PDA

View Full Version : Virus problems



Chemical Ali
09-06-2004, 09:10 PM
How to get rid of a virus??
My brother-in-law has been infected with a virus and is regularly losing his internet connection -- what is the best way to get rid of it?
I suggested he go to Symantec's website, ascertain the exact name of the virus and download the appropriate fixit tool but his internet connection nevers stays up for long enough to enable him to accomplish this!
Any suggestions??

Steve Askew
09-06-2004, 09:20 PM
is he running win 2000 or XP ? if so it sounds like sasser worm.

search sasser will give you the answers.

Steve

tommy
09-06-2004, 09:56 PM
What version of Windows is he running? If Windows XP and if he has the Sasser or Blaster worm he needs to activate the firewall in order to prevent reinfection after removing the worm/virus. He may also need to obtain the removal tool from Symantec from another non-infected computer to install from a floppy disk onto his own computer.

Pheonix
09-06-2004, 10:01 PM
Does sound like the msblaster or the Sasser worms., if it is 2K or XP.
First go ..start-run .. and enter the following :- shutdown -a
Then activate/get a firewall.
then go online, download Stinger (http://vil.nai.com/vil/stinger/)
and do a Windows update, or, download the patch/fix from http://www.microsoft.com/technet/security/bulletin/ms04-011.mspx

whiskeytangofoxtrot
09-06-2004, 10:28 PM
Actually it sounds a hell of a lot more like NetSky.

Symantec Removal Tool Page (http://securityresponse.symantec.com/avcenter/venc/data/w32.netsky@mm.removal.tool.html)

Try that and let us know.

Growly
09-06-2004, 10:35 PM
I didn't hear anything about an anti virus program....

maybe he should get one, update it, scan with it, etc. this could be spyware too.

whiskeytangofoxtrot
09-06-2004, 11:05 PM
Oh yeah, I suggest you download the removal tool already linked above, and also grab Stinger from McAfee

Stinger (http://vil.nai.com/vil/stinger/)

Put them on a disk for him and mail/courier/drop it to him - I'm pretty certain it's probably NetSky. If it ain't Stinger will pickup most of the common ones running about at present.

Alternatively give the guy the links if he's got access to net at work/schoo/uni/interweb cafe.

whiskeytangofoxtrot
09-06-2004, 11:07 PM
Oh yeah.... one more thing.

Then get him to download and install a virus scanner...

ClamWin - http://www.clamwin.net
AVG - http://www.grisoft.com
AntiVir - http://www.freeav.com

And chastise him for randomly running attachments and not getting Windows Update yada yada yada

Pheonix
09-06-2004, 11:08 PM
Netsky, the mass mailing virus...shutting down the Internet connection?
New symptom I have not come across.

whiskeytangofoxtrot
09-06-2004, 11:16 PM
> Netsky, the mass mailing virus...shutting down the
> Internet connection?
> New symptom I have not come across.

Yes, NetSky the mass mailing virus. I definitely didn't mistype it.

Blaster/Sasser shut down the PC, not just the internet connection, and there was no mention of that happening.

Let's just say that I've sent the NetSky removal tool to well over 140 people, and that is an extremely common symptom of NetSky infection.

Jim B will vouch for that if he's around.

It is also common after it is removed for there to be a marked delay between opening OE/IE and the dial-up presenting itself - not sure quite how/why it does that yet.

Chemical Ali
09-06-2004, 11:51 PM
Thanks for the input Fellas

I'll be getting hold of the PC tomorrow so I'll let you know how I get on.
Sorry can't recall the OS he's running otherwise I would've mentioned that in my original post so will also advise of that tomorrow as well.

Jim B
10-06-2004, 12:47 AM
I can confirm what WTF has said is quite correct.
Loss of internet connection due to Netsky is the most obvious symptom of an infection and only allows internet access for a brief period and is not usually long enough to download the removal tool.

If has has been suggested they can download the removal tool on another computer and and save it to a floppy and run the tool on the infected computer all will be back to normal

whiskeytangofoxtrot
10-06-2004, 11:42 AM
> I can confirm what WTF has said is quite correct.

Thanks Jim :-)

whiskeytangofoxtrot
13-06-2004, 05:19 PM
> I'll be getting hold of the PC tomorrow so I'll let
> you know how I get on.

Bump for update?

Chemical Ali
14-06-2004, 09:44 AM
It was the Sasser worm
Not Netsky