I got hit with a virus but cant get it out

NDENT2003

Banned
Apr 7, 2003
372
0
0
Virus is called W32/Raleka.worm.This is the location is in C://windows/system/svchost.exe.After doing acouple of virus scans i keep finding the same infected file but it can't be deleted as it's saying file is in use.Ok cool so i go into take manager & find acouple of things running under that name svchost.exe.When i goto close them my pc starts to shut down.I get a message saying

This system is shutting down so please save all work in progress and log off.It also has something in that popup box with a 60sec countdown & says something with NT AUTHORITY SYSTEM.

Please help me as this is screwing up my internet connection.
 

neutralizer

Lifer
Oct 4, 2001
11,552
1
0
Originally posted by: NDENT2003
Virus is called W32/Raleka.worm.This is the location is in C://windows/system/svchost.exe.After doing acouple of virus scans i keep finding the same infected file but it can't be deleted as it's saying file is in use.Ok cool so i go into take manager & find acouple of things running under that name svchost.exe.When i goto close them my pc starts to shut down.I get a message saying

This system is shutting down so please save all work in progress and log off.It also has something in that popup box with a 60sec countdown & says something with NT AUTHORITY SYSTEM.

Please help me as this is screwing up my internet connection.

Find the fix file on Norton.
 

NDENT2003

Banned
Apr 7, 2003
372
0
0
Was i was running those free online virus scans from norton & trendmicro i think.I'll search around the net now to see if i can get a full copy of one of those virus programs.
 

Mem

Lifer
Apr 23, 2000
21,476
13
81
AVG is free ,best to have an Anti-virus software program installed before you get a virus ;).
 

Mem

Lifer
Apr 23, 2000
21,476
13
81
AVG 7.0 - AVI 261.8.3 and AVG 6.0 - 580 Added detection of new viruses Win32/Zevity, Win32/Lala. Added detection of new variants of I-Worm/Mimail, Worm/Raleka, Worm/Agobot, Worm/Spybot, Win32/Icer. Added detection of new variants of trojan Startpage, IRC/BackDoor.SdBot. - February 06, ...
http://www.grisoft.com/us/us_history.php 03/03/04, 48711 bytes




Grisoft, Inc. (c) 2003 top webmaster homepage

Got it listed.
 

John

Moderator Emeritus<br>Elite Member
Oct 9, 1999
33,944
1
0
Originally posted by: NDENT2003
Was i was running those free online virus scans from norton & trendmicro i think.I'll search around the net now to see if i can get a full copy of one of those virus programs.

You can download a fully functional 15-day trial of NAV 2004 from here.
 

NDENT2003

Banned
Apr 7, 2003
372
0
0
Downloaded NAV & installed it /scanned it but its saying unable to delete file.What should i do now ?
 

Mem

Lifer
Apr 23, 2000
21,476
13
81
Did you follow the instructions here and disable System restore if you use WinME/XP?
 

SwampsterFL

Member
Oct 30, 2001
171
0
0
Start your computer in Safe Mode and if you are using WinME or WinXP turn off System Restore.

Click on Start - Run, and type in MSCONFIG and hit OK.

In the little utility that opens, click on the Startup tab and look for an entry called Blaster and remove its check. While there, look for anything else that doesn't seem right (for example, anything like "wink*.*) and remove its check. If it was something important, you can always go back and re-select it.

This will allow you to boot into Normal Mode and get online to get whatever you need in the line of a virus program, install it, update its definition files, and let it scan the entire system (all files). This should clean the rest of it up.

After everything is cleaned up, go back and turn System Restore back on.
 

NDENT2003

Banned
Apr 7, 2003
372
0
0
Originally posted by: SwampsterFL
Start your computer in Safe Mode and if you are using WinME or WinXP turn off System Restore.

I don't know how to start up my system in safe mode but i did turn off the system restore.



 

Swampster

Senior member
Mar 17, 2000
349
0
0
As soon as you start to see text on your screen as it is booting, start pressing the F8 key about every 2 seconds. That way, hopefully, you will hit it at the right moment before it starts booting the operating system and you will get a DOS style menu. Use your arrow keys to move to the Safe Mode selection and hit Enter. Depending on your operating system, you may have to hit enter on the next screen also.