Problem removing Bropia worm in Windows 98

Archived from groups: microsoft.public.win98.gen_discussion (More info?)

Hi,

I'm trying to clean a friend's computer running Win 98 that is infected with
the Bropia worm.

Running the fxBropia.exe tool results in the option to Continue or Cancel
after it scans about 10 files!

I'm guessing that a routine has been written in the worm to prevent tools
like this removing it, or to slow down the process?

I note from the Symantec site that advice is given for (Windows ME and XP)
to turn off System Restore in all drives prior to running the removal tool. I
assume this will prevent the above happening on these systems.

Is there anything that can be done on Windows 98 to allow for the removal of
this worm without having to cancel the Quit option continuously for (I'm
guessing at leat a week or so) ?
14 answers Last reply
More about problem removing bropia worm windows
  1. Archived from groups: microsoft.public.win98.gen_discussion (More info?)

    "Zakynthos" <Zakynthos@discussions.microsoft.com> wrote in message
    news:4D2E24F9-3193-4F2C-9966-35DF0A5F858A@microsoft.com...

    > I'm trying to clean a friend's computer running Win 98 that is infected
    with
    > the Bropia worm. . . .
    > Is there anything that can be done on Windows 98 to allow for the removal
    of
    > this worm without having to cancel the Quit option continuously for (I'm
    > guessing at leat a week or so) ?

    The Windows OS will not let you delete an EXE
    currently loaded, therefore is an unsuitable shell
    for most tasks of virus removal. If you have identified
    the name of any virus EXE file you can delete it in
    DOS.

    Better advice is available in specialized virus newsgroups.

    --
    Don Phillipson
    Carlsbad Springs
    (Ottawa, Canada)
  2. Archived from groups: microsoft.public.win98.gen_discussion (More info?)

    "Zakynthos" <Zakynthos@discussions.microsoft.com> wrote in message news:4D2E24F9-3193-4F2C-9966-35DF0A5F858A@microsoft.com...
    > Hi,
    >
    > I'm trying to clean a friend's computer running Win 98 that is infected with
    > the Bropia worm.
    >
    > Running the fxBropia.exe tool results in the option to Continue or Cancel
    > after it scans about 10 files!
    >
    > I'm guessing that a routine has been written in the worm to prevent tools
    > like this removing it, or to slow down the process?

    As Don said, you may have to boot to DOS to remove it. Google on "F-prot
    for DOS".

    > I note from the Symantec site that advice is given for (Windows ME and XP)
    > to turn off System Restore in all drives prior to running the removal tool. I
    > assume this will prevent the above happening on these systems.

    That's just so the worm doesn't get saved to the restore archive.

    >
    > Is there anything that can be done on Windows 98 to allow for the removal of
    > this worm without having to cancel the Quit option continuously for (I'm
    > guessing at leat a week or so) ?

    I don't know the details of how it loads, but safe mode might also be worth a shot.
    Here's some more info-
    http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_BROPIA.F

    (heh.. check out that sexy.jpg...)
  3. Archived from groups: microsoft.public.win98.gen_discussion (More info?)

    Thanks for your help. I've downloaded Fprot for dos on my computer, just to
    have a look at it, trouble is I have windows 2000 professional, my friend
    with the Bropia worm problem is running Win 98.

    I've tried running the FxBropia.exe file on my own (uninfected) computer and
    it scans just fine, so I still think that the Bropia worm has a routine to
    counter any 'fixes'.

    Is there any possibility I could run the FxBropia.exe file from DOS rather
    than the FProt for Dos utility? If so, how exactly do I run it? Can you
    provide step by step instructions?

    Thanks for your help!

