Sign in with
Sign up | Sign in
Your question

Problem removing Bropia worm in Windows 98

Last response: in Windows 95/98/ME
Share
Anonymous
April 3, 2005 11:01:03 AM

Archived from groups: microsoft.public.win98.gen_discussion (More info?)

Hi,

I'm trying to clean a friend's computer running Win 98 that is infected with
the Bropia worm.

Running the fxBropia.exe tool results in the option to Continue or Cancel
after it scans about 10 files!

I'm guessing that a routine has been written in the worm to prevent tools
like this removing it, or to slow down the process?

I note from the Symantec site that advice is given for (Windows ME and XP)
to turn off System Restore in all drives prior to running the removal tool. I
assume this will prevent the above happening on these systems.

Is there anything that can be done on Windows 98 to allow for the removal of
this worm without having to cancel the Quit option continuously for (I'm
guessing at leat a week or so) ?
Anonymous
April 3, 2005 2:17:24 PM

Archived from groups: microsoft.public.win98.gen_discussion (More info?)

"Zakynthos" <Zakynthos@discussions.microsoft.com> wrote in message
news:4D2E24F9-3193-4F2C-9966-35DF0A5F858A@microsoft.com...

> I'm trying to clean a friend's computer running Win 98 that is infected
with
> the Bropia worm. . . .
> Is there anything that can be done on Windows 98 to allow for the removal
of
> this worm without having to cancel the Quit option continuously for (I'm
> guessing at leat a week or so) ?

The Windows OS will not let you delete an EXE
currently loaded, therefore is an unsuitable shell
for most tasks of virus removal. If you have identified
the name of any virus EXE file you can delete it in
DOS.

Better advice is available in specialized virus newsgroups.

--
Don Phillipson
Carlsbad Springs
(Ottawa, Canada)
Anonymous
April 3, 2005 4:00:09 PM

Archived from groups: microsoft.public.win98.gen_discussion (More info?)

"Zakynthos" <Zakynthos@discussions.microsoft.com> wrote in message news:4D2E24F9-3193-4F2C-9966-35DF0A5F858A@microsoft.com...
> Hi,
>
> I'm trying to clean a friend's computer running Win 98 that is infected with
> the Bropia worm.
>
> Running the fxBropia.exe tool results in the option to Continue or Cancel
> after it scans about 10 files!
>
> I'm guessing that a routine has been written in the worm to prevent tools
> like this removing it, or to slow down the process?

As Don said, you may have to boot to DOS to remove it. Google on "F-prot
for DOS".

> I note from the Symantec site that advice is given for (Windows ME and XP)
> to turn off System Restore in all drives prior to running the removal tool. I
> assume this will prevent the above happening on these systems.

That's just so the worm doesn't get saved to the restore archive.

>
> Is there anything that can be done on Windows 98 to allow for the removal of
> this worm without having to cancel the Quit option continuously for (I'm
> guessing at leat a week or so) ?

I don't know the details of how it loads, but safe mode might also be worth a shot.
Here's some more info-
http://www.trendmicro.com/vinfo/virusencyclo/default5.a...

(heh.. check out that sexy.jpg...)
Related resources
Can't find your answer ? Ask !
Anonymous
April 3, 2005 4:00:10 PM

Archived from groups: microsoft.public.win98.gen_discussion (More info?)

Thanks for your help. I've downloaded Fprot for dos on my computer, just to
have a look at it, trouble is I have windows 2000 professional, my friend
with the Bropia worm problem is running Win 98.

I've tried running the FxBropia.exe file on my own (uninfected) computer and
it scans just fine, so I still think that the Bropia worm has a routine to
counter any 'fixes'.

Is there any possibility I could run the FxBropia.exe file from DOS rather
than the FProt for Dos utility? If so, how exactly do I run it? Can you
provide step by step instructions?

Thanks for your help!

