I have a virus,and it won't die.

bugler · 26-04-2001 9:00am #1

Lo all.I have the Hybris virus,which was responsible for alot of Tribes2 related problems plus other stuff.Ok,the virus reared its ugly head last night.
The scans I ran didn't find anything,but soon as I tried to run T2 post-scan i got the warning box.The bad news is that McAfee can't clean or delete the files,which appear to be randomly created or something! Its a different file each time.but always in C:\WINDOWS\SYSTEM.
I can't find the infected files manually or by using search either.The file names frankly look made up.When I try to delete the file when prompted by McAfee it says it cannot,and to check write protection on the infected file or something like that.Can't clean em either,or can't move them to diff folder.Anyone have ideas on how to sort this? Or should I just format? Would a reinstall of windows do the trick?
Thx

astrofool · 26-04-2001 9:53am

try to find out the names of the file you're dealing with that time, have a look through the windows config (type msconfig into run) andcheck nothing is running that shouldn't be, probably another file that's run to change the name or make a new one.

Close down into DOS mode, get a boot disk from a CLEAN machine to do this, go to c:\windows\system (cd\windows\system is command), and type del "filename" without quotes, this will delete the file as long as it's name is right, try del c:\windows\system\"filename" also if first doesn't work, then try booting up, if the virus is still there, than another file must be present that's creating it.

A reformat may be certain, just make sure none of your backed up files are infected, if in doubt DELETE.

I use Norton here and it's been able to deal with most Virus's I've met.

azezil · 26-04-2001 9:54am

look for an antivirus update first!

but if that fails u may hav to format!

"just because ur not paraniod, doesn't mean they're not after u!"

Magwitch · 26-04-2001 12:24pm

If the virus is duplicating search for all files created since bootup. If you already know the files what are their extension?

bugler · 26-04-2001 12:44pm

I think i have it sorted now lads,thx for replies.everything seems to be in order

Lord Khan · 26-04-2001 12:46pm

I take it that is the "snow white" hybird virus ... check security link posted there for a fix.

although what you are descripting doesn't sound too much like the win32.hybris virus

Talliesin · 26-04-2001 11:28pm

Is this on Win2000?
Win2000 has a feature that prevents you overwriting or deleting files in the system directories to prevent accidental damage that is often caused when someone deletes the wrong thing (hehe, I accidentally deleted shell32.dll from one of the machines here and had fun getting it back on).
http://arstechnica.com/tweak/win2k/others/disable_sfp-1.html has details on both why you normally wouldn't want to disable this, and how to disable it if you do want to.
May help.

Have you looked at what's triggering the virus? checked the various "run" and "run once" keys in the registry?

I have a virus,and it won't die.

Comments