A virus... PLEASE HELP!!

Discussion in 'OT Technology' started by Jay487, Aug 5, 2003.

  1. Jay487

    Jay487 What's Life If You Ain't Enjoyin' It?

    Joined:
    Dec 11, 2001
    Messages:
    4,126
    Likes Received:
    0
    Location:
    Syracuse, NY
    Alright, I'm normally pretty good with computers, but I have a few questions. It was awhile before I had formatted, and I always have had macafee running (even on other computers) and it hasnt failed me yet. However, I got this message popping up saying your computer will restart in 45 seconds. I cant X out of it, so I have to let it restart. I reboot and a macafee window pops up saying I have some kind of virus (something .worm)

    I figured it was time to format anyways, popped in the XP cd and did a full format (not the quick one)

    reinstalled windows, drivers, everything, 6 hours later I was happy with my PCs performance.

    I opened half life to play some counter-strike and bam. Same Message - 45 seconds until reboot. Same virus (.worm...)

    My question is, why the hell is this thing back. Could it be on a file on my other computer (im sharing an internet connection with 2 NICs, so I have access to that computer and a few files on there)

    I backed up my MP3's and a few other files on that computer because it made life so much easier. I also scanned my computer and it doesnt find any viruses until it gets that error. Ive gotten this about 4 times now, on both formats, its completly random but it makes me cry :sadwavey:

    Can this file be coming from another computer? Am I wasting my time by formatting? If it CANT come from another computer, is it because I backed up files and then brought them back - even after scanning them? (such as MP3's, pictures, videos, a few notepad files and other random files)

    Macafee has NEVER failed me, I'm really clueless as how to fix this. I could format again if someone knows a way to fix it, but if anyone could tell me if theres a way to fix it without formatting, or how this keeps coming back I would be greatly appreciated.

    Thanks so much in advance.
     
  2. 5Gen_Prelude

    5Gen_Prelude There might not be an "I" in the word "Team", but

    Joined:
    Mar 14, 2000
    Messages:
    14,519
    Likes Received:
    1
    Location:
    Vancouver, BC, CANADA
    The virus sounds nasty - and it sounds like you are being reinfected after the reboot from the other machine. Your first order is to get the XP up and running, fully patched and leave it disconnected from the other computer. See if the problem persists.
     
  3. JimboJones

    JimboJones Guest

    Have you looked on Norton or McAfee for the name of the worm. It might be that a recent update of your anti-virus will wipe that sucker out on all the machines that may be infected. By the way, it is very possible that the worm is coming from another machine on your network.
     
  4. Leb_CRX

    Leb_CRX OT's resident terrorist

    Joined:
    Apr 22, 2001
    Messages:
    39,994
    Likes Received:
    0
    Location:
    Ottawa, Canada
    :werd:
     
  5. Jay487

    Jay487 What's Life If You Ain't Enjoyin' It?

    Joined:
    Dec 11, 2001
    Messages:
    4,126
    Likes Received:
    0
    Location:
    Syracuse, NY
    Thanks, - how do I rid the problem then? The other computer is my family computer, lots of important files and I cant really format it, let alone disconnect it from the internet (I could for a little while)

    What should I do? :confused:

    THanks for all the help
     
  6. Jay487

    Jay487 What's Life If You Ain't Enjoyin' It?

    Joined:
    Dec 11, 2001
    Messages:
    4,126
    Likes Received:
    0
    Location:
    Syracuse, NY
    I haven't gotten the error on my computer yet for awhile, so.. I'm not sure what to do :/

    And the thing that annoys me is that I cant really touch the other computer, so I need to know how to stop the virus from going from that computer to my computer
     
  7. crotchfruit

    crotchfruit Guest

    can you give us the real name of the worm (i.e. what comes before ".worm" in the mcafee report?)
     
  8. Jay487

    Jay487 What's Life If You Ain't Enjoyin' It?

    Joined:
    Dec 11, 2001
    Messages:
    4,126
    Likes Received:
    0
    Location:
    Syracuse, NY
    anyway i can check a log of what has been found on the computer?

    The only time i see it is when it pops up.... and i try to delete clean and everything but it all fails.... so im not sure what its called. do you know anyway i can find out without getting the virus again?

    ill try and look around by myself, but so far no luck
     
  9. 5Gen_Prelude

    5Gen_Prelude There might not be an "I" in the word "Team", but

    Joined:
    Mar 14, 2000
    Messages:
    14,519
    Likes Received:
    1
    Location:
    Vancouver, BC, CANADA
    Well you will need to clean the family computer - there's just no way you can just let it propogate because I'm sure it's doing more than just screwing YOUR computer. To prevent it from harming your computer you should make sure the computers don't trust each other (different workgroup is a start), and any admin shares are cut off to only admins.
     
  10. Jay487

    Jay487 What's Life If You Ain't Enjoyin' It?

