Dang it I got a virus please help me get rid of it!!

[OverclockMe]

Well I have the trojan virus. I didnt have a antivirus program until recently and scanned my computer only to find that I have the Trojan Horse Virus. It infect 2 other .dll files and I qurantined them, but my winserve.exe file is still infected and I cant qurantine it or delete it. Please help me out guys I need to get rid of this darn thing and hopefully not have to re-format. Also what exactly does this virus do?

Thanks in advance
OverclockMe

 

[LoneWolf1]

<< Also what exactly does this virus do? >>

It would help to know what you're infected with. Saying that your winserve.exe file is infected doesn't really help much. Whatever AV program you have should tell you what you've got.

 

[OverclockMe]

I am using Norton Antivirus 2002 right now i can't see where it states the specific Trojan Horse virus. In NAV it just says Trojan Horse Virus, do you know how to see which one it is? If you can give me some hints on how to find the sepcific virus i have through NAV2002 then thanks. I already did a liveupdate and still wasnt able to fix it. THese files are infected but quarantined: systb.dll winobject.dll wupdt.exe

 

[n0cmonkey]

Backup, Format, Reinstall, Restore. Works every time.

 

[FOBSIDE]

<< Backup, Format, Reinstall, Restore. Works every time. >>



ive seen this advice given many times by you, n0c. its funny cuz its true. i would do an overhaul on my system if i had a virus that couldnt be cleaned. even if the file could be quarantined, it would still bother me and i would reformat/reinstall.

 

[bacillus]

<< I am using Norton Antivirus 2002 right now i can't see where it states the specific Trojan Horse virus. >>


have you looked in the activity log??

 

[flawedexistence]

Hang on a sec. If NAV has automatically quarantined the infected files, can you not simply delete them? I have done this with various Trojans in the last year, and with exception of the BadTrans virus, which necessitated a reinstall of WinXP, has worked every time. Even at that, I may have made an error with BadTrans. JMHO, but why reinstall if you don't have to?

 

[Derango]

<< Backup, Format, Reinstall, Restore. Works every time. >>



Not every time...If you backed up the virus, then you have to do it all over again

 

[n0cmonkey]

<<

<< Backup, Format, Reinstall, Restore. Works every time. >>

Not every time...If you backed up the virus, then you have to do it all over again >>



Thats why you be intelligent with what you backup.

 

[Jonathan93]

If you can boot up in DOS, all you'd have to do is delete the file.... I think with Win 2k if you get the Windows CD and put it in the drive and let it boot off of that, that you can get to the Rescue console, in which you can delete the file from there (You may be able to rename it if you'd like to, I'd suggest that, in case it may be something important. I don't think you can do this with the rescue console though, you may be able to copy the file to another location then delete it).

 

[OverclockMe]

Well it didnt say which Trojan it was so that kinda sucked, but the I was able to delete the qurantined items. However I was not able to delete the virus which was named winserv.exe So I got the windows cd booted into the repair mode and deleted the winserv file. So far no more virus. THanks guys I appreciate the help.

 

[gwlam12]

is it possible to just try to replace the file? ive never trieed that before, i've never been infected, and if i did, i would format. but yea, care to find out?

 

[OverclockMe]

Actually when me and my friend tried to replace those infected files it turned out he couldnt find them on his system which makes us believe those were fake infected files posing as window files.

 

[Dreadogg]

did you get rid of the regestry keys? last time I got one of those pesky things I had to delete the keys than delete the file and all was well, so if it looks and seems as if the trojan is still running, it most likely is having to do with the regestry keys being involved.

 

[flawedexistence]

This is a good point. Many of NAV's virus removal tools and procedures involve removal of certain registry items. I've had to do this several times. Norton (Symantec) generally has a lot of this info available on their website.