BetaArchive Logo
Navigation Home Screenshots Image Uploader Server Info FTP Servers Wiki Forum RSS Feed Rules Please Donate
UP: 6d, 9h, 14m | CPU: 15% | MEM: 2460MB of 4293MB used
{The community for beta collectors}

Forum rules


Any off topic discussions should go in this forum. Post count is not increased by posting here.
FTP Access status is required to post in this forum. Find out how to get it


Post new topic Reply to topic  [ 18 posts ] 
Author Message
 PostPost subject: I have a worm...        Posted: Wed Sep 05, 2007 10:52 am 
Reply with quote
Staff
User avatar
Offline

Joined
Sat Aug 19, 2006 8:13 am

Posts
1861

Location
Slovenia, Central Europe.

Favourite OS
Windows 98 SE 4.10.2222B
And one of a kind, that prevents the creation of any files, which have names, that are known to belong to files of various anti-spyware, anti-malware, and anti-virus programs. The worm is supposed to be Win32.Bagle, but I'm not sure.
How can I remove it? I tried deleting any suspect files, but that didn't help. ;)

_________________
Join #softhistory @ RoL IRC, a nice community for true enthusiasts!
Anime channel: #doki-doki @ RoL IRC, Mibbit, KiwiIRC.
PCem help channel is #softhistory now!

Check out our SoftHistory Forum for quality discussion about older software.


Top  Profile  WWW  ICQ  YIM
 PostPost subject:        Posted: Wed Sep 05, 2007 11:00 am 
Reply with quote
try to boot into safe mode with cmd, login as admin and run regedit

then remove these keys:

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\d3dupdate.exe
HKCU\Software\Windows98\uid
HKCU\Software\Windows98\frun

if that doesnt work try spybot or better avast cleaner ;)


i hope i could help you :wink:


Top
 PostPost subject:        Posted: Wed Sep 05, 2007 11:20 am 
Reply with quote
Staff
User avatar
Offline

Joined
Sat Aug 19, 2006 8:13 am

Posts
1861

Location
Slovenia, Central Europe.

Favourite OS
Windows 98 SE 4.10.2222B
I have no such keys in my registry.

And I can't even install SpyBot, since the worm deletes its main executables, as soon, as they are written on the disk. But I'm going to try with Avast! Anti-Virus now. ;)

_________________
Join #softhistory @ RoL IRC, a nice community for true enthusiasts!
Anime channel: #doki-doki @ RoL IRC, Mibbit, KiwiIRC.
PCem help channel is #softhistory now!

Check out our SoftHistory Forum for quality discussion about older software.


Top  Profile  WWW  ICQ  YIM
 PostPost subject:        Posted: Wed Sep 05, 2007 11:28 am 
Reply with quote
even if you are in safe mode? thats weird :?


Top
 PostPost subject:        Posted: Wed Sep 05, 2007 11:39 am 
Reply with quote
Staff
User avatar
Offline

Joined
Sat Aug 19, 2006 8:13 am

Posts
1861

Location
Slovenia, Central Europe.

Favourite OS
Windows 98 SE 4.10.2222B
Namronia wrote:
even if you are in safe mode? thats weird :?

I'm not starting Safe Mode, until I'm 100% sure, that I can't get rid of the worm in both the Normal Mode, and by manually deleting the bad files in MS-DOS. ;)

_________________
Join #softhistory @ RoL IRC, a nice community for true enthusiasts!
Anime channel: #doki-doki @ RoL IRC, Mibbit, KiwiIRC.
PCem help channel is #softhistory now!

Check out our SoftHistory Forum for quality discussion about older software.


Top  Profile  WWW  ICQ  YIM
 PostPost subject:        Posted: Wed Sep 05, 2007 11:45 am 
Reply with quote
lol

whould be the easiest way^^


dos mode :? windows me, 98 or 95 ?

cool :D


Top
 PostPost subject:        Posted: Wed Sep 05, 2007 1:11 pm 
Reply with quote
Staff
User avatar
Offline

Joined
Sat Aug 19, 2006 8:13 am

Posts
1861

Location
Slovenia, Central Europe.

