Sign in with
Sign up | Sign in
Your question

removing infected files

Last response: in Windows XP
Share
Anonymous
January 18, 2005 3:57:06 PM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

System: Windows XP SP2, AMD 1.1 Ghz, 256 MB Ram. Upon running NAV 2005, it
comes up and tells me that there are 2 infected fills (.ini files) in my
C:/undo/ directory. But when I go to the directory all there are are cab
files. Do I need to delete the whole cab file and if I do how do I reinstall
it?
January 19, 2005 6:06:52 PM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

i'm guessing the .ini files reported by NAV are not the same as the .cab
files you see in the directory. so deleting the .cab file would not
solve the problem reported with the .ini files

doesn't NAV have an option to let NAV delete the 2 infected file ?
if it does, just let NAV deleted the infected files.
(i do not use NAV, so i don't know about it)


fbcmusicmark wrote:
> System: Windows XP SP2, AMD 1.1 Ghz, 256 MB Ram. Upon running NAV 2005, it
> comes up and tells me that there are 2 infected fills (.ini files) in my
> C:/undo/ directory. But when I go to the directory all there are are cab
> files. Do I need to delete the whole cab file and if I do how do I reinstall
> it?
Anonymous
January 19, 2005 6:06:53 PM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

I have tried for 2 months to get NAV to delete but it always says it can't. I
have searched my computer by name for the files and it doesn't find them and
I can't see the directory it says they are in unless I go to the command
prompt and type in the "undo" directory by name.

"JW" wrote:

> i'm guessing the .ini files reported by NAV are not the same as the .cab
> files you see in the directory. so deleting the .cab file would not
> solve the problem reported with the .ini files
>
> doesn't NAV have an option to let NAV delete the 2 infected file ?
> if it does, just let NAV deleted the infected files.
> (i do not use NAV, so i don't know about it)
>
>
> fbcmusicmark wrote:
> > System: Windows XP SP2, AMD 1.1 Ghz, 256 MB Ram. Upon running NAV 2005, it
> > comes up and tells me that there are 2 infected fills (.ini files) in my
> > C:/undo/ directory. But when I go to the directory all there are are cab
> > files. Do I need to delete the whole cab file and if I do how do I reinstall
> > it?
>
Related resources
January 20, 2005 3:56:55 AM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

have your tried to
reboot into Safe Mode, and then use NAV to delete the files ?

what else have you tried ?
have you tried calling Symantec for help, or tried visiting the Symantec
user forum or newsgroup ?


fbcmusicmark wrote:
> I have tried for 2 months to get NAV to delete but it always says it can't. I
> have searched my computer by name for the files and it doesn't find them and
> I can't see the directory it says they are in unless I go to the command
> prompt and type in the "undo" directory by name.
>
> "JW" wrote:
>
>
>>i'm guessing the .ini files reported by NAV are not the same as the .cab
>>files you see in the directory. so deleting the .cab file would not
>>solve the problem reported with the .ini files
>>
>>doesn't NAV have an option to let NAV delete the 2 infected file ?
>>if it does, just let NAV deleted the infected files.
>>(i do not use NAV, so i don't know about it)
>>
>>
>>fbcmusicmark wrote:
>>
>>>System: Windows XP SP2, AMD 1.1 Ghz, 256 MB Ram. Upon running NAV 2005, it
>>>comes up and tells me that there are 2 infected fills (.ini files) in my
>>>C:/undo/ directory. But when I go to the directory all there are are cab
>>>files. Do I need to delete the whole cab file and if I do how do I reinstall
>>>it?
>>
Anonymous
January 21, 2005 8:07:03 AM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

I would suggest deleting them in the MS-DOS environment booting your
computer on an MS-DOS boot disk and using "del C:\undo\<name of infected
file>.ini" for each.
Hope this helps, theres nothing much more disconcerting than knowing you
have dodgy files!