    "Bill Blanton" wrote:

    >
    > "Zakynthos" <Zakynthos@discussions.microsoft.com> wrote in message news:4D2E24F9-3193-4F2C-9966-35DF0A5F858A@microsoft.com...
    > > Hi,
    > >
    > > I'm trying to clean a friend's computer running Win 98 that is infected with
    > > the Bropia worm.
    > >
    > > Running the fxBropia.exe tool results in the option to Continue or Cancel
    > > after it scans about 10 files!
    > >
    > > I'm guessing that a routine has been written in the worm to prevent tools
    > > like this removing it, or to slow down the process?
    >
    > As Don said, you may have to boot to DOS to remove it. Google on "F-prot
    > for DOS".
    >
    > > I note from the Symantec site that advice is given for (Windows ME and XP)
    > > to turn off System Restore in all drives prior to running the removal tool. I
    > > assume this will prevent the above happening on these systems.
    >
    > That's just so the worm doesn't get saved to the restore archive.
    >
    > >
    > > Is there anything that can be done on Windows 98 to allow for the removal of
    > > this worm without having to cancel the Quit option continuously for (I'm
    > > guessing at leat a week or so) ?
    >
    > I don't know the details of how it loads, but safe mode might also be worth a shot.
    > Here's some more info-
    > http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_BROPIA.F
    >
    > (heh.. check out that sexy.jpg...)
    >
    >
    >
    >
    >
  4. Archived from groups: microsoft.public.win98.gen_discussion (More info?)

    Try safe mode. If that doesn't work we'll get you in DOS to run F-Prot.
    When you boot the computer, just after the BIOS screen where it enumerates
    the hardware (he may have a "splash" screen" hiding it) press and hold
    F8. You should get a menu with an option for "Safe mode" Choose that
    and run fxbropia.exe from there.

    I doubt it is a DOS executable, and probably requires Windows to run.


    "Zakynthos" <Zakynthos@discussions.microsoft.com> wrote in message news:D32CABEC-5647-486B-983D-37E4AF26702E@microsoft.com...
    > Thanks for your help. I've downloaded Fprot for dos on my computer, just to
    > have a look at it, trouble is I have windows 2000 professional, my friend
    > with the Bropia worm problem is running Win 98.
    >
    > I've tried running the FxBropia.exe file on my own (uninfected) computer and
    > it scans just fine, so I still think that the Bropia worm has a routine to
    > counter any 'fixes'.
    >
    > Is there any possibility I could run the FxBropia.exe file from DOS rather
    > than the FProt for Dos utility? If so, how exactly do I run it? Can you
    > provide step by step instructions?
    >
    > Thanks for your help!
    >
    > "Bill Blanton" wrote:
    >
    >>
    >> "Zakynthos" <Zakynthos@discussions.microsoft.com> wrote in message news:4D2E24F9-3193-4F2C-9966-35DF0A5F858A@microsoft.com...
    >> > Hi,
    >> >
    >> > I'm trying to clean a friend's computer running Win 98 that is infected with
    >> > the Bropia worm.
    >> >
    >> > Running the fxBropia.exe tool results in the option to Continue or Cancel
    >> > after it scans about 10 files!
    >> >
    >> > I'm guessing that a routine has been written in the worm to prevent tools
    >> > like this removing it, or to slow down the process?
    >>
    >> As Don said, you may have to boot to DOS to remove it. Google on "F-prot
    >> for DOS".
    >>
    >> > I note from the Symantec site that advice is given for (Windows ME and XP)
    >> > to turn off System Restore in all drives prior to running the removal tool. I
    >> > assume this will prevent the above happening on these systems.
    >>
    >> That's just so the worm doesn't get saved to the restore archive.
    >>
    >> >
    >> > Is there anything that can be done on Windows 98 to allow for the removal of
    >> > this worm without having to cancel the Quit option continuously for (I'm
    >> > guessing at leat a week or so) ?
    >>
    >> I don't know the details of how it loads, but safe mode might also be worth a shot.
    >> Here's some more info-
    >> http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_BROPIA.F
    >>
    >> (heh.. check out that sexy.jpg...)
    >>
    >>
    >>
    >>
    >>
  5. Archived from groups: microsoft.public.win98.gen_discussion (More info?)