Favourite OS
Windows 98 SE 4.10.2222B
Well, I'm using Windows XP Professional, but I also have the DOS boot files from Windows 98 SE installed, exactly in case I'd have to remove something suspect manually.
Anyway, this thing deleted Avast! Anti-Virus as well, after a reboot + scan, so I'm starting Safe Mode now. ;)

_________________
Join #softhistory @ RoL IRC, a nice community for true enthusiasts!
Anime channel: #doki-doki @ RoL IRC, Mibbit, KiwiIRC.
PCem help channel is #softhistory now!

Check out our SoftHistory Forum for quality discussion about older software.


Top  Profile  WWW  ICQ  YIM
 PostPost subject:        Posted: Wed Sep 05, 2007 1:13 pm 
Reply with quote
Donator
Offline

Joined
Tue Oct 17, 2006 8:26 pm

Posts
929
If security is properly set up, pactically nothing on the system drive will be anything but readonly to you.


Top  Profile
 PostPost subject:        Posted: Wed Sep 05, 2007 1:56 pm 
Reply with quote
Staff
User avatar
Offline

Joined
Sat Aug 19, 2006 8:13 am

Posts
1861

Location
Slovenia, Central Europe.

Favourite OS
Windows 98 SE 4.10.2222B
1. I'm running Windows from the Administrator account, so I have full access to everything.
2. Successfully installed, and ran, SpyBot under Safe Mode, removed some stuff in it, rebooted the PC in Normal Mode, and the thing appears to be back. What should I do now? :?

_________________
Join #softhistory @ RoL IRC, a nice community for true enthusiasts!
Anime channel: #doki-doki @ RoL IRC, Mibbit, KiwiIRC.
PCem help channel is #softhistory now!

Check out our SoftHistory Forum for quality discussion about older software.


Top  Profile  WWW  ICQ  YIM
 PostPost subject:        Posted: Wed Sep 05, 2007 2:12 pm 
Reply with quote
FTP Access
User avatar
Offline

Joined
Wed Oct 04, 2006 11:02 pm

Posts
514
Reinstall. It sounds like it's cheating and it's a pain in the ass, but it's the only way to be 100% sure it's gone and will stay gone.


Top  Profile
 PostPost subject:        Posted: Wed Sep 05, 2007 2:13 pm 
Reply with quote
Donator
User avatar
Offline

Joined
Sat May 12, 2007 1:05 pm

Posts
5271

Location
The Collection Book

Favourite OS
Windows & Phone
Format the harddrive (deep format) and reinstall windows.

edit:
You must deep format, format a few times and then reinstall windows, because after 1 format the virus can still be there.

_________________
Image
http://www.thecollectionbook.info
Subscribe to our Image for updates and like us on Image.

Reading Mode only, PM's possible.


Top  Profile  WWW
 PostPost subject:        Posted: Wed Sep 05, 2007 2:16 pm 
Reply with quote
Staff
User avatar
Offline

Joined
Sat Aug 19, 2006 8:13 am

Posts
1861

Location
Slovenia, Central Europe.

Favourite OS
Windows 98 SE 4.10.2222B
I don't have time to re-install it completely. There surely has to be a way to get rid of it without having to lose eveyrthing. :?

_________________
Join #softhistory @ RoL IRC, a nice community for true enthusiasts!
Anime channel: #doki-doki @ RoL IRC, Mibbit, KiwiIRC.
PCem help channel is #softhistory now!

Check out our SoftHistory Forum for quality discussion about older software.


Top  Profile  WWW  ICQ  YIM
 PostPost subject:        Posted: Wed Sep 05, 2007 2:18 pm 
Reply with quote
Donator
User avatar
Offline

Joined
Sat May 12, 2007 1:05 pm

Posts
5271

Location
The Collection Book

Favourite OS
Windows & Phone
Nope.

But you can back-up, but watch out maybe the is virus is backed-up too then.

