Click to See Complete Forum and Search --> : w32/protoride.worm virus removal
tkbest
May 5th, 2004, 07:15 AM
I am running windows 98nt on an emachine. My son managed to pick up the virus W32/Protoride.worm and it is also called Bkdr.ircbot.b. I can find it with my virus scan(I have used housecall, Mcaffee and FixIt. All detect it but Fixit says it cant be cleaned. I tried to install Nortons but it wont let me open it as now my computer says that it is missing the start.exe file. The virus is located in the following folder Windows/Startmenu/Programs/Startup/msupdate.exe . I have tried everything I can think of to get this out of here. I cant take it out manually be cause I cant open the folder it is in due to the missing Start.exe file. Funny thing is when I do a scan the start.exe file is found but it is in the infected folder so it won't let me use it. Is there any way to clean this worm out of my computer without doing a complete restore on my complete system. I am unable to open programs on my desktop due to the missing file. Any help would be greatly appreciated, I have been working on this for 3 days straight and am at wits end. Thanks. tkbest
tkbest
May 5th, 2004, 07:15 AM
I am running windows 98nt on an emachine. My son managed to pick up the virus W32/Protoride.worm and it is also called Bkdr.ircbot.b. I can find it with my virus scan(I have used housecall, Mcaffee and FixIt. All detect it but Fixit says it cant be cleaned. I tried to install Nortons but it wont let me open it as now my computer says that it is missing the start.exe file. The virus is located in the following folder Windows/Startmenu/Programs/Startup/msupdate.exe . I have tried everything I can think of to get this out of here. I cant take it out manually be cause I cant open the folder it is in due to the missing Start.exe file. Funny thing is when I do a scan the start.exe file is found but it is in the infected folder so it won't let me use it. Is there any way to clean this worm out of my computer without doing a complete restore on my complete system. I am unable to open programs on my desktop due to the missing file. Any help would be greatly appreciated, I have been working on this for 3 days straight and am at wits end. Thanks. tkbest
SwordFish_13
May 5th, 2004, 10:04 AM
hi
Start your computer in the Safe Mode and then Scan your Computer with any of the AV's maybe it'sd because the file is in use . Ok if the AV 's say it cannot be cleaned then let them remove/quarintine the infecteds file.
I cant open the folder it is in due to the missing Start.exe file
i don't understand what start.exe got to do with folder opening :confused: and start.exe is inthe "%systemRoot%/windows/command" folder whats it doing in the startup folder.
Do you have the win98 cd-rom ready or have it copied to some where on the harddisk?
Start.exe is in win98_42.cab for 98fe and win98_46.cab for 98se. If you have the Windows 98 Disk you can decompress the file start.exe from it the command would be
extract /Y /A /E /L c:\windows\command e:\win98\win98_42.cab start.exe
Assuming that your windows installetion files are in "C:\windows" and your CD-Drive is "E:"
Heres more info HOW TO: Extract Original Compressed Windows Files (http://support.microsoft.com/default.aspx?scid=kb;en-us;129605)
Heres more info about the worm at
Synmetics (http://securityresponse.symantec.com/avcenter/venc/data/w32.protoride.worm.html) You can follow the removal instructions there. just follow them step by step and you are done hopfully.
--Good Luck--
Hey nihil i think deleting the file is not a problem there are hell lot of ways to delete it , ( start your computer with a bootable disk or........... ) I think i am not getting the situation properly here..... . start. exe is missing and it is in the startup folder :confused: , and folder not opening due to mising start .exe it's a bit strange for me.....
SwordFish_13
May 5th, 2004, 10:04 AM
hi
Start your computer in the Safe Mode and then Scan your Computer with any of the AV's maybe it'sd because the file is in use . Ok if the AV 's say it cannot be cleaned then let them remove/quarintine the infecteds file.
I cant open the folder it is in due to the missing Start.exe file
i don't understand what start.exe got to do with folder opening :confused: and start.exe is inthe "%systemRoot%/windows/command" folder whats it doing in the startup folder.
Do you have the win98 cd-rom ready or have it copied to some where on the harddisk?
Start.exe is in win98_42.cab for 98fe and win98_46.cab for 98se. If you have the Windows 98 Disk you can decompress the file start.exe from it the command would be
extract /Y /A /E /L c:\windows\command e:\win98\win98_42.cab start.exe
Assuming that your windows installetion files are in "C:\windows" and your CD-Drive is "E:"
Heres more info HOW TO: Extract Original Compressed Windows Files (http://support.microsoft.com/default.aspx?scid=kb;en-us;129605)
Heres more info about the worm at
Synmetics (http://securityresponse.symantec.com/avcenter/venc/data/w32.protoride.worm.html) You can follow the removal instructions there. just follow them step by step and you are done hopfully.
--Good Luck--
Hey nihil i think deleting the file is not a problem there are hell lot of ways to delete it , ( start your computer with a bootable disk or........... ) I think i am not getting the situation properly here..... . start. exe is missing and it is in the startup folder :confused: , and folder not opening due to mising start .exe it's a bit strange for me.....
nihil
May 5th, 2004, 10:25 AM
Hi,
Try to start in safe mode, then
<start>
<run>
Type in:
winfile.exe
Then hit the "OK" button
This is the old 16 bit file manager program, and should let you delete what you want
:)
Cheers
nihil
May 5th, 2004, 10:25 AM
Hi,
Try to start in safe mode, then
<start>
<run>
Type in:
winfile.exe
Then hit the "OK" button
This is the old 16 bit file manager program, and should let you delete what you want
:)
Cheers
Und3ertak3r
May 5th, 2004, 11:02 AM
Please note that I have seen Start.exe used as the mixer prog for some sound cards... That is probably the one that is being seen.. in the search..
Follow SwordFish_13's advice on getting Start.exe back where it belongs.. the information on getting rid of the bug states Starting the machine in Safemode.. it will be very easy to get rid of the file if you follow this advice..
windows 98nt just to be sure is it 98 or nt?
cheers
Und3ertak3r
May 5th, 2004, 11:02 AM
Please note that I have seen Start.exe used as the mixer prog for some sound cards... That is probably the one that is being seen.. in the search..
Follow SwordFish_13's advice on getting Start.exe back where it belongs.. the information on getting rid of the bug states Starting the machine in Safemode.. it will be very easy to get rid of the file if you follow this advice..
windows 98nt just to be sure is it 98 or nt?
cheers