What's new
Fantasy Football - Footballguys Forums

Welcome to Our Forums. Once you've registered and logged in, you're primed to talk football, among other topics, with the sharpest and most experienced fantasy players on the internet.

Windows pop-up screen (2 Viewers)

Nice work everyone. I've now downloaded the latest IE 6.0 with SP1 and patch. Then I downloaded AVG and ran a scan. It found 150 :eek: . that's right 150 :eek: infected files. It identified 4 viruses. they are:Trojan Horse BackDoor.apdoor (only 1 infected file)I-Worm/BadTransII (only 2 infected files)Win32/EIKern (19 infected files)I-Worm/klez.H (by far the most_Per the recommendation I moved the infected files to the vault. Now most of the infected files have a 'Healed OK' status...some still say 'virus vault'. The Trojan Horse and the Win32/EIKern are the only 2 that do not have the 'healed ok' status. Now what do I need to do? :confused: 1. Most of the I-Worm/klez.H infected file are in c\windows\temp\ various numbers and letters.EXE. For example c\windows\temp\BHY81B1.exe is infected, but AVG says it's healed ok. Now what do I do? I don't even know what that file is :confused: There's probably over 100 of them like that. Do I need to go to all those files and delete them from my C: drive? Or should I just let them remain there knowing they're 'healed'.2. Some of the I-Worm/klez infected files are in my program files- such as c\program files\adaptec.... Adaptec is my CD creator software. After running the AVG scan and trying to heal everything, AVG is saying that the status is 'healed ok'. But, my desktop icon for Adaptec is looking different. I'm assuming I just need to may re-install the now clean program? It just seems strange the Adaptec program was infected, then healed, now needs to be re-installed, but my photo editing program (Presto! Image) was also infected, then healed, now it's running like normal. 3. The Win32/.EIKern and the Trojan Horse do not have the 'Healed OK' status. The files are in c\program files\various number and letters. Example c\program files\YHK7310.EXED is infected and now in the virus vault (not healed ok). I have no idea what those files are. Those files have the ' ->virus vault' status. Not sure what that means either. Does it mean AVG couldn't fix those files but moved them in a safe vault area? Should go to those files and delete them? I don't know what they're for or what they do, should I just get rid of them?I hate to be deleting 150 files if I don't need to, but I may have no other option. Maybe I just throw the computer out the window and start over. Any advice on what to do with these 150 files would be greatly appreciated.
Click to expand...
1. Delete all your temp files. You don't need them, especially if they are virus files. The only temp files you can't delete are the ones that were crated today.2. Your program files that have been 'de-klezzed' are fine. Judging from the sheer number of files, Klez managed to hit a majority of the programs on your PC.3. Boot your PC into safe mode (Hold down F8 while booting up the PC and select safe mode. Run your virus scan. It should be able to delete/fix the remaining occurances. If you have trouble running in safe mode, Memphis Foundry has a good post on how to make it work. Its either in this thread or the other virus thread in the Shark Pool. Now I'm getting :wacko: ...
 
Yep, the \temp files should be safe to kill. Don't feel any remorse about deleting them as they were only being used temporarily to do program installs, etc., and would have been deleted by the system anyway when you ran the "free space wizard".All the 'healed' files should be good. However, if you are having trouble with your Adaptec program, it wouldn't hurt to uninstall it and reinstall it. You can do that in Control Panel > Add and Remove Programs. It may have been adversely affected by the virus while the other program was not because of the particular virus that infected the file, etc. -- the antivirus can try to "heal" files and it does a pretty good job on data files, but sometimes program files are a little too complex for it to heal properly.On the two infected files, I would boot into Safe Mode and delete them -- instructions on how to do this are on this thread up about 10 messages or so. If they are still in the virus vault after you delete them from the hard drive, I would go ahead and tell AVG to delete the files from the vault. From the filenames you supplied, they don't look like useful files and are probably just the virus executables.