"fbcmusicmark" wrote:

> I have tried for 2 months to get NAV to delete but it always says it can't. I
> have searched my computer by name for the files and it doesn't find them and
> I can't see the directory it says they are in unless I go to the command
> prompt and type in the "undo" directory by name.
>
> "JW" wrote:
>
> > i'm guessing the .ini files reported by NAV are not the same as the .cab
> > files you see in the directory. so deleting the .cab file would not
> > solve the problem reported with the .ini files
> >
> > doesn't NAV have an option to let NAV delete the 2 infected file ?
> > if it does, just let NAV deleted the infected files.
> > (i do not use NAV, so i don't know about it)
> >
> >
> > fbcmusicmark wrote:
> > > System: Windows XP SP2, AMD 1.1 Ghz, 256 MB Ram. Upon running NAV 2005, it
> > > comes up and tells me that there are 2 infected fills (.ini files) in my
> > > C:/undo/ directory. But when I go to the directory all there are are cab
> > > files. Do I need to delete the whole cab file and if I do how do I reinstall
> > > it?
> >
January 21, 2005 9:13:02 AM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

tungstentoaster wrote:

> I would suggest deleting them in the MS-DOS environment booting your
> computer on an MS-DOS boot disk and using "del C:\undo\<name of
> infected file>.ini" for each.

This will not be useful for the OP unless he has a) his XP installation
on a FAT32 partition; b) or is using a specialized DOS boot disk that
can read NTFS.

To the OP: Make sure your NAV has the most current virus definitions and
scan with it in Safe Mode. To get to Safe Mode, repeatedly tap the F8
key as the computer is starting. This will get you to the proper menu.
Do a thorough scan.

If you are having difficulty seeing files/folders, make sure you have
the Folder Options>View choices set to show all files and extensions.
After you are completely sure your computer is clean, make a new System
Restore point and delete all but that System Restore point from the
More Options section of Disk Cleanup (Run>cleanmgr).

Here are general malware removal steps. Do everything with updated tools
in Safe Mode:

1) Scan in Safe Mode with current version (not earlier than 2003)
antivirus using updated definitions.

Before you remove malware, get LSPFix (or WinSockFix for XP which you
can get from MajorGeeks) - see links below.

2) Remove spyware with Spybot Search & Destroy and Ad-aware. These
programs are free, so use them both since they complement each other.
There is a new version of CWShredder from Intermute. I would not
install the other Intermute programs, however. Alternately, there are
CoolWebSearch malware removal steps at SilentRunners.

Be sure to update these programs before running, and it is a good idea
to do virus/spyware scans in Safe Mode. Make sure you are able to see
all hidden files and extensions (View tab in Folder Options).

If the malware remains even after you used Ad-aware and Spybot, you can
scan with HijackThis. HijackThis is an excellent tool to discover and
disable hijackers, but it requires expert skill. See below for
HijackThis links, including sites where you can post your HJT logs. A
combination of HijackThis and About:Buster works well in removing the
About:Blank homepage hijacker. Again, this is an expert tool and
novices should get help with it.

3) If you are running Windows ME or XP, you should disable/enable System
Restore because malware will be in the Restore Points. With ME, you
must disable System Restore completely. With XP, you can delete all but
the most recent (presumably clean) System Restore point from the More
Options section of Disk Cleanup (Run>cleanmgr).

4) Make sure you've visited Windows Update and applied all security
patches. Do not install driver updates from Windows Update.

5) Run a firewall.

Links to help with malware:

Software/Methods:
http://www.safer-networking.org - Spybot Search & Destroy
http://www.lavasoftusa.com - Ad-aware
http://www.majorgeeks.com - good download site
http://www.intermute.com/spysubtract/cwshredder_downloa...
http://www.silentrunners.org/sr_cwsremoval.html. - SilentRunners
http://www.cexx.org/lspfix.htm - Repair Winsock 2 settings after
removing spyware

HijackThis:
http://www.aumha.org/a/hjttutor.htm - HijackThis tutorial by Jim
Eshelman
http://forum.aumha.org/
http://spywarewarrior.com/viewforum.php?f=5 - Spyware Warrior HijackThis
forum
http://www.wilderssecurity.com/
http://forums.tomcoyote.org/

General:
http://forum.aumha.org/ - look under "Security" for various forums
http://rgharper.mvps.org/cleanit.htm
http://mvps.org/winhelp2002/unwanted.htm
http://www.aumha.org/a/parasite.htm - The Parasite Fight
http://www.spywarewarrior.com/rogue_anti-spyware.htm

Malke
--
MS MVP - Windows Shell/User
Elephant Boy Computers
www.elephantboycomputers.com
"Don't Panic!"
Anonymous
January 25, 2005 6:17:07 AM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

Yeah... sorry about that. I foolishly neglected to mention using an ntfs
version of dos (most of which also work for fat). I spose thats what happens
at 6am post-all-nighter!

