|
| If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|||||||
|
|
Thread Tools | Display Modes |
|
#1
November 28th 05, 04:00 AM
posted to microsoft.public.windowsxp.security_admin
|
|||
|
|||
gaelicum.a
I have a virus that keeps coming back. (I am running windows xp with SP2. I
have windows update in auto-mode and have a broadband connection.) This has been going on for several months. Whenever I get it again, I download AVG's vcleaner.exe (I have to redownload it because this virus will always immediately infect vcleaner.exe.) then I immediately go into safe mode and run vcleaner. (after I check it with AVG) And I also run AVG again. This will heal all the infected files, and get rid of it for a week or so. But then it will show up again. Btw, I have turned off system restore and then turned it back on again several times after the scan, but that has never helped. I have also been disconnecting the internet connection at night, but that has not made any difference either. I have off and on also researched the Internet, including newsgroups and blogs, about this virus and have found no way to stop getting it. I have, however, found a lot of horror stories about this virus-- it continues to mess up a lot of computers. AVG says this about this virus: ...................................... Win32/Gaelicum.A alias: Win32.Tenga, W32.Licum, W32/Gael It`s parasitic infector and internet worm. Virus spreads itself exploiting Buffer Overrun In RPC Interface vulnerability described in Microsoft Security Bulletin MS03-026. When the worm is launched, it infects .EXE files on all accessible drives. Virus also tries to download trojan horse from the internet. Healing: Please download Vcleaner utility. ................................................. So this is my question for this forum: When I read Microsoft Security Bulletin MS03-026 it offers me no help, because I already have SP2. This virus, in my opinion, is a SECURITY problem. Is there nothing Microsoft can offer as a continual defense against this virus? Richard 
|
| Ads |
|
#2
November 28th 05, 04:26 AM
posted to microsoft.public.windowsxp.security_admin
|
|||
|
|||
|
gaelicum.a
Many viruses are designed to fatally corrupt and destroy the
operating system. You can always remove the virus file, but the damage caused by the execution of the malicious virus code has already been done. Try the following: How to Perform a Windows XP Repair Install http://www.michaelstevenstech.com/XPrepairinstall.htm If the "Repair Install" is unsuccessful, then you need to start from scratch and perform a "Clean Install". Clean Install Windows XP http://www.michaelstevenstech.com/cleanxpinstall.html Here's what you can do to enhance the security on your PC http://www.microsoft.com/athome/secu...2/Default.mspx Antivirus softwa Frequently asked questions http://www.microsoft.com/athome/secu...antivirus.mspx -- Carey Frisch Microsoft MVP Windows - Shell/User Microsoft Community Newsgroups news://msnews.microsoft.com/ ------------------------------------------------------------------------------------------- "erichard777" wrote: | I have a virus that keeps coming back. (I am running windows xp with SP2. I | have windows update in auto-mode and have a broadband connection.) | | This has been going on for several months. Whenever I get it again, I | download AVG's vcleaner.exe (I have to redownload it because this virus will | always immediately infect vcleaner.exe.) then I immediately go into safe mode | and run vcleaner. (after I check it with AVG) And I also run AVG again. | This will heal all the infected files, and get rid of it for a week or so. | | But then it will show up again. | | Btw, I have turned off system restore and then turned it back on again | several times after the scan, but that has never helped. I have also been | disconnecting the internet connection at night, but that has not made any | difference either. | | I have off and on also researched the Internet, including newsgroups and | blogs, about this virus and have found no way to stop getting it. I have, | however, found a lot of horror stories about this virus-- it continues to | mess up a lot of computers. | | AVG says this about this virus: | ..................................... | | Win32/Gaelicum.A | alias: Win32.Tenga, W32.Licum, W32/Gael | | It`s parasitic infector and internet worm. | | Virus spreads itself exploiting Buffer Overrun In RPC Interface | vulnerability described in Microsoft Security Bulletin MS03-026. | | When the worm is launched, it infects .EXE files on all accessible drives. | | Virus also tries to download trojan horse from the internet. | | Healing: | Please download Vcleaner utility. | ................................................ | | So this is my question for this forum: | | When I read Microsoft Security Bulletin MS03-026 it offers me no help, | because I already have SP2. This virus, in my opinion, is a SECURITY | problem. Is there nothing Microsoft can offer as a continual defense against | this virus? | | Richard
