Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Virus problem, already checked with nortons.

0 views
Skip to first unread message

Nick FitzGerald

unread,
Nov 4, 1999, 3:00:00 AM11/4/99
to
John <glob...@hotmail.com> wrote:

<<snip Marburg story>>
> The problem :
>
> 2 files that show up on scan summary, but can't be displayed in Windows
> Explorer, therefore I can't replace them.
>
> Name : C:\WINDOWS\SYSTEM\windll.dll
> Virus Name: BackOrifice.Trojan
>
> Name : C:\WINDOWS\SYSTEM\ .exe (???no file
name,
> just this)
> Virus Name: W95.Marburg
>
> Can anyone suggest what I can do?????

Yep -- you can easily delete these from a DOS-only boot.
Well, easily if you have the right experience.

Following a DOs-only startup, change to the Windows system
dir, remove the hidden, system and read-only file
attributes from windll.dll and exe~1.

Now delete them using the same notation for the oddly-named
EXE file...

When you restart Windows, you will most likely receive a
warning that a startup program could not be found -- you
will need to edit the registry key:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

to fix this. I note you are posting from a New Zealand ISP
-- despite my Email address, I'm in NZ too, so write to me
if you need more detailed instructions.

[Posted and Emailed]


--
Nick FitzGerald

John

unread,
Nov 5, 1999, 3:00:00 AM11/5/99
to
Hi please help and thankyou in advance for your responces.

Networked PC infected.
Ran Nortons antivirus over network.
Found over 100 viruses (W95.Marburg) and fixed most, quarantined some.
I replaced (In DOS) the quarantined files. (systray.exe / explorer.exe /
taskmon.exe). No probs there.

The problem :

2 files that show up on scan summary, but can't be displayed in Windows
Explorer, therefore I can't replace them.

Name : C:\WINDOWS\SYSTEM\windll.dll
Virus Name: BackOrifice.Trojan

Name : C:\WINDOWS\SYSTEM\ .exe (???no file name,
just this)
Virus Name: W95.Marburg

Can anyone suggest what I can do?????

Regards John

t...@nospam.com

unread,
Nov 21, 1999, 3:00:00 AM11/21/99
to
Goto DOS, and junk em' from there,
Use dir command /ah to display hidden files.
Use del to junk em'

Best Wishes
Tim.Y

---
On Fri, 5 Nov 1999 11:33:46 +1300, "John" <glob...@hotmail.com>
wrote:

fudd

unread,
Dec 11, 1999, 3:00:00 AM12/11/99
to
From the information that I have found :
Nav should be able to clean the w95.Marburg! If it can't you may wish to
submit a same to SARC.
For windll.dll I think that this is the file that is execute that will allow
this trijan to do it's deed. I think that you should be able to delete or
quarentine this file and the nfind the associated call in the registry.

For more infomation on how to do this you should visit Symantecs web site on
viruses www.sarc.com.
If that do not help you can try service.symantec.com and do an ask a tech or
call Symantecs Virus Hotline at 541-9VIRUS9

Good Luck :-)


0 new messages