"Malke" wrote:

> tungstentoaster wrote:
>
> > I would suggest deleting them in the MS-DOS environment booting your
> > computer on an MS-DOS boot disk and using "del C:\undo\<name of
> > infected file>.ini" for each.
>
> This will not be useful for the OP unless he has a) his XP installation
> on a FAT32 partition; b) or is using a specialized DOS boot disk that
> can read NTFS.
>
> To the OP: Make sure your NAV has the most current virus definitions and
> scan with it in Safe Mode. To get to Safe Mode, repeatedly tap the F8
> key as the computer is starting. This will get you to the proper menu.
> Do a thorough scan.
>
> If you are having difficulty seeing files/folders, make sure you have
> the Folder Options>View choices set to show all files and extensions.
> After you are completely sure your computer is clean, make a new System
> Restore point and delete all but that System Restore point from the
> More Options section of Disk Cleanup (Run>cleanmgr).
>
> Here are general malware removal steps. Do everything with updated tools
> in Safe Mode:
>
> 1) Scan in Safe Mode with current version (not earlier than 2003)
> antivirus using updated definitions.
>
> Before you remove malware, get LSPFix (or WinSockFix for XP which you
> can get from MajorGeeks) - see links below.
>
> 2) Remove spyware with Spybot Search & Destroy and Ad-aware. These
> programs are free, so use them both since they complement each other.
> There is a new version of CWShredder from Intermute. I would not
> install the other Intermute programs, however. Alternately, there are
> CoolWebSearch malware removal steps at SilentRunners.
>
> Be sure to update these programs before running, and it is a good idea
> to do virus/spyware scans in Safe Mode. Make sure you are able to see
> all hidden files and extensions (View tab in Folder Options).
>
> If the malware remains even after you used Ad-aware and Spybot, you can
> scan with HijackThis. HijackThis is an excellent tool to discover and
> disable hijackers, but it requires expert skill. See below for
> HijackThis links, including sites where you can post your HJT logs. A
> combination of HijackThis and About:Buster works well in removing the
> About:Blank homepage hijacker. Again, this is an expert tool and
> novices should get help with it.
>
> 3) If you are running Windows ME or XP, you should disable/enable System
> Restore because malware will be in the Restore Points. With ME, you
> must disable System Restore completely. With XP, you can delete all but
> the most recent (presumably clean) System Restore point from the More
> Options section of Disk Cleanup (Run>cleanmgr).
>
> 4) Make sure you've visited Windows Update and applied all security
> patches. Do not install driver updates from Windows Update.
>
> 5) Run a firewall.
>
> Links to help with malware:
>
> Software/Methods:
> http://www.safer-networking.org - Spybot Search & Destroy
> http://www.lavasoftusa.com - Ad-aware
> http://www.majorgeeks.com - good download site
> http://www.intermute.com/spysubtract/cwshredder_downloa...
> http://www.silentrunners.org/sr_cwsremoval.html. - SilentRunners
> http://www.cexx.org/lspfix.htm - Repair Winsock 2 settings after
> removing spyware
>
> HijackThis:
> http://www.aumha.org/a/hjttutor.htm - HijackThis tutorial by Jim
> Eshelman
> http://forum.aumha.org/
> http://spywarewarrior.com/viewforum.php?f=5 - Spyware Warrior HijackThis
> forum
> http://www.wilderssecurity.com/
> http://forums.tomcoyote.org/
>
> General:
> http://forum.aumha.org/ - look under "Security" for various forums
> http://rgharper.mvps.org/cleanit.htm
> http://mvps.org/winhelp2002/unwanted.htm
> http://www.aumha.org/a/parasite.htm - The Parasite Fight
> http://www.spywarewarrior.com/rogue_anti-spyware.htm
>
> Malke
> --
> MS MVP - Windows Shell/User
> Elephant Boy Computers
> www.elephantboycomputers.com
> "Don't Panic!"
>
Anonymous
January 25, 2005 11:33:08 AM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

Thanks for a very disciplined and useful answer, Malke. It is a good example
of how to help others.