    Joined:
    Dec 11, 2001
    Messages:
    4,126
    Likes Received:
    0
    Location:
    Syracuse, NY
    alright - well... the virus doesnt seem to be infecting the other computer ( it doesnt reboot on its own and do teh same thing it does on mine, weve scanned with norton which has been installed since day1, no sign of it)

    so does that mean its not on that computer?

    i will make them a different workgroup, but can they still share an internet connection after that?
     
  11. crotchfruit

    crotchfruit Guest

    when you reinstalled winxp for the first time (on the infected computer), did you open any old email or import old email into your newly formatted computer? have you gotten any weird emails in the last few days?
     
  12. Jay487

    Jay487 What's Life If You Ain't Enjoyin' It?

    Joined:
    Dec 11, 2001
    Messages:
    4,126
    Likes Received:
    0
    Location:
    Syracuse, NY
    i get penis elargement things in my email all the time ( i can smell the irony :wtc: )

    ... I think everyone gets a certian amount of spam, I use outlook express so that doesnt help since the emails are opened when you check your email, but ive always had macafee on, if i use regular outlook from office XP would that help? or does that do the same thing as express
     
  13. Jay487

    Jay487 What's Life If You Ain't Enjoyin' It?

    Joined:
    Dec 11, 2001
    Messages:
    4,126
    Likes Received:
    0
    Location:
    Syracuse, NY
    but to answer your question, I dont remember getting any emails at all really... maybe a few normal spam things, but macafee has always taken care of it, dont see why it should stop now :[
     
  14. Jay487

    Jay487 What's Life If You Ain't Enjoyin' It?

    Joined:
    Dec 11, 2001
    Messages:
    4,126
    Likes Received:
    0
    Location:
    Syracuse, NY
    it seems a lot of people are getting it (i talk to a lot of people on irc) so - not sure what its from, but everyone i know seems to have it, and we werent sharing files or anything
     
  15. 5Gen_Prelude

    5Gen_Prelude There might not be an "I" in the word "Team", but

    Joined:
    Mar 14, 2000
    Messages:
    14,519
    Likes Received:
    1
    Location:
    Vancouver, BC, CANADA
    Could be that security flaw MS and Homeland Security was in a panic about. Which is why I said make sure it's fully patched
     
  16. Jay487

    Jay487 What's Life If You Ain't Enjoyin' It?

    Joined:
    Dec 11, 2001
    Messages:
    4,126
    Likes Received:
    0
    Location:
    Syracuse, NY
    W32/Spybot.worm.gen

    C:\System Volume Information\_restore{2FD9E625-71BC-442F-A77F-18A2D1DC2005}\RP7\A0000666.exe\A0000666.EXE
     
  17. Jay487

    Jay487 What's Life If You Ain't Enjoyin' It?

    Joined:
    Dec 11, 2001
    Messages:
    4,126
    Likes Received:
    0
    Location:
    Syracuse, NY
    just popped up again - thats the info from macafee.
     
  18. MadMike

    MadMike YARR OT Supporter

    Joined:
    May 21, 2003
    Messages:
    4,436
    Likes Received:
    1
    Location:
    Sydney, Australia
  19. Jay487

    Jay487 What's Life If You Ain't Enjoyin' It?

    Joined:
    Dec 11, 2001
    Messages:
    4,126
    Likes Received:
    0
    Location:
    Syracuse, NY
    I turned off system restore, but It says to delete the files infected. Macafee does not allow me to do this, and if i search for the file it does not find it
     
  20. Jay487

    Jay487 What's Life If You Ain't Enjoyin' It?

    Joined:
    Dec 11, 2001
    Messages:
    4,126
    Likes Received:
    0
    Location:
    Syracuse, NY
    and everything I have to hit "stop" on the virus pop up and when I scan right afterwards it doesnt find anything
     
  21. Jay487

    Jay487 What's Life If You Ain't Enjoyin' It?

    Joined:
    Dec 11, 2001
    Messages:
    4,126
    Likes Received:
    0
    Location:
    Syracuse, NY
    so as of now - I haven't gotten the "countdown" thing again - and nothing weired has been happening to my computer (except for the virus detections that keep popping up)

    I installed a lot of windows updates with security patches and have kept macafee running 24/7 as soon as i installed windows..

    But I cant delete the infected files with macafee, or find them - thats my first question.

    and, i made this computer a different workgroup, is there anything else I need to do to stop viruses from traveling back and fourth from computers? I don't believe the upstairs computer is infected, the virus is said to be traveld via mIRC and thats what I have been using (not sure how I get it, but Ive been using mirc) and a lot of people i know using mirc also have this problem. So i dont think i need to do anything to the other computer, but how do i go about deleting this files? :/
     
  22. Jay487

    Jay487 What's Life If You Ain't Enjoyin' It?

    Joined:
    Dec 11, 2001
    Messages:
    4,126
    Likes Received:
    0
    Location:
    Syracuse, NY
    sorry for the quad post - but i just rebooted and agot a pop up saying VirsScan Synchronization Service encountered a problem and needs to close - not quite sure whats up with that :[

    edit - rebooted error didnt pop up again - probably just needed a reboot or something :confused:
     
    Last edited: Aug 6, 2003

Share This Page