Help MSN

mechBgon

Super Moderator<br>Elite Member
Oct 31, 1999
30,699
1
0
Your friend's computer is infected with what Symantec calls W32.Chod.D or one of its descendants. If you clicked the link and are using an Admin-class account without antivirus protection, your computer is probably infected too.

One symptom of infection is that it makes you post in the wrong section of the Forums. :D

Once Chod.D is installed, it can take some maneuvering to get it off, because it prevents antivirus software from running if you do install some. I suggest downloading this text file and saving it first, then follow the instructions precisely while in Safe Mode, as a preliminary knockdown punch against the virus. Then reboot into normal Windows and download and install Microsoft Baseline Security Analyzer and a 30-day trial of Kaspersky Antivirus Personal 5 from http://www.kaspersky.com/trials. Configure it, update it, scan with it.
 

UsandThem

Elite Member
May 4, 2000
16,068
7,380
146
Originally posted by: chrisrod01
how do i start window in safe ? and the last link is wrong

I think he meant to say "Thanks mechBgon";) and the last link works for me.

You boot into safe mode by holding down F6 I believe (or F8) can't remember at the moment when Windows starts to load.
 

mechBgon

Super Moderator<br>Elite Member
Oct 31, 1999
30,699
1
0
You start Windows in Safe Mode by pressing the F8 key repeatedly when you know that the first WindowsXP boot screen is about to show on the screen, the one with the little scrolling bar below the WinXP logo.

The last link is working. If you can't get there, then the virus has probably tampered with your HOSTS file to keep you from visiting Kaspersky Labs' website. Open up Notepad and use Notepad to view this file: C:\Windows\System32\Drivers\Etc\HOSTS. If there are any entries in the HOSTS file besides 127.0.0.1 Localhost, delete them all and then close Notepad, saving the changes.
 

mechBgon

Super Moderator<br>Elite Member
Oct 31, 1999
30,699
1
0
Reformatting is my preferred approach, if you're ok with that. Be aware that a "raw" WindowsXP installation is super-vulnerable to direct backdoor attack without any human involvement at all, unless your WinXP CD has Service Pack 2 already built into it. So if you reinstall, this page may help.
 

chrisrod01

Banned
Apr 16, 2005
681
0
0
My comp has a install os on my hd that i can reformat so if i make a copy of the sp2 and stay offline it will be another alternitive?
 

mechBgon

Super Moderator<br>Elite Member
Oct 31, 1999
30,699
1
0
Yeah, you could just download the full-sized SP2 installer and save it on a CD-R. Just to emphasize this, by "stay offline," you want to have the computer's network cable fully unplugged, not just avoiding using email/web yourself. Worms attack directly from the Internet whether you use a browser/email or not, unless you've got a router to keep them at bay.