        There are three further answers after this! It goes to show that some people dont even read the entire question before answering!

        The question will never autoclose at this rate and its been another 3 weeks since you noticed the problem.

        I assume TechRepublic are dragging their heels on fixing it?

        Maybe you should just add to your “thanks comment”, hit close and be done with it!

        Tim.

      • #3662874

        MULTIPLE VIRUSES – NEED REMOVAL

        by robert_smith ·

        In reply to MULTIPLE VIRUSES – NEED REMOVAL

        The question was auto-closed by TechRepublic

    • #3427589

      MULTIPLE VIRUSES – NEED REMOVAL

      by shawn ·

      In reply to MULTIPLE VIRUSES – NEED REMOVAL

      Robert if you are still monitoring this question, there is one ssoftware solution out there that we feel is the best out of all of the AV’s. The company is Panda at http://www.pandasecurity.com, most people, including every one who has answered this question up til now haven’t either. They are world wide and the write definitions daily, plus there software updates daily, as a matter of fact there software detects and cleans over 61,000 virus as we speak. We went looking for a better solution than Norton/Mcafee/Trend/ etc. and came across panda. Not only is the software transparent at only 3% resources compared to Norton whopping 17%, it also scans at a deeper level than all of the others. Example: it will scan on the TCP/IP level, meaning it willscan email attachments before the are even opened or read, Norton can’t do this. Plus the right alot of the definotions and then sell them to the big guys. WE had a fix for W32/goner the morning it hit the U.S. because they write definitions in spain, and it came from europe first. To make a long story short go to http://www.pandasoftware.com use there active scan, then contact me at shawn@pcgstore.com about purchasing Pandas Global Virus Insurance for your LAN.

    • #3426155

      MULTIPLE VIRUSES – NEED REMOVAL

      by douglas_debow ·

      In reply to MULTIPLE VIRUSES – NEED REMOVAL

      robert

      I’m not sure if your still fighting it ?
      but I’ve moved a few virus that I still can’t ID!
      you’ve got a lot of good advice but. WHEN IT’S A NEW VIRUS and you need to be sure! there are sum
      must’s!

      1 deal 1 on 1 ( one machine OFF NET at a time )
      don’t put it back unill all are clean!
      2 when removing new virus types use QUARANTINE
      most av’s offer this option they all seem to deal
      with virus they can’t clean better this way (also if the scaner can’t clean it quarantine will slow down the infection rate)
      3 flashing a new bios? olny has a chance of removal! FLUSH IT (hardware jumper) this erases cmos
      4 quarantine all floppies and cd-rom’s
      ( get clean copies borrow if you must)
      5 take a “HARDWARE APPROCH”
      remove the harddisk before erasing cmos !
      don’t start a cycle that will reinfect you!
      if nessary boot from a floppy w/cd-rom support
      place all files nessary on the cd-rom
      some virus write to track 0 on H/D so when the machine code run’s. they reinfect!
      6 1 meg of ram missing ? this virus has a fair bit of code written in it! it may be able to mutate or protect it’s self, watch for any changes on every boot! ex: strange letters on the display when machine boot’s (before O/S) cmos virus seem do this when infecting cmos.
      7 when you have a clean system then start on harddisk
      boot from floppy with cd-rom support every time
      untill harddisk clean, run 3 or 4 scanners with latest up grades

    • #3418768

      MULTIPLE VIRUSES – NEED REMOVAL

      by crapaud ergo sum ·

      In reply to MULTIPLE VIRUSES – NEED REMOVAL

      more than one problem you have listed can be in the bios. the virus hides well in there as well as the boot sector on the drives. wiping by jumper or battery is not sufficent. load bios os from manufacturer. the rest you already know, as well as what i have posted is my guess.
      all my best.

      todd

    • #3444502

      MULTIPLE VIRUSES – NEED REMOVAL

      by msh ·

      In reply to MULTIPLE VIRUSES – NEED REMOVAL

      Use macafee and see what happen

    • #3424410

      MULTIPLE VIRUSES – NEED REMOVAL

      by john_smith ·

      In reply to MULTIPLE VIRUSES – NEED REMOVAL

      You have no intention of accepting any of the answers provided and closing this question. So just format everything and start from scratch.