"Bill Blanton" wrote:

>
> "Zakynthos" <Zakynthos@discussions.microsoft.com> wrote in message news:4D2E24F9-3193-4F2C-9966-35DF0A5F858A@microsoft.com...
> > Hi,
> >
> > I'm trying to clean a friend's computer running Win 98 that is infected with
> > the Bropia worm.
> >
> > Running the fxBropia.exe tool results in the option to Continue or Cancel
> > after it scans about 10 files!
> >
> > I'm guessing that a routine has been written in the worm to prevent tools
> > like this removing it, or to slow down the process?
>
> As Don said, you may have to boot to DOS to remove it. Google on "F-prot
> for DOS".
>
> > I note from the Symantec site that advice is given for (Windows ME and XP)
> > to turn off System Restore in all drives prior to running the removal tool. I
> > assume this will prevent the above happening on these systems.
>
> That's just so the worm doesn't get saved to the restore archive.
>
> >
> > Is there anything that can be done on Windows 98 to allow for the removal of
> > this worm without having to cancel the Quit option continuously for (I'm
> > guessing at leat a week or so) ?
>
> I don't know the details of how it loads, but safe mode might also be worth a shot.
> Here's some more info-
> http://www.trendmicro.com/vinfo/virusencyclo/default5.a...
>
> (heh.. check out that sexy.jpg...)
>
>
>
>
>
Anonymous
April 3, 2005 6:45:10 PM

Archived from groups: microsoft.public.win98.gen_discussion (More info?)

Try safe mode. If that doesn't work we'll get you in DOS to run F-Prot.
When you boot the computer, just after the BIOS screen where it enumerates
the hardware (he may have a "splash" screen" hiding it) press and hold
F8. You should get a menu with an option for "Safe mode" Choose that
and run fxbropia.exe from there.

I doubt it is a DOS executable, and probably requires Windows to run.



"Zakynthos" <Zakynthos@discussions.microsoft.com> wrote in message news:D 32CABEC-5647-486B-983D-37E4AF26702E@microsoft.com...
> Thanks for your help. I've downloaded Fprot for dos on my computer, just to
> have a look at it, trouble is I have windows 2000 professional, my friend
> with the Bropia worm problem is running Win 98.
>
> I've tried running the FxBropia.exe file on my own (uninfected) computer and
> it scans just fine, so I still think that the Bropia worm has a routine to
> counter any 'fixes'.
>
> Is there any possibility I could run the FxBropia.exe file from DOS rather
> than the FProt for Dos utility? If so, how exactly do I run it? Can you
> provide step by step instructions?
>
> Thanks for your help!
>
> "Bill Blanton" wrote:
>
>>
>> "Zakynthos" <Zakynthos@discussions.microsoft.com> wrote in message news:4D2E24F9-3193-4F2C-9966-35DF0A5F858A@microsoft.com...
>> > Hi,
>> >
>> > I'm trying to clean a friend's computer running Win 98 that is infected with
>> > the Bropia worm.
>> >
>> > Running the fxBropia.exe tool results in the option to Continue or Cancel
>> > after it scans about 10 files!
>> >
>> > I'm guessing that a routine has been written in the worm to prevent tools
>> > like this removing it, or to slow down the process?
>>
>> As Don said, you may have to boot to DOS to remove it. Google on "F-prot
>> for DOS".
>>
>> > I note from the Symantec site that advice is given for (Windows ME and XP)
>> > to turn off System Restore in all drives prior to running the removal tool. I
>> > assume this will prevent the above happening on these systems.
>>
>> That's just so the worm doesn't get saved to the restore archive.
>>
>> >
>> > Is there anything that can be done on Windows 98 to allow for the removal of
>> > this worm without having to cancel the Quit option continuously for (I'm
>> > guessing at leat a week or so) ?
>>
>> I don't know the details of how it loads, but safe mode might also be worth a shot.
>> Here's some more info-
>> http://www.trendmicro.com/vinfo/virusencyclo/default5.a...
>>
>> (heh.. check out that sexy.jpg...)
>>
>>
>>
>>
>>
Anonymous
April 3, 2005 7:45:16 PM

Archived from groups: microsoft.public.win98.gen_discussion (More info?)

