question, i have a virus problem.. :-(

[onza]

So here's the deal, i run norton like everyday, and it seems like i get a virus like every other day...

i just got AVG i think its called and found some other virus's... i'm getting frustrated.... so should i just format my drive and be done with it?

or is there a way to stop these virus's i'm pretty careful of what i d/l and i think it all started once i hit up MIRC(its the devil) and had these problems ever since..

i just dont understand, once i delete the virus's why do i see more come back?? ahhhhhhhhhh

any help? i've been getting like "hidewindow" virus's and my explorer wont show up when i reboot my system, i need to go hit cntrl+alt+del then go to run task and find "explorer"


help me
==========================

also, if i uninstalled MIRC, can there be a way for mirc virus's still harm my pc??

 

[stndn]

it's one of the things that you got from items you downloaded through mirc
more specially is the *.scr thing that people like to auto send to you

in any case, when you run AVG or norton, they should be able to delete or quarantine the virus
some viruses are stonger than anti virus
in that case, you will have to format your computer to get rid of them

and btw, even if you delete mirc, it won't help much since you already downloaded and deployed the virus the moment you execute the virus containing file ....

just be careful with what you download (kazaa/mirc/winmx/etc)

 

[OZEE]

I've never seen a virus that I had to format to recover from! Yes, that'll fix it, but it's pretty radical.

What are the virus names you've seen? That'll tell us how to help you. Some of them, AVG or Norton or McAfee can fix themselves. Others require manual fixes - usually involving changes to the registry. You can find instructions for those on McAfee, Norton, or Trend websites. Usually Norton and Trend give better instructions than McAfee.

Another tool is Housecall. It's a free online scanner. It'll tell you if you have a virus but won't keep you from getting the next one. You've already got one of the best all-around scanners available in AVG -- if you keep it up to date.

You've probably downloaded something that's in a startup group in the registry. Until you get rid of it and clean your registry you're gonna have problems.

DON'T EVER D/L anything with the following file extensions: .exe, .com, .bat, .scr, .pif << these can all carry viruses. (You might have downloaded a "Screen Saver", which is a .scr file, e.g.) And watch out for the double extensions, like filename.doc.pif ... these are almost always viruses - you think it's a word file, but it's really an executable file that hijacks your computer.

If you have any more details on the exact viruses you've got, I might be able to help you more. Feel free to pm me.

Good luck.

 

[onza]

backdoor.flood

 

[Davegod]

definately a good idea to use a solid firewall if you use mirc a lot, well tbh even if your just online a lot. Zonealarm and Sygate are good and have free versions.

Also imo worth tweaking your windows, for XP take a look at http://www.blkviper.com/WinXP/servicecfg.htm... I reccomend this even if you dont want to free up system resources because you can make your PC that bit more secure by closing the holes in the first place - and freeing up some resources at the same time.

Although you've already got the virus(es), and possibly some have installed some backdoor, imo its worth uninstalling & reinstalling mirc just incase. You can save i think it's mirc.ini to retain all your settings, though of course this might be infected?

I've had 2 viruses ever. First one NAV didnt detect until i forced it to scan it (I was suspicious) and the second NAV detected right away. Mostly I think it's down to simply being cautious... personally I'd never have my email address in my sig, or would at least have it blahATblahDOTcom; without wanting to sound too paraniod, there's bots which scan sites & forums for email addresses.

 

[onza]

k, thnx for info

when running NAV and other antivirus software, do you guys run it in reg windows or safemode?

onza

 

[OZEE]

That's a backdoor trojan. However, depending on which website you look at, there are several versions, each requiring different manual removal steps...

Since you have AVG ...
FIRST >> Make sure it's up-to-date.
SECOND >> Check out this. There are some steps here for dealing with it in safe-mode. Dunno for sure which OS you're running, so just follow the instructions on this page.

Another option is SwatIt, which is a trojan/bot killer. I've been running it occasionally ... it's never found anything, so I don't know if it's working. AFAIK, I don't have any trojans and nothing leads me to believe I do, so...

I've got AVG running all the time. When I scan, I just scan in "regular" mode. I've had a few more virus exposures than Davegod has, but I'm in and out of places where I can get 'em (by nature of my occupation...). I can only remember twice actually becoming infected... and both times were before McAfee (my AV product of choice at that time...) even knew about that virus.

If you're gonna continue with IRC (or Kazaa or ICQ or ...) Davegod's right >> Get a good firewall. And keep your virus def files up to date.


EDIT** Forgot about this ... If you want to check to make sure your AV software is working, go to this test site. They have some files here that are "standard test files" for virus software. If they don't detect as infected when you d/l them, your virus protection isn't working. Don't worry, they're not really viruses ... just test files.

 

[onza]

backdoor.flood is the virus name.. just got a message from AVG

 

[OZEE]

Found this on several web sites ...

++++++++++++++++++++
1. Delete files that were extracted from ocxdll.exe, plus ocxdll.exe and dll16.ini

(created when running mirc.exe)

Ocxdll.exe
Dll16.ini
dll32.hlp
dll32NT.hlp
gates.txt
gg.bat (bat file to hack and copy Trojans)
httpsearch.ini (might show up as httpsear.ini due to 8.3 file format)
kill.exe (to kill process)
mdm.exe (to hide window program)
mdm.scr
mt.exe
ncp.exe
NT32.ini
psexec.exe
seced.bat
taskmngr.exe
tftp8675
v.exe
xvpll.hlp

2. Hkey local machine\Software\Microsoft\Windows\CurrentVersion\Run, remove "taskmngr.exe" (this starts mirc client program during the windows startup)

3. Change the LOCAL Administrator password on ALL Systems! This includes Windows 2000 PROESSIONAL! Make sure the new passwords are
strong passwords! Use mix of Uppercase, Lowercase, numbers, and non-alphanumeric, i.e. _,+,=,), ? for your newpasswords, and make sure
the passwords are NOT similar to the administrator ID in any way. For example, "Administrator123" is a very bad password, even it has mix
cases and alphanumeric.

Removal instructions from Norton can be found here, but don't look quite as good as the other instructions posted above.

You'll notice several of the suspect files "look like" genuine Windows files -- that's camoflauge. It appears that you need to delete the above files (if you want to keep 'em around just incase you screw something up, rename 'em by appending a ".old" extension to them...). Make the registry edit in step 2. Change your passwords. Should be easy enough.

Then get AVG updated, run it regularly. Get a trojan-detector, like SwatIt and run ig regularly. Get a good firewall and use it religiously.

Hope this gets everything fixed up!

OZEE

 

[onza]

when windows loads up, this shows