    "Bill Blanton" <bblanton@REMOVEmagicnet.net> wrote in message
    news:%23Zm$zYGOFHA.3076@tk2msftngp13.phx.gbl...
    >> I note from the Symantec site that advice is given for (Windows ME and XP)
    >> to turn off System Restore in all drives prior to running the removal tool. I
    >> assume this will prevent the above happening on these systems.
    >
    > That's just so the worm doesn't get saved to the restore archive.

    I believe it will have already been introduced into a Restore point, and the
    reason to turn off Restore is to remove any Restore points so the worm will not
    be re-introduced into the OS if anyone runs a restore after removal of the worm.


    --

    Brian A. Sesko
    <>MS MVP<>Shell/User<>
    Conflicts start where information lacks.
    http://www.dts-l.org/goodpost.htm
  6. Archived from groups: microsoft.public.win98.gen_discussion (More info?)

    More precise info:
    <quote>
    If you are running Windows Me or Windows XP, we recommend that you temporarily
    turn off System Restore. Windows Me/XP uses this feature, which is enabled by
    default, to restore the files on your computer in case they become damaged. If a
    virus, worm, or Trojan infects a computer, System Restore may back up the virus,
    worm, or Trojan on the computer.

    Windows prevents outside programs, including antivirus programs, from modifying
    System Restore. Therefore, antivirus programs or tools cannot remove threats in
    the System Restore folder. As a result, System Restore has the potential of
    restoring an infected file on your computer, even after you have cleaned the
    infected files from all the other locations.

    Also, a virus scan may detect a threat in the System Restore folder even though
    you have removed the threat.
    </quote>


    --

    Brian A. Sesko
    <>MS MVP<>Shell/User<>
    Conflicts start where information lacks.
    http://www.dts-l.org/goodpost.htm
  7. Archived from groups: microsoft.public.win98.gen_discussion (More info?)

    If NAV is installed follow the suggested removal form Symantec and skip the
    removal exe.

    If you have trouble running LiveUpdate, try using the Intelligent Updater. There
    are instructions for machines that can/can't connect to the internet.
    How to update virus definition files using the Intelligent Updater
    http://service1.symantec.com/SUPPORT/nav.nsf/docid/1998082013035306?OpenDocument&src=sec_doc_nam

    or if the link breaks:
    http://tinyurl.com/ybiq

    If the machine is able to connect you could also try running an online scan.
    After running online I suggest running a full system scan from the app installed
    on the machine.
    Symantec Security Check
    http://security.symantec.com/sscv6/home.asp?productid=symhome&langid=ie&venid=sym&close_parent=true&bhcp=1

    or if link breaks:
    http://tinyurl.com/66swg

    --

    Brian A. Sesko
    <>MS MVP<>Shell/User<>
    Conflicts start where information lacks.
    http://www.dts-l.org/goodpost.htm


    "Zakynthos" <Zakynthos@discussions.microsoft.com> wrote in message
    news:4D2E24F9-3193-4F2C-9966-35DF0A5F858A@microsoft.com...
    > Hi,
    >
    > I'm trying to clean a friend's computer running Win 98 that is infected with
    > the Bropia worm.
    >
    > Running the fxBropia.exe tool results in the option to Continue or Cancel
    > after it scans about 10 files!
    >
    > I'm guessing that a routine has been written in the worm to prevent tools
    > like this removing it, or to slow down the process?
    >
    > I note from the Symantec site that advice is given for (Windows ME and XP)
    > to turn off System Restore in all drives prior to running the removal tool. I
    > assume this will prevent the above happening on these systems.
    >
    > Is there anything that can be done on Windows 98 to allow for the removal of
    > this worm without having to cancel the Quit option continuously for (I'm
    > guessing at leat a week or so) ?
    >
  8. Archived from groups: microsoft.public.win98.gen_discussion (More info?)