"Bill Blanton" <bblanton@REMOVEmagicnet.net> wrote in message
news:%23Zm$zYGOFHA.3076@tk2msftngp13.phx.gbl...
>> I note from the Symantec site that advice is given for (Windows ME and XP)
>> to turn off System Restore in all drives prior to running the removal tool. I
>> assume this will prevent the above happening on these systems.
>
> That's just so the worm doesn't get saved to the restore archive.

I believe it will have already been introduced into a Restore point, and the
reason to turn off Restore is to remove any Restore points so the worm will not
be re-introduced into the OS if anyone runs a restore after removal of the worm.


--

Brian A. Sesko
<>MS MVP<>Shell/User<>
Conflicts start where information lacks.
http://www.dts-l.org/goodpost.htm
Anonymous
April 3, 2005 7:54:08 PM

Archived from groups: microsoft.public.win98.gen_discussion (More info?)

More precise info:
<quote>
If you are running Windows Me or Windows XP, we recommend that you temporarily
turn off System Restore. Windows Me/XP uses this feature, which is enabled by
default, to restore the files on your computer in case they become damaged. If a
virus, worm, or Trojan infects a computer, System Restore may back up the virus,
worm, or Trojan on the computer.

Windows prevents outside programs, including antivirus programs, from modifying
System Restore. Therefore, antivirus programs or tools cannot remove threats in
the System Restore folder. As a result, System Restore has the potential of
restoring an infected file on your computer, even after you have cleaned the
infected files from all the other locations.

Also, a virus scan may detect a threat in the System Restore folder even though
you have removed the threat.
</quote>


--

Brian A. Sesko
<>MS MVP<>Shell/User<>
Conflicts start where information lacks.
http://www.dts-l.org/goodpost.htm
Anonymous
April 3, 2005 8:05:04 PM

Archived from groups: microsoft.public.win98.gen_discussion (More info?)

If NAV is installed follow the suggested removal form Symantec and skip the
removal exe.

If you have trouble running LiveUpdate, try using the Intelligent Updater. There
are instructions for machines that can/can't connect to the internet.
How to update virus definition files using the Intelligent Updater
http://service1.symantec.com/SUPPORT/nav.nsf/docid/1998...

or if the link breaks:
http://tinyurl.com/ybiq

If the machine is able to connect you could also try running an online scan.
After running online I suggest running a full system scan from the app installed
on the machine.
Symantec Security Check
http://security.symantec.com/sscv6/home.asp?productid=s...

or if link breaks:
http://tinyurl.com/66swg

--

Brian A. Sesko
<>MS MVP<>Shell/User<>
Conflicts start where information lacks.
http://www.dts-l.org/goodpost.htm




"Zakynthos" <Zakynthos@discussions.microsoft.com> wrote in message
news:4D2E24F9-3193-4F2C-9966-35DF0A5F858A@microsoft.com...
> Hi,
>
> I'm trying to clean a friend's computer running Win 98 that is infected with
> the Bropia worm.
>
> Running the fxBropia.exe tool results in the option to Continue or Cancel
> after it scans about 10 files!
>
> I'm guessing that a routine has been written in the worm to prevent tools
> like this removing it, or to slow down the process?
>
> I note from the Symantec site that advice is given for (Windows ME and XP)
> to turn off System Restore in all drives prior to running the removal tool. I
> assume this will prevent the above happening on these systems.
>
> Is there anything that can be done on Windows 98 to allow for the removal of
> this worm without having to cancel the Quit option continuously for (I'm
> guessing at leat a week or so) ?
>
Anonymous
April 3, 2005 9:01:30 PM

Archived from groups: microsoft.public.win98.gen_discussion (More info?)