 
When I ran AVG last night, I was in Safe Mode. I'll re-boot again in safe mode when I get home from work. I'll definitely delete all those temp files. Thanks gusy... :thumbup:

 
Make sure you visit the the anti-virus software site and learn how to delete the files out of your registry. Otherwise, depending on the type of virus it is, when you restart windows the virus will reintroduce itself.

 
Make sure you visit the the anti-virus software site and learn how to delete the files out of your registry. Otherwise, depending on the type of virus it is, when you restart windows the virus will reintroduce itself.
Click to expand...
Well, not quite. It's good to clean out the registry, but all the entry in the registry does is "activate" or run the virus. If the virus has been removed, then there's nothing to activate. Still good to get that garbage out of the registry though.
 
Yep, the \temp files should be safe to kill. Don't feel any remorse about deleting them as they were only being used temporarily to do program installs, etc., and would have been deleted by the system anyway when you ran the "free space wizard".All the 'healed' files should be good. However, if you are having trouble with your Adaptec program, it wouldn't hurt to uninstall it and reinstall it. You can do that in Control Panel > Add and Remove Programs. It may have been adversely affected by the virus while the other program was not because of the particular virus that infected the file, etc. -- the antivirus can try to "heal" files and it does a pretty good job on data files, but sometimes program files are a little too complex for it to heal properly.On the two infected files, I would boot into Safe Mode and delete them -- instructions on how to do this are on this thread up about 10 messages or so. If they are still in the virus vault after you delete them from the hard drive, I would go ahead and tell AVG to delete the files from the vault. From the filenames you supplied, they don't look like useful files and are probably just the virus executables.
Click to expand...
Temp files....GONE. Just got rid of them.I'm still having trouble with my Adaptec easy CD creator. I can't run it as is. And I don't have the software disk. I can't find and setup or install icon or file, so I don't know...it's just gone. It was simply on my computer when I bought it. Maybe I'll need to go back to where I bought it and ask if they can re-install for me? I bought it from a local computer store, so hopefully they'll be able to help me out. If not I'll have to spend the $$ on another CD burning software package. Heck...I'll be at the store buying my AV software that I should've had in the first place. :wall: Lesson learned.Again...thanks everyone for helping me (and others) out. Very cool of you guys/gals to do so :thumbup:
 
If they sold you a cd burner with your computer, they should have given you a copy of the burning software. Hopefully they'll help you out. Nero used to be free, and a lot of people like it more than adaptec. You may have trouble finding the free version now though. Gotta go...it's date night :P

 
Thanks a bunch to Memphis Foundry and 3 C's for all their assistance offered on my problem. I followed the instructions you guys suggested and am now checking out clean on AVG Anti-Virus System. I really appreciate your help, it was invaluable.

 
Bump for Nero Burning Rom! :thumbup: It's my CD-RW package of choice. It can't hurt to ask the folks at the local store where you got your PC if they can give you a copy of Adaptec EZ-CD Creator to reinstall since you legitimately own it. Otherwise, if you have to buy a burner program, Nero's a fine choice. You can download a 30 day demo of Nero 6 at Nero.Com, so that will give you something to burn with while you get your software restored or purchased.

 
Thanks a bunch to Memphis Foundry and 3 C's for all their assistance offered on my problem. I followed the instructions you guys suggested and am now checking out clean on AVG Anti-Virus System. I really appreciate your help, it was invaluable.
Click to expand...
Very good! Hopefully everyone is clean now. Man, date night over already...guess it's back to lurking in the shark pool :ph34r:
 
I ran a virus scan on my computer July 21 and it was clean. I just ran it again and I had 3 files with w32/mimail@mm virus. Can some one tell me if this is real bad and where would I have gotten this and why didn't my Virus software pick it up. I use McAfee and update it all the time.Any Help? Thanks

 
I ran a virus scan on my computer July 21 and it was clean. I just ran it again and I had 3 files with w32/mimail@mm virus. Can some one tell me if this is real bad and where would I have gotten this and why didn't my Virus software pick it up. I use McAfee and update it all the time.Any Help? Thanks
Click to expand...
The mimail@mm virus is brand new. A lot of large networks were being flooded with it yesterday. Where I work we saw it start up and stripped off message.zip attachments. Did you happen to get an email yesterday stating something to the effect of "your account..." possibly with a message.zip attachment? All of the big AV vendors have virus defs for it. Update your AV and rerun the scan and you should be good. As for damage, no worries. It's more of an annoyance. Although I think since it's an email worm, people in your address book mught be targeted too.
 
