• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

MP3 Virus - VBS.LOVELETTER.A

C

CAK

Senior member

My friends PC became infected with this virus, turning all the MP3's into .vbs files that read 11k(they arn't though) each and will not play. The icons for the MP3's are now replaced with a white rectangle with a blue dollar sign inside it. On boot up(winXP) a message comes up saying some system files have been changed and to insert the winXP CD, or continue and leave changes and having possible stability problems. If you choose to leave the changes you get the above results and the hoempage in IE is set to skynet.net(or something to that effect), If I boot with the winXP CD you can play the files and there is no blue dollar sign icon next to the files.

Fix-it virus scanner said it was the VBS.LOVELETTER.A virus causing it, saying it was a e-mail virus. It has only infected .mp3 files. Fix-it virus scanner says it cannot remove the virus from the mp3's, and can only delete them. I went through and removed all spyware/adware on his PC and went through the registry and deleted certain keys symantec said would get rid of the virus but the problem still exists.

Anyone know more about this or a cure?
 
> Fix-it virus scanner says it cannot remove the virus from the mp3's, and can only delete them. I went through and removed all spyware/adware on his PC and went through the registry and deleted certain keys symantec said would get rid of the virus but the problem still exists.

What problem, the damaged mp3 files? They are gone, you won't recover them. You'll need to delete all of them.

> read 11k(they arn't though)

Yes, actually they are 11k. The original contents have been overwritten and lost.

> Anyone know more about this or a cure?

I'm not sure what your asking for. You said you went thru and followed the directions at our site to remove the virus, other than the mp3's which you haven't deleted yet, what other issue are you still facing?

Bill
 
If you're trying to save the MP3's you're not going to be able to. I believe that virus overwrites part of the MP3 file with its own code, completly destroying the mp3. I sure hope he didn't have very many of them 🙁
 

Even if the file size says 11k, they arn't. If i boot without the winXP CD the files say 11k and will not play(HD still shows the right amount of space used). If i boot with the winXP cd in the cd-rom, the files are they correct size and will play. As long as the winXP CD is in the drive at bootup all is OK filewise, but the IE homepage is still always skyinet.net regardless.

90% of the files are clean when booting with the XP cd, all come up infected booting without.

Unfortunetly Durango theres alot of live sets i got in the UK, germany and isreal and can't be replaced 🙁 I put most of them on CD though so all should be well.

Thanks for the input.
 
format, reinstall, restore from known GOOD backups, run a virus scanner at all times if you wish you use a virus prone OS.
 
and BTW, its Derango! Not Durango. I didn't even consider the car when I came up with this nick. I don't even like the car!! 🙂
 
> Even if the file size says 11k, they arn't. If i boot without the winXP CD the files say 11k and will not play(HD still shows the right amount of space used). If i boot with the winXP cd in the cd-rom, the files are they correct size and will play. As long as the winXP CD is in the drive at bootup all is OK filewise, but the IE homepage is still always skyinet.net regardless

I don't know what your looking at when you boot with XP, but it's not those files. The original files have been overwritten and the extensions changed, period. Saying that you have 'song.vbs' and XP somehow plays that as a music file isn't correct, are you sure your checking the correct partition?

Bill
 



<< don't know what your looking at when you boot with XP, but it's not those files. The original files have been overwritten and the extensions changed, period. >>



Heres what I'm saying, when I boot into XP a message pops up saying system files have been changed and to insert the winXP CD to restore they system files or leave the current changes. Inserting the CD doesn't change anything though, and all mp3 files are .vbs and show as 11k and will not play(asks what program to use to open a .vbs file). If i boot with the XP cd in the drive there isn't a message about the system files and all of the files show correctly as .mp3 and show thier correct file size and will play.

Regardless of how i boot the partition with the mp3's always shows the same amount of used space, 28gb. Since i can boot back and forth, with and without the XP cd, over and over, the files havn't been over written. For whatever reason the file size is just being displayed wrong and the extention changed booting without the XP cd. Thats what i don't understand at the moment.
 
> If i boot with the XP cd in the drive there isn't a message about the system files and all of the files show correctly as .mp3 and show thier correct file size and will play.
> Regardless of how i boot the partition with the mp3's always shows the same amount of used space, 28gb. Since i can boot back and forth, with and without the XP cd, over and over, the files havn't been over written. For whatever reason the file size is just being displayed wrong and the extention changed booting without the XP cd. Thats what i don't understand at the moment.

This is very very (did I say very) strange. I can't explain the behaviour your seeing, there must be other forces at work 😉 Is there any strange utilities (GoBack, etc) running that might account for the view you get when booting from the CD. And, how are you booting XP from the CD, is this the XP setup CD?

Really confused,
Bill


 
No, nothing of the sort. And I'm not booting from the CD, just booting with the CD in the CD-rom. When XP loads to the desktop it reads the CD for a moment. Regardless i always get the skyinet.net as the homepage. I can change it, save the settings and reboot and it's back again.

Bottom line I'll just reformat and redo everything, take less time and effort probably. Like you, I just don't understand why the above is so and have yet to figure out how this happend to his PC. He doesn't use any file sharing programs, doesn't DL porn(as far as i know)and i couldn't find a e-mail that may have caused it.
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top