"Brian A." <gonefish'n@afarawaylake> wrote in message news:o E0DE4IOFHA.1948@TK2MSFTNGP14.phx.gbl...
> "Bill Blanton" <bblanton@REMOVEmagicnet.net> wrote in message news:%23Zm$zYGOFHA.3076@tk2msftngp13.phx.gbl...
>>> I note from the Symantec site that advice is given for (Windows ME and XP)
>>> to turn off System Restore in all drives prior to running the removal tool. I
>>> assume this will prevent the above happening on these systems.
>>
>> That's just so the worm doesn't get saved to the restore archive.
>
> I believe it will have already been introduced into a Restore point, and the reason to turn off Restore is to remove any Restore
> points so the worm will not be re-introduced into the OS if anyone runs a restore after removal of the worm.

Right. For some reason, I was (wrongly) thinking of the mechanics behind SFP,
which doesn't apply in this case.
Anonymous
April 3, 2005 10:53:16 PM

Archived from groups: microsoft.public.win98.gen_discussion (More info?)

"Bill Blanton" <bblanton@REMOVEmagicnet.net> wrote in message
news:%23Zm$zYGOFHA.3076@tk2msftngp13.phx.gbl...
|
....snip
| Here's some more info-
|
http://www.trendmicro.com/vinfo/virusencyclo/default5.a...
|
| (heh.. check out that sexy.jpg...)
|

Yuck! Off with it's head! Again!


--
Thanks or Good Luck,
There may be humor in this post, and,
Naturally, you will not sue,
should things get worse after this,
PCR
pcrrcp@netzero.net
Anonymous
April 3, 2005 11:18:04 PM

Archived from groups: microsoft.public.win98.gen_discussion (More info?)

Brian
I gather there are two schools of thought on this one. I would prefer
to leave System Restore alone until the infected virus is removed.
That way if a major problem surfaces when removing the virus, at least
one can use SR to restore the system to a workable environment. Once
satisfied that the virus has been eliminated, one can always purge the
SR file and set a new restore point.
Just a different point of view.

Dan

"Brian A." <gonefish'n@afarawaylake> wrote in message
news:%23uIRB9IOFHA.440@TK2MSFTNGP10.phx.gbl...
> More precise info:
> <quote>
> If you are running Windows Me or Windows XP, we recommend that you
temporarily
> turn off System Restore. Windows Me/XP uses this feature, which is
enabled by
> default, to restore the files on your computer in case they become
damaged. If a
> virus, worm, or Trojan infects a computer, System Restore may back
up the virus,
> worm, or Trojan on the computer.
>
> Windows prevents outside programs, including antivirus programs,
from modifying
> System Restore. Therefore, antivirus programs or tools cannot remove
threats in
> the System Restore folder. As a result, System Restore has the
potential of
> restoring an infected file on your computer, even after you have
cleaned the
> infected files from all the other locations.
>
> Also, a virus scan may detect a threat in the System Restore folder
even though
> you have removed the threat.
> </quote>
>
>
> --
>
> Brian A. Sesko
> <>MS MVP<>Shell/User<>
> Conflicts start where information lacks.
> http://www.dts-l.org/goodpost.htm
>
>
Anonymous
April 3, 2005 11:18:05 PM

Archived from groups: microsoft.public.win98.gen_discussion (More info?)

Actually it would be in between my quote and what you mention. All restore
points except for one should be removed in case you needed to fall back due to
complications.

