Your suggestions re virus, round 6: Virus KO
anthra.norell at tiscalinet.ch
Wed Mar 9 17:17:53 CET 2005
I'll definitely take a close look at all the suggestions I have been
offered, in the interest of future damage prevention. This time, though, the
fight is over and I emerge victorious!
Poking around here and I came across huge startup or execution log
files listing rather unabashed file names. Since I'm not into that, how did
it get there? Turned out the files were all identical and also identical to
the attachment of each one of the many obviously automated decoy messages I
have been getting of late (like: 'Offer expires today', or 'I'm shocked! Is
that really you', etc.). (Not that I ever opened any one oif them.) Anyway,
I scanned the whole disk for files of identical lenght and ended up with 869
copies of the obnoxity. One of them was C:\WINDOWS\fvprotect.exe--a windows
process of all things. I eradicated the whole lot and now all is well. I
don't believe any damage was caused, except that the Norton virus scanner
still won't start. Perhaps another install will fix that too.
Linux is next. Do you know of a good disk-partitioning program?
----- Original Message -----
From: "Josef Albert Meile" <jmeile at hotmail.com>
To: <anthra.norell at tiscalinet.ch>
Sent: Wednesday, March 09, 2005 12:23 PM
Subject: Re: Your suggestions re virus, round 5
> Hi Frederic,
> >Protected mode doesn't make any difference with respect to stuff not
> >running. Plus it doesn't connect to the internet. So I went back to
> >unprotected mode to download WinTask. I played around with it for a while
> >without being able to figure out how it works. All the while my resolve
> >strengthened to start everyting from scratch and take the opportunity to
> >install Linux. I startet uninstalling stuff I never use and started
> >for the original media of the stuff I do use and already face the
> >predicament of not finding some. I imagine an uninstaller that saves an
> >application and restores it from the save. Do you know of any such thing?
> Sorry, I don't know if such thing exists. But anyway, at last alternative,
> do a backup of the important files and reinstall everything.
> There is another alternative, but you have to know what you are doing:
> You can also get a log of the running processes with this tool and do an
> online analysis on the hijackthis.de website. There are also forums there
> where you can ask.
> Good luck,
> Don't just search. Find. Check out the new MSN Search!
More information about the Python-list