      Big John

    • #3423838

      MULTIPLE VIRUSES – NEED REMOVAL

      by jrincon_v ·

      In reply to MULTIPLE VIRUSES – NEED REMOVAL

      OK you need make an low level format, if yuo don have a tool to make it you need download one, y recomend the ezdrive for disk or the disk manager, the you use the standart procedure to format an reinstall your hard disk ond your software, beware with your bakups before that you install an antivirus tool and upgrade the firms of that.

    • #3447681

      MULTIPLE VIRUSES – NEED REMOVAL

      by daneked ·

      In reply to MULTIPLE VIRUSES – NEED REMOVAL

      I know this is an old question and I hope that you have resolved your problems. However, this is how I would have addressed your problem.

      If you computer is on a network, log-off the network and work off-line. The virus may reinfect a PC as youdisinfect others. If you computer is still on the internet, go to http://www.pandasoftware.com I know you are evaluating a number of anitvirus options, this web site provides an online analysis and DISINFECTION.

      Follow the steps provided for online analysis and removal. Panda will identify your virus. On the home page, select the virus identified and follow their guidelines for removal. Many recent viruses involve registry settings. They may offer a downloaded program to fix this PC. This program usually fits on a diskette and can be used on other PC’s in the network.

      Once neutralized, you should download the full evaluation copy of Titanium Panda and scan again. The first step stops the virus from being active, but you need a fullscan to eliminate the viruses.

      If you are running a network with internet access, consider the Panda Adminstrator – it permits you to install and monitor the anti-virus software from the server. Updates occur as each use logs on to a PC.

    • #3448196

      MULTIPLE VIRUSES – NEED REMOVAL

      by dennis_london ·

      In reply to MULTIPLE VIRUSES – NEED REMOVAL

      Well, you haven’t rated any of the answers and I would imagine you haven’t done all your evaluations either. I normally don’t do this but here goes:
      1. Get rid of Norton AV!!! It made number eleven on the list of “holey software” with 7 securityvulnerabilities. Don’t believe me? Read the article for yourself at(http://www.pcworld.com/features/article/0,aid,62483,00.asp).
      2. Contact your local McAfee rep and place an order. If you need the retail version then go to http://www.mcafee.com. If you are a corporate user then go to http://www.mcafeeb2b.com.

      Don’t even bother testing or evaluating any of the others. If you did any of your research then you’ll find that McAfee’s AV software is far superior according to Hamburg University, Magdeburg, and other AV/Security test centers.

    • #3446792

      MULTIPLE VIRUSES – NEED REMOVAL

      by jereg ·

      In reply to MULTIPLE VIRUSES – NEED REMOVAL

      .

      .

      .

      • #3418397

        MULTIPLE VIRUSES – NEED REMOVAL

        by jereg ·

        In reply to MULTIPLE VIRUSES – NEED REMOVAL

        Ok, I’ll admit it, now that I’ve been pegged. This answer was just a shameless grab for points. So… what? If someone wants an answer, and there have been good ones, and won’t rate the question, sure, I’ll put my name in. My “good” answers have been rejected often enough, I’ll grab points, (and use them for valuable prizes)! See you in a year when this auto-closes.

      • #3662886

        MULTIPLE VIRUSES – NEED REMOVAL

        by robert_smith ·

        In reply to MULTIPLE VIRUSES – NEED REMOVAL

        The question was auto-closed by TechRepublic

    • #3434503

      MULTIPLE VIRUSES – NEED REMOVAL

      by jdestars ·

      In reply to MULTIPLE VIRUSES – NEED REMOVAL

      for erradicate virus their many Case

      1er ?:

      restore master Boot record of station with Bootable Disquette => Fdisk /MBR

      in registry (95/98/NT/2000) check in LocalHKey machine \software\microsoft\windows\currentVersion Key RUn , runOnce RunService and runService once , if No VBS virus are call

      Reboot Station after

      for server a Good solution ,purchase Inoculan Antivirus , we Can protect server and distrib New Patern Files if the station have too

    • #3434016

      MULTIPLE VIRUSES – NEED REMOVAL

      by mr. ezekial transistor ·

      In reply to MULTIPLE VIRUSES – NEED REMOVAL

      Die topic die! jreg nice answer, lots of effort like Mshs’ response! Dennis London that isn’t very ethical acting like an impartial user while whoring for Network Associates and trashing your competition. But then Robert Smith isn’t very ethical in NEVER awarding 1 point on this much discussed question.

