Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

CodeRed infection

  • 28-06-2003 4:49pm
    #1
    Closed Accounts Posts: 134 ✭✭


    I was downloading a printer driver from Epson' site this morning, and the connection just went to pieces and started crawling. After a reboot AVG popped up a message saying the file C:\Explorer.exe was infected with codered and left me with a nice sky blue screen with nothing working except a ctrl,alt,del to shut down. So rebooted into safe mode and renamed the explorer.exe file and got the machine going again normally. AVG continuosly pops up warnings, finds the file but wont move or delete it.

    So now I have installed service pack 1 (Win2k prof) and the IIS security updates. I've ran a symantec program for removing CodeRed which sais its successfully deleted all the files and everything should be fine but the file is still there, AVG keeps popping up warnings and if I leave it called explorer.exe the machine wont start outside of safe mode.

    So I'm thinking if I just delete this file manually everything should be hunky dory, but because its called 'explorer.exe' I'm a little unsure about deleting it.

    Any idea's? Is it safe to just delete it and be done with all this messin around?


Comments

  • Registered Users, Registered Users 2 Posts: 1,372 ✭✭✭Kone


    DO NOT DELETE EXPLORER.EXE!!!!!

    Have you tried running a repair from the w2k cd....?


  • Closed Accounts Posts: 134 ✭✭Dawg


    No, hadn't tried that. Thing is, I'm running fine at the moment having renamed the file and moved it to a seperate folder. I've also disabled IIS. AVG still picks it up as CodeRed but it doesn't seem to cause any trouble unless I rename it back to explorer.exe, in which case I can't boot up properly :confused:

    I'll give the repair a go and see what happens. thx for the help.


  • Closed Accounts Posts: 1,006 ✭✭✭theciscokid




  • Closed Accounts Posts: 134 ✭✭Dawg


    cheers for the link ciscokid. That program came up blank when I scanned my IP, but reported an infection with backdoor not yet active when I scanned 127.0.0.1. Doesn't have a removal option so I just deleted the explorer file manually. Used a MS command line thing to clean up after it. Pain in the ass but at least it seems to be gone now.

    thanks for the help.


Advertisement