[dervish]

I had to remove the Alcan worm off a computer today, and discovered that this worm does infect regedit, ping, and a few other commands, when they are run from the Start>Run prompt. If you type in "regedit.exe", rather than just "regedit" you should be able to get into the registry, well it worked for me anyway.

[Advertisements]

Do you still need assitance?

[MissMyMac]

My AV no longer finds the Worm in the system32 folder which is good. There was one other instance of the file found by the AV in a system restore file, however the AV was able to clean that out so now my computer shows itself as clean to my AV. I will follow up with an online scan or two during the week.

The only remaining problems I have are first, I still cannot see my System32 folder, and secondly when I try to run 'cmd' or 'regedit' I get a window that pops up titled "16 bit MS-DOS Subsystem" and stating:

C:\WINDOWS\system32\regedit.com
The NTVDM CPU has encountered an illegal instruction.
CS:053a IP:ffe4 OP:fe ff 1d 09 4f Choose 'Close' to terminate the application.

The filename rededit.com is replace with cmd.com when I try to run cmd but other than that the two messages are the same. While I never bothered trying to run 'cmd' or 'regedit' before, I'm guessing this isn't normal.

[Metallica]

*Click Here to download Killbox by Option^Explicit.
*Extract the program to your desktop and double-click on its folder, then double-click on Killbox.exe to start the program.
*In the killbox program, select the Delete on Reboot option.
*Copy the file names below to the clipboard by highlighting them and pressing Control-C:

C:\Program Files\MsConfigs\MsConfigs.exe
C:\WINDOWS\system32\p2pnetwork.exe
C:\WINDOWS\system32\CMD.COM
C:\WINDOWS\system32\netstat.com
C:\WINDOWS\system32\ping.com
C:\WINDOWS\system32\regedit.com
C:\WINDOWS\system32\tasklist.com
C:\WINDOWS\system32\taskkill.com
C:\WINDOWS\system32\taskmgr.com
C:\WINDOWS\system32\tracert.com

*Return to Killbox, go to the File menu, and choose "Paste from Clipboard".
*Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "No" at the Pending Operations prompt.

After the reboot regedit should work again.
If you need it urgently, use the full filename: regedit.exe

Regards,

[luckydutchman]

OK...Real Simple....
We had this same issue but the virus didn't run because Panda Anti Virus caught it, they were the first to catch it and they are always the first to catch new viruses because of their patented technology (True Prevent). Down an eval copy from Pandasoftware.com and scan the computer. Make sure to go through all the options in the program and select all options. Norton, Mcafee, PcCillin, and AVG can't touch Panda!!!!!!!!!!!!!!!!!!!!

http://www.pandasoftware.com

[don77]

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member with address of this thread. This applies only to the original topic starter. Everyone else please begin a New Topic.