--

Brian A. Sesko
<>MS MVP<>Shell/User<>
Conflicts start where information lacks.
http://www.dts-l.org/goodpost.htm




"Dapper Dan" <dapperdan@home.com> wrote in message
news:o 7y2vNKOFHA.3828@TK2MSFTNGP10.phx.gbl...
> Brian
> I gather there are two schools of thought on this one. I would prefer
> to leave System Restore alone until the infected virus is removed.
> That way if a major problem surfaces when removing the virus, at least
> one can use SR to restore the system to a workable environment. Once
> satisfied that the virus has been eliminated, one can always purge the
> SR file and set a new restore point.
> Just a different point of view.
>
> Dan
>
> "Brian A." <gonefish'n@afarawaylake> wrote in message
> news:%23uIRB9IOFHA.440@TK2MSFTNGP10.phx.gbl...
>> More precise info:
>> <quote>
>> If you are running Windows Me or Windows XP, we recommend that you
> temporarily
>> turn off System Restore. Windows Me/XP uses this feature, which is
> enabled by
>> default, to restore the files on your computer in case they become
> damaged. If a
>> virus, worm, or Trojan infects a computer, System Restore may back
> up the virus,
>> worm, or Trojan on the computer.
>>
>> Windows prevents outside programs, including antivirus programs,
> from modifying
>> System Restore. Therefore, antivirus programs or tools cannot remove
> threats in
>> the System Restore folder. As a result, System Restore has the
> potential of
>> restoring an infected file on your computer, even after you have
> cleaned the
>> infected files from all the other locations.
>>
>> Also, a virus scan may detect a threat in the System Restore folder
> even though
>> you have removed the threat.
>> </quote>
>>
>>
>> --
>>
>> Brian A. Sesko
>> <>MS MVP<>Shell/User<>
>> Conflicts start where information lacks.
>> http://www.dts-l.org/goodpost.htm
>>
>>
>
Anonymous
April 4, 2005 5:05:57 AM

Archived from groups: microsoft.public.win98.gen_discussion (More info?)

....and this is best done AFTER the malware has been cleaned off the system, so that
you have a restore point available if the malware cleaning goes awry. Then, Disk
CleanUp can be used to remove all restore points but the most recent. Of course,
none of that is relevant to Win98..... ;-)
--
Glen Ventura, MS MVP Shell/User, A+
http://dts-l.org/goodpost.htm
http://www.microsoft.com/communities/conduct/default.ms...


"Brian A." <gonefish'n@afarawaylake> wrote in message
news:e52jzmKOFHA.1392@TK2MSFTNGP10.phx.gbl...
> Actually it would be in between my quote and what you mention. All restore
> points except for one should be removed in case you needed to fall back due to
> complications.
>
> --
>
> Brian A. Sesko
> <>MS MVP<>Shell/User<>
> Conflicts start where information lacks.
> http://www.dts-l.org/goodpost.htm
>
>
>
>
> "Dapper Dan" <dapperdan@home.com> wrote in message
> news:o 7y2vNKOFHA.3828@TK2MSFTNGP10.phx.gbl...
> > Brian
> > I gather there are two schools of thought on this one. I would prefer
> > to leave System Restore alone until the infected virus is removed.
> > That way if a major problem surfaces when removing the virus, at least
> > one can use SR to restore the system to a workable environment. Once
> > satisfied that the virus has been eliminated, one can always purge the
> > SR file and set a new restore point.
> > Just a different point of view.
> >
> > Dan
> >
> > "Brian A." <gonefish'n@afarawaylake> wrote in message
> > news:%23uIRB9IOFHA.440@TK2MSFTNGP10.phx.gbl...
> >> More precise info:
> >> <quote>
> >> If you are running Windows Me or Windows XP, we recommend that you
> > temporarily
> >> turn off System Restore. Windows Me/XP uses this feature, which is
> > enabled by
> >> default, to restore the files on your computer in case they become
> > damaged. If a
> >> virus, worm, or Trojan infects a computer, System Restore may back
> > up the virus,
> >> worm, or Trojan on the computer.
> >>
> >> Windows prevents outside programs, including antivirus programs,
> > from modifying
> >> System Restore. Therefore, antivirus programs or tools cannot remove
> > threats in
> >> the System Restore folder. As a result, System Restore has the
> > potential of
> >> restoring an infected file on your computer, even after you have
> > cleaned the
> >> infected files from all the other locations.
> >>
> >> Also, a virus scan may detect a threat in the System Restore folder
> > even though
> >> you have removed the threat.
> >> </quote>
> >>
> >>
> >> --
> >>
> >> Brian A. Sesko
> >> <>MS MVP<>Shell/User<>
> >> Conflicts start where information lacks.
> >> http://www.dts-l.org/goodpost.htm
> >>
> >>
> >
>
Anonymous
April 4, 2005 4:33:01 PM

Archived from groups: microsoft.public.win98.gen_discussion (More info?)

