Sign in with
Sign up | Sign in
Your question

VIRUS! What to do?

Last response: in Windows 95/98/ME
Share
March 10, 2003 7:30:45 AM

I've cleaned many a virus from clients' computers, mostly Word Macro viruses. I've cleaned maybe 3 or 4 viruses off my own system but the virus that I just seem to have found has me worried.

Symptoms

1) Windows 98SE MSINFO32's Version Conflict Manager shows most files as having a backup date of <font color=red>9/11/01</font color=red> !!!!

2) Most files in the folder, \windows\vcm, have a date/time stamp of 9/11/01 1:55 PM. The folder has a stamp of 9/11/01 1:53 PM.

3) Many folders on my C: partition have a date/time of 1/1/00 12:10 AM.

4) McAfee Viruscan detects the Reg/Seeker virus in one file only, SP.DLL in the Windows folder. (What is this file?) The version of Viruscan (4.0.3) I have is very old and is no longer supported by McAfee but the detector obviously still works. The DAT file, dated 3/5/2003, is up to date. My previous DAT file which was overdue for an update, being a couple months old, could not detect the virus.

The description of the Reg/Seeker virus at McAfee.com has me concerned that it might not be the virus causing the symptoms I'm describing since my symptoms weren't mentioned.

I'm wondering if I have an unscanned/uncleaned virus still on my system.

5) About a month ago I started having problems reinstalling the Radeon drivers. No matter which drivers (going back to pre-Catalyst) I try to install I get a VXD error.

I can manage to install the drivers two ways. A) In Safe Mode. B) by deleting all files begining with ATI... from the \Windows\system directory and running the installer normally. I still get the VXD error but the drivers do at least install.

6) I can't run any DirectX 8 or 9 applications <font color=blue>unless</font color=blue> I run a DirectX 7 application first, then the others will work. If I try to run a DirectX 8 or 9 application without doing this I get the following results

3DMark2001 reports, "3DMark2001 SE needs directx 8.1 and proper drivers installed in order to run"

BF1942 says, "BF1942.EXE file is linked to missing export DSOUND.DLL:11."

UT2003 Demo - BSOD (Blue Screen of Death)

I repeat, If I run a DirectX 7 application first then the above apps work without problems.


Has anyone heard of this Reg/Seeker virus? How about the symptoms that I described?

Do you think this is just some sort of prank virus or do you think it's something I should seriously worry about? something that will do real harm later?

I don't even know if the symptoms are all related.

<b>99% is great, unless you are talking about system stability</b>

More about : virus

March 11, 2003 7:49:31 PM

I think Norton is a lot better than McAffee. I kept getting virus after virus with McAffee.

I would go to symmantic's website and search for a 911 virus or something similar. See if you can find a name for the virus and what it's intentions are.

Download the 30 day trial of norton NAV and see if it finds anything.

A fresh install of windows can't hurt either.

<font color=red>
<A HREF="http://kevan.org/brain.cgi?dhlucke" target="_new">The French are being described as cheese-eating surrender monkeys.</A></font color=red>
March 11, 2003 8:23:19 PM

I used to have problems with McAfee so I use Norton. Maybe you should try some of the online scanners to see if they detect anything.

<i><font color=blue>There is no failure when you believe in success.</font color=blue></i>
Related resources
March 12, 2003 1:45:20 AM

Thanks for the suggestion. I didn't think about online scanners.

I'm making progress, well not really. I tried Bitdefender and it reported this.

"C:\WINDOWS\Downloaded Program Files\SETB2A0.TMP/(UPX) infected: Trojandownloader.Small.J"

The problem is Bitdefender didn't give me the option to clean or even delete the file. Further, I can't find the file at the mentioned location. A search doesn't even find it.

So how do I get rid of the infection, short of a clean install?




<b>99% is great, unless you are talking about system stability</b>
March 12, 2003 1:53:23 AM

I did "9/11" and "911" searches but they don't seem to lead to anything relevant.

It's tough tracking down information when you know (or think you know) the symptoms but don't know the name of the virus.

<b>99% is great, unless you are talking about system stability</b>
March 12, 2003 3:51:49 AM

Download the 30 day trial of NAV and see what happens.

