VIRUS ALERT!

yeah guys, my sister did it again. she went whining to me, because her MSN messenger started acting strange, and it did. it was obvious she got infected with a virus. it opened up message windows and starts sending stuff around:

Fat Elvis! lol.pif
Crazy Frog getting killed by train.pif
Crazy Frog getting killed.pif
Jennifer Lopez.scr
me topless in a skirt.pif

and some more stuff. i did full virusscans, and it found one: Rbot-RY (i do think that is the one, but there is no info on how to get rid of it). it seems it got itself into the registry, and denying me access into REGEDIT! (it just gives a flash of the window, than it closes itself). also every internet page with Virus in it or any anti-virus program publisher give the same symptoms (closing it down after typing it). i don't like this one bit, cuz i had the pc formatted because of another virus. i DID found the shortcuts of the viruses. they were just before the program files map (the map after clickin on your HD). it got about 7-8 files, and all were hidden files with the MS-DOS logo, and all .pif. when i delete them, you just need to wait around 5 seconds for them to pop back in! does someone here know how to track a shortcut to its original file? and no, properties does not work, since there is no pathway or target. oh and i would like to add that when the computer starts it has a notepad file saying 'sandpaper you larissa you sandpaperkin n00b' or something.

/ranting now

:rant: :rant: goddammit those filthy sonuvvanoobs! i hate these friggin life-less bitches who think they are cool with them viruses! go sandpaper yourself you lifeless nerds!! :rant: :rant:

/rant terminated

Did you try Save mode?

also: http://www.trendmicro.com/vinfo/virusencyc...T%2ERY&VSect=Sn

did system restore do any good ? You need a program called 'Goback' which had you got it installed could give you multilple choices to reset to times earlier

Quote:

Originally posted by USHER@Mar 7 2005, 09:14 PM
did system restore do any good ? You need a program called 'Goback' which had you got it installed could give you multilple choices to reset to times earlier

This is a double bladed sword. System restore usually restores the virus instead of removing it.

The usual steps for taking care of viruses are:

1. DISABLE system restore
2. reboot and start in Save Mode
3. disable all startup entries (with msconfig)
4. running an antivirus program

Works with most viruses.

i could try that. thanks, will update soon.

hmmm I see.. one of my friends constantly messaged me to send me pics and stuff like that.. dang

Me and Ullved got it to. Running virus scan in normal mode now and if that doesn't work then I will try safe mode. Btw why does it work better in safe mode??

Quote:

Originally posted by Hasse@Mar 7 2005, 04:06 PM
Me and Ullved got it to. Running virus scan in normal mode now and if that doesn't work then I will try safe mode. Btw why does it work better in safe mode??

because sometimes windows has specific files in use that cannot be scanned or removed, so safe mode removes most of that problem.

Quote:

Originally posted by Rhett+Mar 7 2005, 10:09 PM--></span><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td>QUOTE (Rhett @ Mar 7 2005, 10:09 PM)</td></tr><tr><td id='QUOTE'> <!--QuoteBegin--Hasse@Mar 7 2005, 04:06 PM
Me and Ullved got it to. Running virus scan in normal mode now and if that doesn't work then I will try safe mode. Btw why does it work better in safe mode??

because sometimes windows has specific files in use that cannot be scanned or removed, so safe mode removes most of that problem. [/b][/quote]
Exactly. Plus Windows doesn't load any startup entries or processes other than the windows default ones.

(To boot in safe mode, press F8 constantly during startup til the menu shows up (after the POST process )

Quote:

Originally posted by Akherousin+Mar 7 2005, 11:15 PM--></span><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td>QUOTE (Akherousin @ Mar 7 2005, 11:15 PM)</td></tr><tr><td id='QUOTE'>

Quote:

Quote:

because sometimes windows has specific files in use that cannot be scanned or removed, so safe mode removes most of that problem.

Exactly. Plus Windows doesn't load any startup entries or processes other than the windows default ones.

(To boot in safe mode, press F8 constantly during startup til the menu shows up (after the POST process ) [/b][/quote]
I know how to enter safe mode :P I'm not a n00b :P