    • #3433179

      MULTIPLE VIRUSES – NEED REMOVAL

      by maxwell edison ·

      In reply to MULTIPLE VIRUSES – NEED REMOVAL

      Robert,

      With all due respect, you’ve received quite a few excellent replies (Including my own, of course), and have yet to provide any feedback to any of them. I’m certain that there are many people who would welcome that feedback, whether it be positive and accepted or negative and rejected. Something is better than nothing.

      What have you done to resolve your virus issue? Is this in fact still a problem? What have you found out up to this point? Please advise those who gave up their valuable time in an attempt to try and help solve your problem. They will all appreciate it.

      Regards,

      Maxwell

    • #3434332

      MULTIPLE VIRUSES – NEED REMOVAL

      by williamscott ·

      In reply to MULTIPLE VIRUSES – NEED REMOVAL

      I feel your pain, i had the same thing happening to me… (more or less) pretty much all of the symptoms that u have described happened to me.

      Well, the only way i could fix the problem was by formatting my computer by using a Windows Boot Disk and formatting the computer using the nice handy command…

      format

      never use the /q extension on the format command because it still leaves some traces of your former system (although not visible from DOS) but when i reinstalled windows again the viruses were still there, so DO NOT format with the /q extrension.

      Just format your computer… that is the only thing that will rectify the problem.

    • #3435437

      MULTIPLE VIRUSES – NEED REMOVAL

      by tsimmo67 ·

      In reply to MULTIPLE VIRUSES – NEED REMOVAL

      Hi,
      In my opinion there is 2 choices you have.
      1.Format
      put the boot disk in and reboot the computer.
      boot in command prompt
      get into A:\
      type format
      press enter.

      2. buy a new harddrive

      Hate to say it but with this many problems these are probably the quickest and cheapest alternatives
      -Travis

    • #3422396

      MULTIPLE VIRUSES – NEED REMOVAL

      by mrspock57 ·

      In reply to MULTIPLE VIRUSES – NEED REMOVAL

      Hi Robert. I use, with very good results, the products from Aladdin (http://www.esafe.com/). They have a full line of security products, including a free antivirus (eSafe Desktop) with a personal firewall. The virus tables are updated each 10-15days with hot-fixes if necessary.

      Good luck.

    • #3442674

      MULTIPLE VIRUSES – NEED REMOVAL

      by purple713 ·

      In reply to MULTIPLE VIRUSES – NEED REMOVAL

      Go to http://www.datafellows.com. F-Prot is a good product for removing viruses that are memory resident. You may want to test a new hard drive in the system just as a test. Hope this helps.

    • #3572598

      MULTIPLE VIRUSES – NEED REMOVAL

      by bv2 ·

      In reply to MULTIPLE VIRUSES – NEED REMOVAL

      I assume you’re still having difficulty with TR in closing your question – so, I’ll rehash everything everone else has said just for the sake of it. I use Norton Antivirus 2002 and have never had any viral problems – Occasionally, when it’s been installed on a “clean” system, it goes crazy finding viruses, and then I have to download the fixes (Bymer, nimda, sircam, etc.) but I have never had the particular problems your system is exhibiting – if I knew a particular file was a virus, I would delete the file rather than wonder why my antivirus program didn’t. There is a chance that the antivirus cleaned the file and rendered it useless, so a scan would not mark it as infected. Also, cleaning up after somebody is never easy – if it was magistr, for example, is could have corrupted files and deleted them for a fix, thus caused serious system difficulty. In this case, a reinstall of the OS and subsequent programs would be needed to bring the system back to par.

    • #3431640

      MULTIPLE VIRUSES – NEED REMOVAL

      by republic_resource ·

      In reply to MULTIPLE VIRUSES – NEED REMOVAL

      This is a good example of a question that should have closed. Since October 2001, approximately 69 responses have been posted and the most recent was March 4th, 2002. I am sure the author has benefited form the near 69 good answers. A new policy needs to be considered whereas all questions are set to 30 days and must be re-entered by the author; answered questions must be awarded points at the end of the 30-day period; An answered question is archieved (closed)in 60 days. The current managementof this forum adversely affects the effectiveness of the forum. No one (professional or end user) will allow a problem to persist for 30-days or longer.

