Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Can't find the virus

Status
Not open for further replies.
MartyBoy

MartyBoy

Technical User
Aug 20, 2003
41
0
0
NZ
Please help me on this nasty virus. Norton AV with latest dat's can't find this virus (nor from DOS). It intercepts mouse clicks on Norton command buttons and pops up the dialer. Repeated closing just keeps bringing the dialer back up. It modified the MBR which I have repaired. I have deleted the dialer.exe program, reinstalled Win98, ghosted the whole volume (partition to partition), and checked the registry HK/LM/SW/Mic../CV/Run etc a dozen times, also Win.ini and System.ini. I can't identify where it is being called from. MSInfo.exe crashes if I try to use it. Just about every click of the mouse activates it.

Any ideas please, this is causing serious grief.
 
Sort by date Sort by votes
When you reinstalled win98, did you wipe the partition and recreate it?
Take your win98 setup boot floppy disk and start the computer from it, then drop out to the command prompt and type:

SYS C:
FDISK /MBR

This will overwrite the boot sector and master boot record with a clean copy.
If there is still a problem, get hold of the ultimate boot cd from and use it to run a DOS a-v scan with F-Prot over the machine.

It is also worth remembering that items can load up in the registry from HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run key as well as the local_machine hive so that is worth checking as well, in addition to the load= and run= lines in win.ini, which are still run although they have been deprecated in 98.

John
 
Upvote 0 Downvote
WHy not run regmon or filemon to see what reg keys and files the virus is accessing when it runs.
 
Upvote 0 Downvote
Thanks JR, I had already set up a clean MBR with FDisk before Ghosting and I still had to redo the MBR after the first boot.

Also thanks to tolstoy for suggestions (I havn't being using those products, but will in future ...if I have to).

The hopefully long term answer turned out to be a combination of deinstalling Norton Systemworks 2003, running Ad-Aware over the disk and removing 19 spyware offenders, then reinstalling Norton and reinstalling from the Internet all Systemworks updates. I couldn't be bothered, nor the client afford the time involved in "pinning the tail on the donkey" ... it might have turned out to be me.

Anyway thanks for the tips.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

T
  • Solved
Not able to log into my previous account, and there's no "Forget Password"
Replies
15
Views
827
Chris Miller
Chris Miller
puzzledinin
  • Locked
  • Question
Aloha Potential employee theft scheme
Replies
4
Views
232
SamBones
SamBones
Hokie97VT
  • Locked
  • Question
Conficker Virus
Replies
0
Views
51
Hokie97VT
Hokie97VT
p3achy2Grl
  • Locked
  • Question
Charging Clients to complete their security questionnaires
Replies
1
Views
43
johnherman
johnherman
stchris72
  • Locked
  • Question
Google Redirect virus 1
Replies
4
Views
76
gbaughma
gbaughma

Part and Inventory Search

Sponsor

Back
Top