WORM.ALCAN.A [CLOSED]
Started by
MissMyMac
, May 21 2005 02:56 PM
#16
Posted 13 June 2005 - 04:52 AM
#17
Guest_Andy_veal_*
Posted 13 June 2005 - 04:06 PM
Do you still need assitance?
#18
Posted 14 June 2005 - 04:39 PM
My AV no longer finds the Worm in the system32 folder which is good. There was one other instance of the file found by the AV in a system restore file, however the AV was able to clean that out so now my computer shows itself as clean to my AV. I will follow up with an online scan or two during the week.
The only remaining problems I have are first, I still cannot see my System32 folder, and secondly when I try to run 'cmd' or 'regedit' I get a window that pops up titled "16 bit MS-DOS Subsystem" and stating:
C:\WINDOWS\system32\regedit.com
The NTVDM CPU has encountered an illegal instruction.
CS:053a IP:ffe4 OP:fe ff 1d 09 4f Choose 'Close' to terminate the application.
The filename rededit.com is replace with cmd.com when I try to run cmd but other than that the two messages are the same. While I never bothered trying to run 'cmd' or 'regedit' before, I'm guessing this isn't normal.
The only remaining problems I have are first, I still cannot see my System32 folder, and secondly when I try to run 'cmd' or 'regedit' I get a window that pops up titled "16 bit MS-DOS Subsystem" and stating:
C:\WINDOWS\system32\regedit.com
The NTVDM CPU has encountered an illegal instruction.
CS:053a IP:ffe4 OP:fe ff 1d 09 4f Choose 'Close' to terminate the application.
The filename rededit.com is replace with cmd.com when I try to run cmd but other than that the two messages are the same. While I never bothered trying to run 'cmd' or 'regedit' before, I'm guessing this isn't normal.
#19
Posted 15 June 2005 - 03:10 AM
*Click Here to download Killbox by Option^Explicit.
*Extract the program to your desktop and double-click on its folder, then double-click on Killbox.exe to start the program.
*In the killbox program, select the Delete on Reboot option.
*Copy the file names below to the clipboard by highlighting them and pressing Control-C:
C:\Program Files\MsConfigs\MsConfigs.exe
C:\WINDOWS\system32\p2pnetwork.exe
C:\WINDOWS\system32\CMD.COM
C:\WINDOWS\system32\netstat.com
C:\WINDOWS\system32\ping.com
C:\WINDOWS\system32\regedit.com
C:\WINDOWS\system32\tasklist.com
C:\WINDOWS\system32\taskkill.com
C:\WINDOWS\system32\taskmgr.com
C:\WINDOWS\system32\tracert.com
*Return to Killbox, go to the File menu, and choose "Paste from Clipboard".
*Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "No" at the Pending Operations prompt.
After the reboot regedit should work again.
If you need it urgently, use the full filename: regedit.exe
Regards,
*Extract the program to your desktop and double-click on its folder, then double-click on Killbox.exe to start the program.
*In the killbox program, select the Delete on Reboot option.
*Copy the file names below to the clipboard by highlighting them and pressing Control-C:
C:\Program Files\MsConfigs\MsConfigs.exe
C:\WINDOWS\system32\p2pnetwork.exe
C:\WINDOWS\system32\CMD.COM
C:\WINDOWS\system32\netstat.com
C:\WINDOWS\system32\ping.com
C:\WINDOWS\system32\regedit.com
C:\WINDOWS\system32\tasklist.com
C:\WINDOWS\system32\taskkill.com
C:\WINDOWS\system32\taskmgr.com
C:\WINDOWS\system32\tracert.com
*Return to Killbox, go to the File menu, and choose "Paste from Clipboard".
*Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "No" at the Pending Operations prompt.
After the reboot regedit should work again.
If you need it urgently, use the full filename: regedit.exe
Regards,
#20
Posted 21 June 2005 - 06:27 PM
OK...Real Simple....
We had this same issue but the virus didn't run because Panda Anti Virus caught it, they were the first to catch it and they are always the first to catch new viruses because of their patented technology (True Prevent). Down an eval copy from Pandasoftware.com and scan the computer. Make sure to go through all the options in the program and select all options. Norton, Mcafee, PcCillin, and AVG can't touch Panda!!!!!!!!!!!!!!!!!!!!
http://www.pandasoftware.com
#21
Posted 21 June 2005 - 07:16 PM
Due to lack of feedback, this topic has been closed.
If you need this topic reopened, please contact a staff member with address of this thread. This applies only to the original topic starter. Everyone else please begin a New Topic.
If you need this topic reopened, please contact a staff member with address of this thread. This applies only to the original topic starter. Everyone else please begin a New Topic.
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users