    "Brian A." <gonefish'n@afarawaylake> wrote in message news:OE0DE4IOFHA.1948@TK2MSFTNGP14.phx.gbl...
    > "Bill Blanton" <bblanton@REMOVEmagicnet.net> wrote in message news:%23Zm$zYGOFHA.3076@tk2msftngp13.phx.gbl...
    >>> I note from the Symantec site that advice is given for (Windows ME and XP)
    >>> to turn off System Restore in all drives prior to running the removal tool. I
    >>> assume this will prevent the above happening on these systems.
    >>
    >> That's just so the worm doesn't get saved to the restore archive.
    >
    > I believe it will have already been introduced into a Restore point, and the reason to turn off Restore is to remove any Restore
    > points so the worm will not be re-introduced into the OS if anyone runs a restore after removal of the worm.

    Right. For some reason, I was (wrongly) thinking of the mechanics behind SFP,
    which doesn't apply in this case.
  9. Archived from groups: microsoft.public.win98.gen_discussion (More info?)

    "Bill Blanton" <bblanton@REMOVEmagicnet.net> wrote in message
    news:%23Zm$zYGOFHA.3076@tk2msftngp13.phx.gbl...
    |
    ....snip
    | Here's some more info-
    |
    http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_BROPIA.F
    |
    | (heh.. check out that sexy.jpg...)
    |

    Yuck! Off with it's head! Again!


    --
    Thanks or Good Luck,
    There may be humor in this post, and,
    Naturally, you will not sue,
    should things get worse after this,
    PCR
    pcrrcp@netzero.net
  10. Archived from groups: microsoft.public.win98.gen_discussion (More info?)

    Brian
    I gather there are two schools of thought on this one. I would prefer
    to leave System Restore alone until the infected virus is removed.
    That way if a major problem surfaces when removing the virus, at least
    one can use SR to restore the system to a workable environment. Once
    satisfied that the virus has been eliminated, one can always purge the
    SR file and set a new restore point.
    Just a different point of view.

    Dan

    "Brian A." <gonefish'n@afarawaylake> wrote in message
    news:%23uIRB9IOFHA.440@TK2MSFTNGP10.phx.gbl...
    > More precise info:
    > <quote>
    > If you are running Windows Me or Windows XP, we recommend that you
    temporarily
    > turn off System Restore. Windows Me/XP uses this feature, which is
    enabled by
    > default, to restore the files on your computer in case they become
    damaged. If a
    > virus, worm, or Trojan infects a computer, System Restore may back
    up the virus,
    > worm, or Trojan on the computer.
    >
    > Windows prevents outside programs, including antivirus programs,
    from modifying
    > System Restore. Therefore, antivirus programs or tools cannot remove
    threats in
    > the System Restore folder. As a result, System Restore has the
    potential of
    > restoring an infected file on your computer, even after you have
    cleaned the
    > infected files from all the other locations.
    >
    > Also, a virus scan may detect a threat in the System Restore folder
    even though
    > you have removed the threat.
    > </quote>
    >
    >
    > --
    >
    > Brian A. Sesko
    > <>MS MVP<>Shell/User<>
    > Conflicts start where information lacks.
    > http://www.dts-l.org/goodpost.htm
    >
    >
  11. Archived from groups: microsoft.public.win98.gen_discussion (More info?)

    Actually it would be in between my quote and what you mention. All restore
    points except for one should be removed in case you needed to fall back due to
    complications.

    --

    Brian A. Sesko
    <>MS MVP<>Shell/User<>
    Conflicts start where information lacks.
    http://www.dts-l.org/goodpost.htm