Ran in Safe Mode but couldn't find Bropia.

Read a similar problem in a newsgroup, esp. regarding having to answer Yes
or Cancel etc, and turned out that the 'Bropia' was in fact a variant serflog
or surflog.

I've suggested my friend tries the 'fix' for this first of all, but failing
that, how do you run the FProt for Dos on a Windows 98 computer?

"Bill Blanton" wrote:

> Try safe mode. If that doesn't work we'll get you in DOS to run F-Prot.
> When you boot the computer, just after the BIOS screen where it enumerates
> the hardware (he may have a "splash" screen" hiding it) press and hold
> F8. You should get a menu with an option for "Safe mode" Choose that
> and run fxbropia.exe from there.
>
> I doubt it is a DOS executable, and probably requires Windows to run.
>
>
>
> "Zakynthos" <Zakynthos@discussions.microsoft.com> wrote in message news:D 32CABEC-5647-486B-983D-37E4AF26702E@microsoft.com...
> > Thanks for your help. I've downloaded Fprot for dos on my computer, just to
> > have a look at it, trouble is I have windows 2000 professional, my friend
> > with the Bropia worm problem is running Win 98.
> >
> > I've tried running the FxBropia.exe file on my own (uninfected) computer and
> > it scans just fine, so I still think that the Bropia worm has a routine to
> > counter any 'fixes'.
> >
> > Is there any possibility I could run the FxBropia.exe file from DOS rather
> > than the FProt for Dos utility? If so, how exactly do I run it? Can you
> > provide step by step instructions?
> >
> > Thanks for your help!
> >
> > "Bill Blanton" wrote:
> >
> >>
> >> "Zakynthos" <Zakynthos@discussions.microsoft.com> wrote in message news:4D2E24F9-3193-4F2C-9966-35DF0A5F858A@microsoft.com...
> >> > Hi,
> >> >
> >> > I'm trying to clean a friend's computer running Win 98 that is infected with
> >> > the Bropia worm.
> >> >
> >> > Running the fxBropia.exe tool results in the option to Continue or Cancel
> >> > after it scans about 10 files!
> >> >
> >> > I'm guessing that a routine has been written in the worm to prevent tools
> >> > like this removing it, or to slow down the process?
> >>
> >> As Don said, you may have to boot to DOS to remove it. Google on "F-prot
> >> for DOS".
> >>
> >> > I note from the Symantec site that advice is given for (Windows ME and XP)
> >> > to turn off System Restore in all drives prior to running the removal tool. I
> >> > assume this will prevent the above happening on these systems.
> >>
> >> That's just so the worm doesn't get saved to the restore archive.
> >>
> >> >
> >> > Is there anything that can be done on Windows 98 to allow for the removal of
> >> > this worm without having to cancel the Quit option continuously for (I'm
> >> > guessing at leat a week or so) ?
> >>
> >> I don't know the details of how it loads, but safe mode might also be worth a shot.
> >> Here's some more info-
> >> http://www.trendmicro.com/vinfo/virusencyclo/default5.a...
> >>
> >> (heh.. check out that sexy.jpg...)
> >>
> >>
> >>
> >>
> >>
>
>
>
Anonymous
April 5, 2005 3:42:20 AM

Archived from groups: microsoft.public.win98.gen_discussion (More info?)

