I found some stuff in the keys that has the same name as my virus.
If you want i can email the virus to you if you like toying around. I've already emailed it to mcafee and trend to look at.
thanks for the help
Chris
Printable View
I found some stuff in the keys that has the same name as my virus.
If you want i can email the virus to you if you like toying around. I've already emailed it to mcafee and trend to look at.
thanks for the help
Chris
Thanks for the offer, but I am having enough fun with Viruses today. As an FYI, there is a new Hoax going around (which some of my users have fallen for) You can get information on this Hoax at: http://securityresponse.symantec.com...file.hoax.html
Cheers
Did you try to run from the user.dat and system.dat backups? These might not have the registry entries in them. I've rebooted systems multiple time and found the registry hadn't been back up.
GREAT!!!!!!!! as if we don't have enough crap to deal with people HAVE to spread hoaxes around :mad:Quote:
Originally posted here by DjM
Thanks for the offer, but I am having enough fun with Viruses today. As an FYI, there is a new Hoax going around (which some of my users have fallen for) You can get information on this Hoax at: http://securityresponse.symantec.com...file.hoax.html
Cheers
Send it over to [email protected] I'll see if I can pick it up and analyse the suckerQuote:
Originally posted here by whammy_guy
I found some stuff in the keys that has the same name as my virus.
If you want i can email the virus to you if you like toying around. I've already emailed it to mcafee and trend to look at.
thanks for the help
Chris
if antivirus scanners can't detect it, how do you know its there? its probably just a fake virus. you probably have Windows Me or XP where there are system restore files. if the infected file is located in C:\_RESTORE than it is in the system restore folder (when you try to delete the file it will say something like Cannot Delete (infected file name) because it resides on a write protected media. You have to disable system restore to delete these file(s). do you have Windows ME or XP? If so, is the infected file in the C:\_RESTORE folder (I will tell you how to disable system restore)? I have had to do this to get rid of the NetBus trojan from my system.
ohh also you might want to download an antivirus program to keep your computer clean (or if you already have one, a better one). You can download F-prot AntiVirus (good at detecting and cleaning viruses) for free at http://www.f-prot.com/ or you can download a trial version of McAfee VirusScan at http://www.nai.com/
Ryan, he already said he was running windows 98, the restore issue does not come into play.
you can also try Http://housecall.antivirus.com and see if that will detect it
oops sorry I didn't read it that good! :)