    "Dapper Dan" <dapperdan@home.com> wrote in message
    news:O7y2vNKOFHA.3828@TK2MSFTNGP10.phx.gbl...
    > Brian
    > I gather there are two schools of thought on this one. I would prefer
    > to leave System Restore alone until the infected virus is removed.
    > That way if a major problem surfaces when removing the virus, at least
    > one can use SR to restore the system to a workable environment. Once
    > satisfied that the virus has been eliminated, one can always purge the
    > SR file and set a new restore point.
    > Just a different point of view.
    >
    > Dan
    >
    > "Brian A." <gonefish'n@afarawaylake> wrote in message
    > news:%23uIRB9IOFHA.440@TK2MSFTNGP10.phx.gbl...
    >> More precise info:
    >> <quote>
    >> If you are running Windows Me or Windows XP, we recommend that you
    > temporarily
    >> turn off System Restore. Windows Me/XP uses this feature, which is
    > enabled by
    >> default, to restore the files on your computer in case they become
    > damaged. If a
    >> virus, worm, or Trojan infects a computer, System Restore may back
    > up the virus,
    >> worm, or Trojan on the computer.
    >>
    >> Windows prevents outside programs, including antivirus programs,
    > from modifying
    >> System Restore. Therefore, antivirus programs or tools cannot remove
    > threats in
    >> the System Restore folder. As a result, System Restore has the
    > potential of
    >> restoring an infected file on your computer, even after you have
    > cleaned the
    >> infected files from all the other locations.
    >>
    >> Also, a virus scan may detect a threat in the System Restore folder
    > even though
    >> you have removed the threat.
    >> </quote>
    >>
    >>
    >> --
    >>
    >> Brian A. Sesko
    >> <>MS MVP<>Shell/User<>
    >> Conflicts start where information lacks.
    >> http://www.dts-l.org/goodpost.htm
    >>
    >>
    >
  12. Archived from groups: microsoft.public.win98.gen_discussion (More info?)

    ....and this is best done AFTER the malware has been cleaned off the system, so that
    you have a restore point available if the malware cleaning goes awry. Then, Disk
    CleanUp can be used to remove all restore points but the most recent. Of course,
    none of that is relevant to Win98..... ;-)
    --
    Glen Ventura, MS MVP Shell/User, A+
    http://dts-l.org/goodpost.htm
    http://www.microsoft.com/communities/conduct/default.mspx


    "Brian A." <gonefish'n@afarawaylake> wrote in message
    news:e52jzmKOFHA.1392@TK2MSFTNGP10.phx.gbl...
    > Actually it would be in between my quote and what you mention. All restore
    > points except for one should be removed in case you needed to fall back due to
    > complications.
    >
    > --
    >
    > Brian A. Sesko
    > <>MS MVP<>Shell/User<>
    > Conflicts start where information lacks.
    > http://www.dts-l.org/goodpost.htm
    >
    >
    >
    >
    > "Dapper Dan" <dapperdan@home.com> wrote in message
    > news:O7y2vNKOFHA.3828@TK2MSFTNGP10.phx.gbl...
    > > Brian
    > > I gather there are two schools of thought on this one. I would prefer
    > > to leave System Restore alone until the infected virus is removed.
    > > That way if a major problem surfaces when removing the virus, at least
    > > one can use SR to restore the system to a workable environment. Once
    > > satisfied that the virus has been eliminated, one can always purge the
    > > SR file and set a new restore point.
    > > Just a different point of view.
    > >
    > > Dan
    > >
    > > "Brian A." <gonefish'n@afarawaylake> wrote in message
    > > news:%23uIRB9IOFHA.440@TK2MSFTNGP10.phx.gbl...
    > >> More precise info:
    > >> <quote>
    > >> If you are running Windows Me or Windows XP, we recommend that you
    > > temporarily
    > >> turn off System Restore. Windows Me/XP uses this feature, which is
    > > enabled by
    > >> default, to restore the files on your computer in case they become
    > > damaged. If a
    > >> virus, worm, or Trojan infects a computer, System Restore may back
    > > up the virus,
    > >> worm, or Trojan on the computer.
    > >>
    > >> Windows prevents outside programs, including antivirus programs,
    > > from modifying
    > >> System Restore. Therefore, antivirus programs or tools cannot remove
    > > threats in
    > >> the System Restore folder. As a result, System Restore has the
    > > potential of
    > >> restoring an infected file on your computer, even after you have
    > > cleaned the
    > >> infected files from all the other locations.
    > >>
    > >> Also, a virus scan may detect a threat in the System Restore folder
    > > even though
    > >> you have removed the threat.
    > >> </quote>
    > >>
    > >>
    > >> --
    > >>
    > >> Brian A. Sesko
    > >> <>MS MVP<>Shell/User<>
    > >> Conflicts start where information lacks.
    > >> http://www.dts-l.org/goodpost.htm
    > >>
    > >>
    > >
    >
  13. Archived from groups: microsoft.public.win98.gen_discussion (More info?)

