Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
virus help 2
- Thread starter truyt
- Start date
In the FAQ for this forum is a link into all the virus help you should need. Ed Fair
efair@atlnet.com
Any advice I give is my best judgement based on my interpretation of the facts you supply.
Help increase my knowledge by providing some feedback, good or bad, on any advice I have given.
efair@atlnet.com
Any advice I give is my best judgement based on my interpretation of the facts you supply.
Help increase my knowledge by providing some feedback, good or bad, on any advice I have given.
Download EXEfix08.com, EXEfix08.reg, and EXEfix08.inf to your desktop. Try running the .com file first. Now see if you can run the fix tool for the virus that I assume you downloaded to try and remove it. If the EXEfix08.com file won't run then try the .reg or .inf version. For those right click on them and select install from the menu.
If you don't have removal info for the virus then post back.
If you don't have removal info for the virus then post back.
-
1
- #4
truyt,
This virus does not work like sircam, so fixing the registry for exe or com files won't work. It has replaced the system file KERNEL32.DLL and so you really need a boot disk that can remove the virus. Take a look at for info on what it is and does, and how to remove it.
Good luck
This virus does not work like sircam, so fixing the registry for exe or com files won't work. It has replaced the system file KERNEL32.DLL and so you really need a boot disk that can remove the virus. Take a look at for info on what it is and does, and how to remove it.
Good luck
- Thread starter
- #5
paulwood,
ure right downloading the files didnt work
i managed to download mcafee's virusscan but the exe files are not working
is it possible to get rid of the virus manually ???????
ive tried to download six different anti-virus softwares but either they cannot be installed or theyre not installed properly
ure right downloading the files didnt work
i managed to download mcafee's virusscan but the exe files are not working
is it possible to get rid of the virus manually ???????
ive tried to download six different anti-virus softwares but either they cannot be installed or theyre not installed properly
-
1
- #6
Hello, truyt.
The key point of any fix is to boot to real dos from a boot disk prepared by a noninfected computer (or the boot disk you had made before the infection.) Then, begin any cleaning operation thereafter.
The reason is that the virus is memory-resident. Anything done from the gui will be uneffective.
You should clean the virus asap. It is nasty.
Download a fix from symantec :
Follow its instruction. (In particular, again, boot from floppy, clean boot disk.)
After that, you may have to extract kernel32.dll from installation package. You can follow the instruction from :
regards - tsuji
The key point of any fix is to boot to real dos from a boot disk prepared by a noninfected computer (or the boot disk you had made before the infection.) Then, begin any cleaning operation thereafter.
The reason is that the virus is memory-resident. Anything done from the gui will be uneffective.
You should clean the virus asap. It is nasty.
Download a fix from symantec :
Follow its instruction. (In particular, again, boot from floppy, clean boot disk.)
After that, you may have to extract kernel32.dll from installation package. You can follow the instruction from :
regards - tsuji
- Thread starter
- #7
truyt,
Can you boot to Dos from the hard disk (hit F8 and choose command prompt only) and then run the krisfix.exe file? Otherwise try copying the file KERNEL32.DLL from another computer with the same operating system and copy it across in dos mode. I don't know if it will work, but it's worth a try.
If no success, post back.
Can you boot to Dos from the hard disk (hit F8 and choose command prompt only) and then run the krisfix.exe file? Otherwise try copying the file KERNEL32.DLL from another computer with the same operating system and copy it across in dos mode. I don't know if it will work, but it's worth a try.
If no success, post back.
tsuji,
Although booting from a floppy would be the cleanest, wouldn't this mean that the hard disk was not recognised? The fix you found actually scans the disk to fix it so I think it would have to be run from dos mode at bootup. Please correct me if I'm wrong
Although booting from a floppy would be the cleanest, wouldn't this mean that the hard disk was not recognised? The fix you found actually scans the disk to fix it so I think it would have to be run from dos mode at bootup. Please correct me if I'm wrong
Hello, paulwood.
Your question gets me thinking as well. But, I would to start with consider practically all files on the harddisk unsafe until proven otherwise, although there is no explicit mentioning on command.com as a candidate of being infected. But, the scope of the virus at work is broad. I find the following article useful :
complementing others with new elements.
As to the recognition of C: at least, I don't think there would be a problem, do you? If there is other mapped or subst drives depending on the definitions in autoexec.bat, that would pose problem. But, we won't need but to call upon the partitions recognizable by their default letters. So, there should be no problem as far as the cleaning operation is concerned.
One thing truyt has to do is to locate if there is a file WINDOWS\SYSTEM\KRIZED.TT6 in his system and inspect wininit.bak which stores the trace of the virus' work to infect kernel32.dll. If the presence of the file is confirmed, he/she is on the right track.
regards - tsuji
Your question gets me thinking as well. But, I would to start with consider practically all files on the harddisk unsafe until proven otherwise, although there is no explicit mentioning on command.com as a candidate of being infected. But, the scope of the virus at work is broad. I find the following article useful :
complementing others with new elements.
As to the recognition of C: at least, I don't think there would be a problem, do you? If there is other mapped or subst drives depending on the definitions in autoexec.bat, that would pose problem. But, we won't need but to call upon the partitions recognizable by their default letters. So, there should be no problem as far as the cleaning operation is concerned.
One thing truyt has to do is to locate if there is a file WINDOWS\SYSTEM\KRIZED.TT6 in his system and inspect wininit.bak which stores the trace of the virus' work to infect kernel32.dll. If the presence of the file is confirmed, he/she is on the right track.
regards - tsuji
bugeyesbob
Technical User
How about sticking in the emergency bootup disk, boot up and then switch to c drive, rename the windows folder to something else then do a normal installation of windows...then install a virus checker and kill off the virus in the renamed folder...reboot with the emergency bootup disk and delete the new windows folder and finally rename the original back again..? Men are from earth. Women are from earth. Deal with it.
Hello, all.
This is an instance where a non-gui virus scan like F-Prot is essential. As we often get info from articles of symantec, mcafee,... however, they are useful and free, they are by nature biased. So a viable alternative is to boot to dos and run F-Prot.
tsuji
This is an instance where a non-gui virus scan like F-Prot is essential. As we often get info from articles of symantec, mcafee,... however, they are useful and free, they are by nature biased. So a viable alternative is to boot to dos and run F-Prot.
tsuji
- Thread starter
- #15
- Status
Similar threads
- Locked
- Question