<font color=red>
<A HREF="http://kevan.org/brain.cgi?dhlucke" target="_new">The French are being described as cheese-eating surrender monkeys.</A></font color=red>
March 13, 2003 1:34:25 AM

Maybe you should give NAV a try. I searched the <A HREF="http://www.sarc.com/avcenter/venc/auto/index/indexT.htm..." target="_new">Symantec</A> website and the closeest name I can get to the virus is:

Trojan.Downloader.Aphe
Trojan.Downloader.Cile
Trojan.Downloader.Inor

I couldn't find it on the Bitdefender website.

<i><font color=blue>There is no failure when you believe in success.</font color=blue></i>
March 13, 2003 2:10:41 AM

I'll give it a try when I have the time to download it.

It's a 40MB+ download and I only have a 56K connection.

<b>99% is great, unless you are talking about system stability</b>
March 13, 2003 4:17:18 AM

Maybe you can try their <A HREF="http://security.symantec.com/ssc" target="_new">online</A> scan first.

<i><font color=blue>There is no failure when you believe in success.</font color=blue></i>
March 13, 2003 4:12:57 PM

Thanks!

For some reason I couldn't find Symantec's online scanner.

Scanning now...

<b>99% is great, unless you are talking about system stability</b>
March 14, 2003 12:06:32 PM

Panda has an online scanner, too ...

<A HREF="http://www.pandasoftware.com/activescan/com/activescan_..." target="_new">Panda ActiveScan</A>

Toey

<font color=red>First Rig:</font color=red> <A HREF="http://www.anandtech.com/mysystemrig.html?rigid=17935" target="_new"><font color=green>Toejam31's Devastating Dalek Destroyer</font color=green></A>
<font color=red>Second Rig:</font color=red> <A HREF="http://www.anandtech.com/mysystemrig.html?rigid=15942" target="_new"><font color=green>Toey's Dynamite DDR Duron</font color=green></A>
________________________________________

<A HREF="http://www.btvillarin.com/phpBB/index.php" target="_new"><b><font color=purple>BTVILLARIN.com</font color=purple></b></A> - <i><font color=orange>A better place to be</font color=orange></i>. :wink:
March 15, 2003 11:12:45 PM

No detections from Symmantec or Panda online scanners.

If it weren't for the symptoms I've already seen I would tend write off the Bitdefender detection as a false positive.

Guess it's time for a clean install. First one since I built my system 2-1/2 years ago.

<b>99% is great, unless you are talking about system stability</b>
March 17, 2003 8:55:15 PM

Speaking of Panda, Toey... have you upgraded to Platinum Antivirus 7? I did back in February... and really like it so far.

<font color=red> If you design software that is fool-proof, only a fool will want to use it. </font color=red>
March 17, 2003 9:59:01 PM

Yeah, I picked it up last December, and the interface is <i>much</i> better, plus the memory load has been eased considerably, which is nice for those people who want all the permanent protection features. And the 24/7 e-mail support for any suspicious files is really outstanding (and fast) ... I've used it on a couple of occasions and I was pleasantly surprised at the speed of the response (less than 15 minutes for an answer in both cases.) My only real gripes are that once the program is updated, you can't make the rescue disks because the signature file is too large to fit on the third floppy in the series. The only version I've used that could correctly make the disks was 7.02.00. Secondly, they could use a little work on the update server(s), which sometimes has a few problems balancing the load.

I was told that they are are currently working on a solution to the rescue disk issue, and will implement an upgrade in the future to correct the problem.

But as for the program itself, after using this, there's certainly no way that I'd ever move back to an AntiVirus like Norton. Panda is definitely the superior product. Even the website is easier to navigate. And if you've ever had to search for information at Symantec, you can really appreciate the difference.

Now if they'll just add an option for a Eudora mail profile, (and perhaps the online HTTP servers, like Hotmail and Yahoo!) I'll sing their praises to the rooftops, and pre-install it on all my customer's systems as part of the package. That would be very cool.

Toey

<font color=red>First Rig:</font color=red> <A HREF="http://www.anandtech.com/mysystemrig.html?rigid=17935" target="_new"><font color=green>Toejam31's Devastating Dalek Destroyer</font color=green></A>
<font color=red>Second Rig:</font color=red> <A HREF="http://www.anandtech.com/mysystemrig.html?rigid=15942" target="_new"><font color=green>Toey's Dynamite DDR Duron</font color=green></A>
________________________________________

<A HREF="http://www.btvillarin.com/phpBB/index.php" target="_new"><b><font color=purple>BTVILLARIN.com</font color=purple></b></A> - <i><font color=orange>A better place to be</font color=orange></i>. :wink:
!