Thanks and yes I got two of them yesterday saying from your account. I would not have tried to open them but they said it was from my server company. McAfee cleaned it up ok. Thanks for the help

 
Thanks and yes I got two of them yesterday saying from your account. I would not have tried to open them but they said it was from my server company. McAfee cleaned it up ok. Thanks for the help
Click to expand...
Those malware/hacker guys are crafty. The cool (from a computer geek point of view) thing they did with this one is they made the "from" address appear to be from admin@yourISP(or domain). That's just nasty!
 
i still can't rid of the virus. i tried doing the delete command in safe mode like memphis desribed but, it tells me something like that network path is not available or something along those lines. i am running xp, avg detects the virus but it won't let me remove it. i tried taking system restore off but, that still didn't help. i downloaded avast anti-virus from the internet but, when i scanned my computer it did not even detect it. am i just going to have to but like nortons av or is there somebody else that is recommended. i am tired of screwing with it and if i buy something i want it to work..... please help...........

 
Write down the exact error and the name of the virus and post it here. Try running AVG in DOS mode as per the link Memphis provided. That should do it. I can't say that 1 AV program is better than another, but I do know that all the biggies are about the same. There are a few free AV's out there, and several that offer 30 trials.

 
Yeah, any of the big AV programs will do the job for you. You might want to look instead at what you can get bundled with it. For example, Norton has a their Internet Security package that has stuff like the Personal Firewall thrown or their SystemWorks that has other tools with it that will keep your computer cleaned up. If you need/want any of that stuff it's cheaper to buy it all together at this point than separately later.

 
it's trojan horse backdoor.apdoor... its in the system32 folder.
Click to expand...
That's the one. :( Need to know what the error was. It sounds like when you were in safe mode, that you weren't in the correct location to delete the infected file(s).
 
Yeah, any of the big AV programs will do the job for you. You might want to look instead at what you can get bundled with it. For example, Norton has a their Internet Security package that has stuff like the Personal Firewall thrown or their SystemWorks that has other tools with it that will keep your computer cleaned up. If you need/want any of that stuff it's cheaper to buy it all together at this point than separately later.
Click to expand...
Very good point! Of course, me being cheap I like free ;) So, I have Outpost firewall and Symantec AV (gov license :thumbup: )
 
Hey Sowerdoughboy -- what's the full name and path of the infected file? It might be set as a "hidden" file, or it might be in a protected directory. You said it was in \system32, so that might be the case. Is it on your c: drive?

 
memphis it looks like this, c:\\windows\system32\eymzhun.exe, avg tells me to move it to the virus vauly but when i do it pops up and says c:\\windows\system32\eymzhun.exe can not be removed. thank you with this continued help, hopefully we can get this solved.nimsowner-----------as far as avast compared to avg, avast does not even detect the error, not sure why its better.

 
memphis it looks like this, c:\\windows\system32\eymzhun.exe, avg tells me to move it to the virus vauly but when i do it pops up and says c:\\windows\system32\eymzhun.exe can not be removed. thank you with this continued help, hopefully we can get this solved.

nimsowner-----------as far as avast compared to avg, avast does not even detect the error, not sure why its better.
Click to expand...
Boot into safe mode (press F8 when the system first begins to boot). When it's done booting, click on start, then run. when the dialog box (window) comes up, type cmd

and then press enter. when the command prompt window opens, type

cd c:\windows\system32

then press enter. then type

del eymzhun.exe

That should do it. Run the virus scan again to make sure. As for avast, did you get the latest update file from them?

 
it looks like i owe you some beer or something along with memphis. you guys have gone way out of your way to help people on this board. i ran a scan with avg of my system 32 folder and it came up clean for the first time all week. now i am running a complete scan which takes a while but i'll let you know. if you were here in jax i would hug, not in a queer way but a win in the playoffs kind of way...... thanks and i will let you know how the complete test works out...MESSAGE BOARD PARTICIPANTS,,,,,, HAIL TO 3C AND MEMPHIS................................ THANKS....

 
alright, good luck. I'll check in l8r....mowing the grass (pretending to be busy so my wife won't give me honey-do's!)edit...spoke too soon. Cool...glad to help...I might have to take you up on the beer...wife wants to go to Florida to visit her friend...but I think Hollywood, Fl is a good bit away from Jax!