"Malke" wrote:

> tungstentoaster wrote:
>
> > I would suggest deleting them in the MS-DOS environment booting your
> > computer on an MS-DOS boot disk and using "del C:\undo\<name of
> > infected file>.ini" for each.
>
> This will not be useful for the OP unless he has a) his XP installation
> on a FAT32 partition; b) or is using a specialized DOS boot disk that
> can read NTFS.
>
> To the OP: Make sure your NAV has the most current virus definitions and
> scan with it in Safe Mode. To get to Safe Mode, repeatedly tap the F8
> key as the computer is starting. This will get you to the proper menu.
> Do a thorough scan.
>
> If you are having difficulty seeing files/folders, make sure you have
> the Folder Options>View choices set to show all files and extensions.
> After you are completely sure your computer is clean, make a new System
> Restore point and delete all but that System Restore point from the
> More Options section of Disk Cleanup (Run>cleanmgr).
>
> Here are general malware removal steps. Do everything with updated tools
> in Safe Mode:
>
> 1) Scan in Safe Mode with current version (not earlier than 2003)
> antivirus using updated definitions.
>
> Before you remove malware, get LSPFix (or WinSockFix for XP which you
> can get from MajorGeeks) - see links below.
>
> 2) Remove spyware with Spybot Search & Destroy and Ad-aware. These
> programs are free, so use them both since they complement each other.
> There is a new version of CWShredder from Intermute. I would not
> install the other Intermute programs, however. Alternately, there are
> CoolWebSearch malware removal steps at SilentRunners.
>
> Be sure to update these programs before running, and it is a good idea
> to do virus/spyware scans in Safe Mode. Make sure you are able to see
> all hidden files and extensions (View tab in Folder Options).
>
> If the malware remains even after you used Ad-aware and Spybot, you can
> scan with HijackThis. HijackThis is an excellent tool to discover and
> disable hijackers, but it requires expert skill. See below for
> HijackThis links, including sites where you can post your HJT logs. A
> combination of HijackThis and About:Buster works well in removing the
> About:Blank homepage hijacker. Again, this is an expert tool and
> novices should get help with it.
>
> 3) If you are running Windows ME or XP, you should disable/enable System
> Restore because malware will be in the Restore Points. With ME, you
> must disable System Restore completely. With XP, you can delete all but
> the most recent (presumably clean) System Restore point from the More
> Options section of Disk Cleanup (Run>cleanmgr).
>
> 4) Make sure you've visited Windows Update and applied all security
> patches. Do not install driver updates from Windows Update.
>
> 5) Run a firewall.
>
> Links to help with malware:
>
> Software/Methods:
> http://www.safer-networking.org - Spybot Search & Destroy
> http://www.lavasoftusa.com - Ad-aware
> http://www.majorgeeks.com - good download site
> http://www.intermute.com/spysubtract/cwshredder_downloa...
> http://www.silentrunners.org/sr_cwsremoval.html. - SilentRunners
> http://www.cexx.org/lspfix.htm - Repair Winsock 2 settings after
> removing spyware
>
> HijackThis:
> http://www.aumha.org/a/hjttutor.htm - HijackThis tutorial by Jim
> Eshelman
> http://forum.aumha.org/
> http://spywarewarrior.com/viewforum.php?f=5 - Spyware Warrior HijackThis
> forum
> http://www.wilderssecurity.com/
> http://forums.tomcoyote.org/
>
> General:
> http://forum.aumha.org/ - look under "Security" for various forums
> http://rgharper.mvps.org/cleanit.htm
> http://mvps.org/winhelp2002/unwanted.htm
> http://www.aumha.org/a/parasite.htm - The Parasite Fight
> http://www.spywarewarrior.com/rogue_anti-spyware.htm
>
> Malke
> --
> MS MVP - Windows Shell/User
> Elephant Boy Computers
> www.elephantboycomputers.com
> "Don't Panic!"
>
!