      Sincerely,
      Warren

    • #3654080

      MULTIPLE VIRUSES – NEED REMOVAL

      by rightondudenospam! ·

      In reply to MULTIPLE VIRUSES – NEED REMOVAL

      Try this scanner, I used PC Cillin, NAV, Specific one purpose fix scanners, but this program found the infection…

      http://www.antiviraldp.com/

      Take a look checks for trojans, etc… make sure you update it via online live update.

      It will scan in conjunction with other scanners, so no need to uninstall anything.

      Update all you AV defs! No virus can live and produce symptoms like what you are describing after having AV TSR’s loaded on all workstations and servers. (Especially after running the Digital Patrol software).

      You may want to make some emergency repair disks from Norton and scan from a floppy boot. This has always benn of paramount importance for me in the past and vital to the cleansing process. Do not leave this option untouched.

      Boot Clean…then Scan…

      Nothing found? continue booting…get the latest AV updates scan again.

      Also scan with AVP pro. http://www.avp.ch and grab an eval version. This program loads it’s files in such a way that they cannot be altered by a virus period. The program is solid code and very effective – has also helped me out several times when Norton said nothing.

      If you do any or all of that – You won’t be worrying about viruses anymore….

    • #3654063

      MULTIPLE VIRUSES – NEED REMOVAL

      by cmaness ·

      In reply to MULTIPLE VIRUSES – NEED REMOVAL

      On Trend Micro’s web site, there are various removal tools that are automated and will remove the viruses and all traces. Just look up the virus definition and you will see removal tools at the bottom in the solutions section. They are good about posting these with easy to follow instructions. I use this site when doing customer support for customers with virus problems. Let me know how it turns out

    • #3435519

      MULTIPLE VIRUSES – NEED REMOVAL

      by Anonymous ·

      In reply to MULTIPLE VIRUSES – NEED REMOVAL

      Hmmm…What’s 72 divided by 10,000! There’s my answer.

    • #3435460

      MULTIPLE VIRUSES – NEED REMOVAL

      by c.caffee ·

      In reply to MULTIPLE VIRUSES – NEED REMOVAL

      The following is my repair Of a stand alone system which is what needs to be done before looking to the network side of the problem.

      1 remove the hard drive (disconnect cables Power/ IDE)
      2 Install new hard drive. Including just the OS and what ever AV product you have preference to, (get all updates for both)
      3 Now Plug in the drive that has the viruses?
      4 Run the AV program on the ?bad? drive
      5 Remove new hard drive you installed.
      6 Boot to Old system All done..

      I Keep a hard drivefor Just this purpose.. So Far So good..

      Good Luck

    • #3654601

      MULTIPLE VIRUSES – NEED REMOVAL

      by mr. ezekial transistor ·

      In reply to MULTIPLE VIRUSES – NEED REMOVAL

      Jere Gallimore and Marc Quibell. Two names to remember that have no integrity. I have seen plenty of people prove that they were worthless for promotions or raises but for 139 (and shrinking) tech points you are the all-time low bidders.

      • #3640945

        MULTIPLE VIRUSES – NEED REMOVAL

        by mr. ezekial transistor ·

        In reply to MULTIPLE VIRUSES – NEED REMOVAL

        Quibell I am sorry your IQ is as low as your integrity however if you had bothered to read the question before adding a useless comment just for points you would notice my relevant answer was posted to address the problem and was done BEFORE this Robert Smith claimed TechRepublic was supposed to close it on 1/7/02. Any poster after that clearly did not bother to read the entire question but you did not bother to read it OR answer it which proves how valuable you are. Your math is also very pooras your answer would be 73 divided by 10,000 at that time but now is shrinking even more. While your answer and effort are worthless the 128 points and shrinking is a small price to expose how ignorant and unprofessional you are.

      • #3662888

        MULTIPLE VIRUSES – NEED REMOVAL

        by robert_smith ·

        In reply to MULTIPLE VIRUSES – NEED REMOVAL

        The question was auto-closed by TechRepublic

    • #3653705

      MULTIPLE VIRUSES – NEED REMOVAL

      by hypersoniq mcse ·

      In reply to MULTIPLE VIRUSES – NEED REMOVAL

      A virus problem indicates the need for putting a better security plan in place.