 
Last edited by a moderator:
Naw, it's just DHS trying to look like they're adding value to our everyday life. :rolleyes: Just being cynical really.That one is huge and is why everyone needs to not only get the IE updates, but they need to go to the Windows Update site to be sure they get all the critical updates. There's been an incredible increase of port 135 scans by the dregs of life that wish to cause harm. There are exploits for it, but I don't think it will be too big because Code Red made a lot of people aware of what could happen. But, there was plenty of fore warning on Slammer and it still "slammed" quite a few systems.

 
Well, looks like I've joined the ranks of the infected. :wall: Got coreflood when I used Opera. Guess they were/are vulnerable too. I haven't used Opera since 8/2. Funny thing was that the virus defs I got on the 6th didn't catch it. Maybe I was got the defs before the fix. Oh well....now to make sure I don't have "blaster". Several people I know have it as well as a few here. :hot:

 
I am not getting the pop up but I saw on TV where there was a worm attacking windows. I downloaded the patch from microsoft and haven't had any problems. Jim

 
Just incase anyone realizes that they have the worm "msblast", hopefully this will help. IT'S NASTY!!!!

I fought it for 7 hours today, and FINALY I am FREE! :yes:

I tried everything, Firewalls, AV, Deleting, all the "SO CALLED" fixes out there, everything.

Here is a Step by Step easy way to absolutely beat it without too much effort:

Open this Link, it will prompt you to download right away. DON'T OPEN IT, it takes longer, just SAVE IT. It will go right onto your Desk Top, and you can install it off line. It only takes about 15-20 seconds to download, so it took me 3 tries before I could stay on long enough to get it. Just stay at it, it's Quick.

http://securityresponse.symantec.com/avcen...er/FixBlast.exe

After you have it on your Desk Top, Open and install/Run.

Then get back online, and Download this patch, it's also a quick download, but since the Blast is defeated at this point, and you are only making sure you don't get it again, Time is not an issue

http://download.microsoft.com/download/9/8...980-x86-ENU.exe

Then, I don't know if this step really helps, but supposedly, ZoneAlarm (FREE) has some sort of filter that also stops it cold. I am not enough of a Computer person (OK, I'm clueless), to really understand this part, but I did it just to be safe. Here's the link

http://www.zonelabs.com/store/content/comp...zap_za_grid.jsp

That will totally and entirely beat and destroy it forever, and you will never have to worry about it again. :thumbup:

 
Something big may be coming, and I believe this little problem we've been having probably has something to do with it.CLICK HERE for more information from the US Dept. of Homeland Security.
Click to expand...
4 simple wordsI TOLD YOU SO
Click to expand...
And though I was being cynical, I didn't disagree. But this one is mostly getting the home users who didn't get the MS update. Any medium to large business that's getting it should be ashamed. They had plenty of time to prepare. Guess I should be more careful in my experimenting. I was trying to get the pop-up when all the coreflood mess was going on. Didn't get it in IE and didn't realize that I did get it when I used Opera.
 
You must log in or register to reply here.

Similar threads

creepythinman
True League Winners - Upgrading the Playoff Roster
Replies
25
Views
1K
creepythinman
creepythinman
ignatiusjreilly
QB/TE draft strategy 2023
2
Replies
82
Views
3K
Pip's Invitation
Pip's Invitation
JohnnyU
Do you remember Roger Carr?
Replies
21
Views
1K
Uruk-Hai
Uruk-Hai

Users who are viewing this thread

Total: 2 (members: 0, guests: 2)
Top