    Ran in Safe Mode but couldn't find Bropia.

    Read a similar problem in a newsgroup, esp. regarding having to answer Yes
    or Cancel etc, and turned out that the 'Bropia' was in fact a variant serflog
    or surflog.

    I've suggested my friend tries the 'fix' for this first of all, but failing
    that, how do you run the FProt for Dos on a Windows 98 computer?

    "Bill Blanton" wrote:

    > Try safe mode. If that doesn't work we'll get you in DOS to run F-Prot.
    > When you boot the computer, just after the BIOS screen where it enumerates
    > the hardware (he may have a "splash" screen" hiding it) press and hold
    > F8. You should get a menu with an option for "Safe mode" Choose that
    > and run fxbropia.exe from there.
    >
    > I doubt it is a DOS executable, and probably requires Windows to run.
    >
    >
    >
    > "Zakynthos" <Zakynthos@discussions.microsoft.com> wrote in message news:D32CABEC-5647-486B-983D-37E4AF26702E@microsoft.com...
    > > Thanks for your help. I've downloaded Fprot for dos on my computer, just to
    > > have a look at it, trouble is I have windows 2000 professional, my friend
    > > with the Bropia worm problem is running Win 98.
    > >
    > > I've tried running the FxBropia.exe file on my own (uninfected) computer and
    > > it scans just fine, so I still think that the Bropia worm has a routine to
    > > counter any 'fixes'.
    > >
    > > Is there any possibility I could run the FxBropia.exe file from DOS rather
    > > than the FProt for Dos utility? If so, how exactly do I run it? Can you
    > > provide step by step instructions?
    > >
    > > Thanks for your help!
    > >
    > > "Bill Blanton" wrote:
    > >
    > >>
    > >> "Zakynthos" <Zakynthos@discussions.microsoft.com> wrote in message news:4D2E24F9-3193-4F2C-9966-35DF0A5F858A@microsoft.com...
    > >> > Hi,
    > >> >
    > >> > I'm trying to clean a friend's computer running Win 98 that is infected with
    > >> > the Bropia worm.
    > >> >
    > >> > Running the fxBropia.exe tool results in the option to Continue or Cancel
    > >> > after it scans about 10 files!
    > >> >
    > >> > I'm guessing that a routine has been written in the worm to prevent tools
    > >> > like this removing it, or to slow down the process?
    > >>
    > >> As Don said, you may have to boot to DOS to remove it. Google on "F-prot
    > >> for DOS".
    > >>
    > >> > I note from the Symantec site that advice is given for (Windows ME and XP)
    > >> > to turn off System Restore in all drives prior to running the removal tool. I
    > >> > assume this will prevent the above happening on these systems.
    > >>
    > >> That's just so the worm doesn't get saved to the restore archive.
    > >>
    > >> >
    > >> > Is there anything that can be done on Windows 98 to allow for the removal of
    > >> > this worm without having to cancel the Quit option continuously for (I'm
    > >> > guessing at leat a week or so) ?
    > >>
    > >> I don't know the details of how it loads, but safe mode might also be worth a shot.
    > >> Here's some more info-
    > >> http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_BROPIA.F
    > >>
    > >> (heh.. check out that sexy.jpg...)
    > >>
    > >>
    > >>
    > >>
    > >>
    >
    >
    >
  14. Archived from groups: microsoft.public.win98.gen_discussion (More info?)