      Do the following, or at least look into them, because this works from past experience.

      1.) on the machines in question, until they are cleaned, Isolate them from the LAN if possible.
      2.) If supported, enable virus scanning in the BIOS.
      3.) Go to http://www.grisoft.com and get the evaluation copy of AVG antivirus, it protects e-mail, all files AND boots before windows. this product (free for a single machine,and their network product is worth every penny) has personally shown me how wrong I was to trust just one Antivirus, like norton or mcaffee (it peacefully co-exists with your EXISTING AV software).
      4. Try to identify the source of infection… set a stringent network mail policy that FORCES users to NOT accept ActiveX code embedded in e-mails. Outlook express is the biggest target of hackers, and therefore the biggest hole in security. My LAN is alot safer since the outlook clients were abandoned for a netscape clients.
      5. Place locks on the floppy drives of the machines, place servers in a LOCKED room, and remove CD-rom drives from machines not needing them. You can use the network for software installs and updates.
      6. If you don’t already have one, put up a firewall (even if it’s just a software one on the gateway server)

      let me know if anything here is of interest and/or worked.

    • #3646945

      MULTIPLE VIRUSES – NEED REMOVAL

      by pinoy_teknik ·

      In reply to MULTIPLE VIRUSES – NEED REMOVAL

      Virus attacking in a network..well some of my friends who are working at Siemens Corp. (system administrator). They say “InocuLan is the best of the best” dealing with network virus (trojan etc..)…Did you try this Network Anti Viral Program.

      its a product of CA

      http://www3.ca.com/Solutions/Product.asp?ID=170

      If this cannot work with your network, i think wife your network out and prepare for a new clean system…..means back up all the important file and prepare formatting and installation….

      Because the thing is Don’t waist you time to that, time is running out.

      If the system is clean…..Why don’t you increase your security level? for the next threat….

    • #3640509

      MULTIPLE VIRUSES – NEED REMOVAL

      by shanghai sam ·

      In reply to MULTIPLE VIRUSES – NEED REMOVAL

      Since everybody has entered thier valuable opinion, here’s my $.02 worth. Of course you will impliment a secure system manager, after backing up. Protection is a no-brainer; however, it happened. Cleaning? Drop the BIOS (jumper)scrub the disks, 3 times, clean the cages, and kick out the jambs. Then go home and have a home brew, worry about tomorrow, tomorrow. I had one that replaced engine and DLL files with empty files of long ago deleted files, and when deleted, they returned. If I deleted 100, 148 would replace them until it got to be around 1256, 0byte files. The trick is that none of my floppies, disks, or the other net puter were seemingly affected. Go figure. So, I thanked my Lord, my stars, my boots, and VP (vice principles), and wiped the little bugger out. Love that FDISK, FORMAT, BOOT BANANNA DRIVE to “R” giddy-up! To sum it up, after reading the entire page and re-reading the top-o-the page, I wonder why most folks just don’t get it? Most of the answers were of protection, not eradicating, and dig this; Robert said this was a dead Q, and yet some insist on kicking a dead horse and then call it names because it won’t move. Go figure. Love ya, bye Rev. Ned

    • #3639773

      MULTIPLE VIRUSES – NEED REMOVAL

      by sir_tuc ·

      In reply to MULTIPLE VIRUSES – NEED REMOVAL

      I have probably tried EVERY popular (and some not so popular) Anti-Virus software made, until I used Sophos Anti-Virus software. It is the most popular anti-virus software in Europe. One of our clients (a new car dealer ship with over 120 clients and more than 17 servers) had 3 different viruses that Norton never found. Go to http://www.sophos.com get their phone number, give them a call and tell them what is going on. I’ll give you a personal guaranty that you will be very happy with Sophos. We have it configured so the server it is installed on checks for new virus signatures every single day using Windows “Scheduled Task.” Often we get updates 3 or 4 times a week! NO KIDDING! Do it now. The absolute BEST!

      Brian

    • #3662869

      MULTIPLE VIRUSES – NEED REMOVAL

      by robert_smith ·

      In reply to MULTIPLE VIRUSES – NEED REMOVAL

      This question was auto closed due to inactivity

Viewing 86 reply threads