Since you're not familiar with DOS, you might try McAfee's Stinger from a
safe-mode boot first. It's limited in its scope but does it deal with that particular
worm.
http://vil.nai.com/vil/stinger/


To run F-prot, download it from
http://files.f-prot.com/files/dos/f-prot.zip

Create a new folder off the root, (say) c:\f-prot.
Unzip the contents to that folder.
Boot to DOS using the Windows startup menu, and at the prompt enter:

C:\F-PROT\F-PROT




"Zakynthos" <Zakynthos@discussions.microsoft.com> wrote in message news:41609809-9F33-4899-962D-2F9DBB948BB1@microsoft.com...
> Ran in Safe Mode but couldn't find Bropia.
>
> Read a similar problem in a newsgroup, esp. regarding having to answer Yes
> or Cancel etc, and turned out that the 'Bropia' was in fact a variant serflog
> or surflog.
>
> I've suggested my friend tries the 'fix' for this first of all, but failing
> that, how do you run the FProt for Dos on a Windows 98 computer?
>
> "Bill Blanton" wrote:
>
>> Try safe mode. If that doesn't work we'll get you in DOS to run F-Prot.
>> When you boot the computer, just after the BIOS screen where it enumerates
>> the hardware (he may have a "splash" screen" hiding it) press and hold
>> F8. You should get a menu with an option for "Safe mode" Choose that
>> and run fxbropia.exe from there.
>>
>> I doubt it is a DOS executable, and probably requires Windows to run.
>>
>>
>>
>> "Zakynthos" <Zakynthos@discussions.microsoft.com> wrote in message news:D 32CABEC-5647-486B-983D-37E4AF26702E@microsoft.com...
>> > Thanks for your help. I've downloaded Fprot for dos on my computer, just to
>> > have a look at it, trouble is I have windows 2000 professional, my friend
>> > with the Bropia worm problem is running Win 98.
>> >
>> > I've tried running the FxBropia.exe file on my own (uninfected) computer and
>> > it scans just fine, so I still think that the Bropia worm has a routine to
>> > counter any 'fixes'.
>> >
>> > Is there any possibility I could run the FxBropia.exe file from DOS rather
>> > than the FProt for Dos utility? If so, how exactly do I run it? Can you
>> > provide step by step instructions?
>> >
>> > Thanks for your help!
>> >
>> > "Bill Blanton" wrote:
>> >
>> >>
>> >> "Zakynthos" <Zakynthos@discussions.microsoft.com> wrote in message news:4D2E24F9-3193-4F2C-9966-35DF0A5F858A@microsoft.com...
>> >> > Hi,
>> >> >
>> >> > I'm trying to clean a friend's computer running Win 98 that is infected with
>> >> > the Bropia worm.
>> >> >
>> >> > Running the fxBropia.exe tool results in the option to Continue or Cancel
>> >> > after it scans about 10 files!
>> >> >
>> >> > I'm guessing that a routine has been written in the worm to prevent tools
>> >> > like this removing it, or to slow down the process?
>> >>
>> >> As Don said, you may have to boot to DOS to remove it. Google on "F-prot
>> >> for DOS".
>> >>
>> >> > I note from the Symantec site that advice is given for (Windows ME and XP)
>> >> > to turn off System Restore in all drives prior to running the removal tool. I
>> >> > assume this will prevent the above happening on these systems.
>> >>
>> >> That's just so the worm doesn't get saved to the restore archive.
>> >>
>> >> >
>> >> > Is there anything that can be done on Windows 98 to allow for the removal of
>> >> > this worm without having to cancel the Quit option continuously for (I'm
>> >> > guessing at leat a week or so) ?
>> >>
>> >> I don't know the details of how it loads, but safe mode might also be worth a shot.
>> >> Here's some more info-
>> >> http://www.trendmicro.com/vinfo/virusencyclo/default5.a...
>> >>
>> >> (heh.. check out that sexy.jpg...)
>> >>
>> >>
>> >>
>> >>
>> >>
>>
>>
>>
!