|
|
#3
November 28th 05, 04:36 AM
posted to microsoft.public.windowsxp.security_admin
|
|||
|
|||
|
gaelicum.a
From: "erichard777"
| I have a virus that keeps coming back. (I am running windows xp with SP2. I | have windows update in auto-mode and have a broadband connection.) | | This has been going on for several months. Whenever I get it again, I | download AVG's vcleaner.exe (I have to redownload it because this virus will | always immediately infect vcleaner.exe.) then I immediately go into safe mode | and run vcleaner. (after I check it with AVG) And I also run AVG again. | This will heal all the infected files, and get rid of it for a week or so. | | But then it will show up again. | | Btw, I have turned off system restore and then turned it back on again | several times after the scan, but that has never helped. I have also been | disconnecting the internet connection at night, but that has not made any | difference either. | | I have off and on also researched the Internet, including newsgroups and | blogs, about this virus and have found no way to stop getting it. I have, | however, found a lot of horror stories about this virus-- it continues to | mess up a lot of computers. | | AVG says this about this virus: | ..................................... | | Win32/Gaelicum.A | alias: Win32.Tenga, W32.Licum, W32/Gael | | It`s parasitic infector and internet worm. | | Virus spreads itself exploiting Buffer Overrun In RPC Interface | vulnerability described in Microsoft Security Bulletin MS03-026. | | When the worm is launched, it infects .EXE files on all accessible drives. | | Virus also tries to download trojan horse from the internet. | | Healing: | Please download Vcleaner utility. | ................................................ | | So this is my question for this forum: | | When I read Microsoft Security Bulletin MS03-026 it offers me no help, | because I already have SP2. This virus, in my opinion, is a SECURITY | problem. Is there nothing Microsoft can offer as a continual defense against | this virus? | | Richard | There are anti virus News Groups specifically for this type of discussion. microsoft.public.security.virus alt.comp.virus alt.comp.anti-virus This is a TRUE virus in all respects in that it infects other executable file by appending itself to EXE files. The good news is that the EXE files can be cleaned. The bad news is if an infected EXE file handle is help open by the OS the a cleaner amy no clean the file and there is a possibility of reinfection. The following tool provides four AV scanners that will target the W32/Gael worm. When you run the utility it will bring up a menu. If you hit the letter 'H' or 'h' it will bring up a help file. Read the help file especially about the part of using a DOS Boot Disk or a DOS Boot Disk with NTFS4DOS. The objective is this... In Windows Normal Mode, download the scanners for at least McAfee and Sophos but don't run the scanners. Create a DOS Boot Disk on another PC (if the PC uses NTFS you will also need NTFS4DOS on the DOS Boot Disk). Then you will boot from the DOS Boot Disk and run the provided McAfee and Sophos batch files. That should effectively clean you PC. The PDF Help File will [provide you with the names of the LOG files that were created for the DOS anti virus scans. After you boot into Windows, use the utility to clean any ZIP disk, USB Flash drives or other Read/Write media that may have EXE files that were used when the PC was infected. This will make sure you don't get re-infected. Download MULTI_AV.EXE from the URL -- http://www.ik-cs.com/programs/virtools/Multi_AV.exe To use this utility, perform the following... Execute; Multi_AV.exe { Note: You must use the default folder C:\AV-CLS } Choose; Unzip Choose; Close Execute; C:\AV-CLS\StartMenu.BAT { or Double-click on 'Start Menu' in C:\AV-CLS } NOTE: You may have to disable your software FireWall or allow WGET.EXE to go through your FireWall to allow it to download the needed AV vendor related files. C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in C:\AV-CLS} This will bring up the initial menu of choices and should be executed in