    Since you're not familiar with DOS, you might try McAfee's Stinger from a
    safe-mode boot first. It's limited in its scope but does it deal with that particular
    worm.
    http://vil.nai.com/vil/stinger/


    To run F-prot, download it from
    http://files.f-prot.com/files/dos/f-prot.zip

    Create a new folder off the root, (say) c:\f-prot.
    Unzip the contents to that folder.
    Boot to DOS using the Windows startup menu, and at the prompt enter:

    C:\F-PROT\F-PROT


    "Zakynthos" <Zakynthos@discussions.microsoft.com> wrote in message news:41609809-9F33-4899-962D-2F9DBB948BB1@microsoft.com...
    > Ran in Safe Mode but couldn't find Bropia.
    >
    > Read a similar problem in a newsgroup, esp. regarding having to answer Yes
    > or Cancel etc, and turned out that the 'Bropia' was in fact a variant serflog
    > or surflog.
    >
    > I've suggested my friend tries the 'fix' for this first of all, but failing
    > that, how do you run the FProt for Dos on a Windows 98 computer?
    >
    > "Bill Blanton" wrote:
    >
    >> Try safe mode. If that doesn't work we'll get you in DOS to run F-Prot.
    >> When you boot the computer, just after the BIOS screen where it enumerates
    >> the hardware (he may have a "splash" screen" hiding it) press and hold
    >> F8. You should get a menu with an option for "Safe mode" Choose that
    >> and run fxbropia.exe from there.
    >>
    >> I doubt it is a DOS executable, and probably requires Windows to run.
    >>
    >>
    >>
    >> "Zakynthos" <Zakynthos@discussions.microsoft.com> wrote in message news:D32CABEC-5647-486B-983D-37E4AF26702E@microsoft.com...
    >> > Thanks for your help. I've downloaded Fprot for dos on my computer, just to
    >> > have a look at it, trouble is I have windows 2000 professional, my friend
    >> > with the Bropia worm problem is running Win 98.
    >> >
    >> > I've tried running the FxBropia.exe file on my own (uninfected) computer and
    >> > it scans just fine, so I still think that the Bropia worm has a routine to
    >> > counter any 'fixes'.
    >> >
    >> > Is there any possibility I could run the FxBropia.exe file from DOS rather
    >> > than the FProt for Dos utility? If so, how exactly do I run it? Can you
    >> > provide step by step instructions?
    >> >
    >> > Thanks for your help!
    >> >
    >> > "Bill Blanton" wrote:
    >> >
    >> >>
    >> >> "Zakynthos" <Zakynthos@discussions.microsoft.com> wrote in message news:4D2E24F9-3193-4F2C-9966-35DF0A5F858A@microsoft.com...
    >> >> > Hi,
    >> >> >
    >> >> > I'm trying to clean a friend's computer running Win 98 that is infected with
    >> >> > the Bropia worm.
    >> >> >
    >> >> > Running the fxBropia.exe tool results in the option to Continue or Cancel
    >> >> > after it scans about 10 files!
    >> >> >
    >> >> > I'm guessing that a routine has been written in the worm to prevent tools
    >> >> > like this removing it, or to slow down the process?
    >> >>
    >> >> As Don said, you may have to boot to DOS to remove it. Google on "F-prot
    >> >> for DOS".
    >> >>
    >> >> > I note from the Symantec site that advice is given for (Windows ME and XP)
    >> >> > to turn off System Restore in all drives prior to running the removal tool. I
    >> >> > assume this will prevent the above happening on these systems.
    >> >>
    >> >> That's just so the worm doesn't get saved to the restore archive.
    >> >>
    >> >> >
    >> >> > Is there anything that can be done on Windows 98 to allow for the removal of
    >> >> > this worm without having to cancel the Quit option continuously for (I'm
    >> >> > guessing at leat a week or so) ?
    >> >>
    >> >> I don't know the details of how it loads, but safe mode might also be worth a shot.
    >> >> Here's some more info-
    >> >> http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_BROPIA.F
    >> >>
    >> >> (heh.. check out that sexy.jpg...)
    >> >>
    >> >>
    >> >>
    >> >>
    >> >>
    >>
    >>
    >>
Ask a new question

Read More

Windows 98 Worm Windows