_________________
Image
http://www.thecollectionbook.info
Subscribe to our Image for updates and like us on Image.

Reading Mode only, PM's possible.


Top  Profile  WWW
 PostPost subject:        Posted: Wed Sep 05, 2007 2:20 pm 
Reply with quote
Staff
Offline

Joined
Sat Oct 14, 2006 12:05 am

Posts
786
If you have an XP CD make a BartPE disk. You can probably get anti virus plug in type things to put into the iso.
Do you have System Restore turned on? If yes disable it as a lot of virus use that to return once removed.

Edit: http://www.bootcd.us/BartPE_Plugins_Category/antivirus/


Last edited by Beta Freak on Wed Sep 05, 2007 7:23 pm, edited 1 time in total.

Top  Profile
 PostPost subject:        Posted: Wed Sep 05, 2007 2:23 pm 
Reply with quote
Staff
User avatar
Offline

Joined
Sat Aug 19, 2006 8:13 am

Posts
1861

Location
Slovenia, Central Europe.

Favourite OS
Windows 98 SE 4.10.2222B
I think it's a kind of program, that doesn't infect anything, but just starts up every time, thanks to something, that launched it.
Ever since I repaired my Windows XP installation, I've been getting both Windows Installer, and even a message, that I should upgrade my PowerDVD, even though I have never installed it, on start up. :?

_________________
Join #softhistory @ RoL IRC, a nice community for true enthusiasts!
Anime channel: #doki-doki @ RoL IRC, Mibbit, KiwiIRC.
PCem help channel is #softhistory now!

Check out our SoftHistory Forum for quality discussion about older software.


Top  Profile  WWW  ICQ  YIM
 PostPost subject:        Posted: Wed Sep 05, 2007 3:44 pm 
Reply with quote
Donator
Offline

Joined
Tue Oct 17, 2006 8:26 pm

Posts
929
If you are infected, format and reinstall. The fact that you caught something you can detect gives merit to the fact that there are probably more there that you don't see.

And keeping this machine on, especially in "normal" mode is irresponsible.


Top  Profile
 PostPost subject:        Posted: Wed Sep 05, 2007 4:40 pm 
Reply with quote
FTP Access
User avatar
Offline

Joined
Fri Sep 01, 2006 10:04 pm

Posts
1022

Location
The Ephemeral between existance and non-existance: AKA "being"

Favourite OS
Rhapsody, BeOS
There is a great tool out there called "HijackThis" @ http://www.google.com/search?hl=en&sa=X&oi=spell&resnum=0&ct=result&cd=1&q=Hijackthis&spell=1
Try it and see what you can find...

ps.
They have a nice tutorial...

_________________
Image
Part Time Troll - HPC Enthusiast - Spelling Master - Old Fart


Top  Profile  WWW
 PostPost subject:        Posted: Wed Sep 05, 2007 7:05 pm 
Reply with quote
Staff
User avatar
Offline

Joined
Sat Aug 19, 2006 8:13 am

Posts
1861

Location
Slovenia, Central Europe.

Favourite OS
Windows 98 SE 4.10.2222B
OK, the problem has been solved. I had only been worrying until now, because it made me unable to install SP 2, but I've been able to integrate it into the Installation (had to go to Safe Mode, in order to be able to do that), and do a SP 2-Integrated repair with it now, so it's all OK now, and the thing seems to have disappeared. ;)

_________________
Join #softhistory @ RoL IRC, a nice community for true enthusiasts!
Anime channel: #doki-doki @ RoL IRC, Mibbit, KiwiIRC.
PCem help channel is #softhistory now!

Check out our SoftHistory Forum for quality discussion about older software.


Top  Profile  WWW  ICQ  YIM
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 18 posts ] 




Who is online

Users browsing this forum: No registered users and 5 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum

Jump to:  

All views expressed in these forums are those of the author and do not necessarily represent the views of the BetaArchive site owner.

Powered by phpBB® Forum Software © phpBB Group

Copyright © 2006-2018

 

Sitemap | XML | RSS