Normal Mode. This way all the components can be downloaded from each AV vendor's web site. The choices are; Sophos, Trend, McAfee, Kaspersky, Exit this menu and Reboot the PC. You can choose to go to each menu item and just download the needed files or you can download the files and perform a scan in Normal Mode. Once you have downloaded the files needed for each scanner you want to use, you should reboot the PC into Safe Mode [F8 key during boot] and re-run the menu again and choose which scanner you want to run in Safe Mode. It is suggested to run the scanners in both Safe Mode and Normal Mode. When the menu is displayed hitting 'H' or 'h' will bring up a more comprehensive PDF help file. * * * Please report back your results * * * -- Dave http://www.claymania.com/removal-trojan-adware.html http://www.ik-cs.com/got-a-virus.htm
|
|
#4
November 28th 05, 04:37 AM
posted to microsoft.public.windowsxp.security_admin
|
|||
|
|||
|
gaelicum.a
From: "Carey Frisch [MVP]"
| Many viruses are designed to fatally corrupt and destroy the | operating system. You can always remove the virus file, | but the damage caused by the execution of the malicious | virus code has already been done. Try the following: | | How to Perform a Windows XP Repair Install | http://www.michaelstevenstech.com/XPrepairinstall.htm | | If the "Repair Install" is unsuccessful, then you need to | start from scratch and perform a "Clean Install". | | Clean Install Windows XP | http://www.michaelstevenstech.com/cleanxpinstall.html | | Here's what you can do to enhance the security on your PC | http://www.microsoft.com/athome/secu...2/Default.mspx | | Antivirus softwa Frequently asked questions | http://www.microsoft.com/athome/secu...antivirus.mspx | -- Dave http://www.claymania.com/removal-trojan-adware.html http://www.ik-cs.com/got-a-virus.htm
|
|
#5
November 28th 05, 04:43 AM
posted to microsoft.public.windowsxp.security_admin
|
|||
|
|||
|
gaelicum.a
From: "Carey Frisch [MVP]"
| Many viruses are designed to fatally corrupt and destroy the | operating system. You can always remove the virus file, | but the damage caused by the execution of the malicious | virus code has already been done. Try the following: snip Carey: The W32/Gael wants to spread it is a true virus in all meanings, it doesn't however have a destructive payload. Therefore, it can be successfully cleaned without a system being re-built. Although they are named differently by different AV vendors, they are all the same virus. W32/Gael.worm.a -- http://vil.nai.com/vil/content/v_134857.htm W32.Licum -- http://securityresponse.symantec.com...w32.licum.html W32/Tenga-A -- http://www.sophos.com/virusinfo/analyses/w32tengaa.html -- Dave http://www.claymania.com/removal-trojan-adware.html http://www.ik-cs.com/got-a-virus.htm
|
|
#6
November 29th 05, 02:55 AM
posted to microsoft.public.windowsxp.security_admin
|
|||
|
|||
|
gaelicum.a
Thanks both of you guys (David and Carey).
I will try David's ideas and get back. The first time I got gaelicum.a it did mess up my system so much I ended up doing a clean install. But it still got back in in a couple of weeks. The only thing that has saved me is using vcleaner as soon as it gets back in. Richard "David H. Lipman" wrote: * * * Please report back your results * * * -- Dave http://www.claymania.com/removal-trojan-adware.html http://www.ik-cs.com/got-a-virus.htm
|
|
#7
November 29th 05, 03:20 AM
posted to microsoft.public.windowsxp.security_admin
|
|||
|
|||
|
gaelicum.a
From: "erichard777"
| Thanks both of you guys (David and Carey). | | I will try David's ideas and get back. | | The first time I got gaelicum.a it did mess up my system so much I ended up | doing a clean install. But it still got back in in a couple of weeks. The | only thing that has saved me is using vcleaner as soon as it gets back in. | | Richard | Like I said , it is a True Virus in the classic sense. It infects EXE files and appends itslef tio the EXE file and makes the EXE file approx. 4KB larger. So it spreads pretty easily to other EXE files. You have to make sure all EXE files that you have are clean that you have lieing around. You have to make sure that if you restore email that all email folders and files are scanned. Otherwise you will just get re-infected. Of course you also must make sure you are running an up-to-date AV package in "On Access" mode where any file written or read from any media is scanned for infectors. -- Dave http://www.claymania.com/removal-trojan-adware.html http://www.ik-cs.com/got-a-virus.htm
|
| Thread Tools | |
| Display Modes | |
|
|
Linear Mode
