[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Viruses
Those viruses are all the same one BadTrans Virus. For everyone's
protection - if you are a DOS machine (Windows etc) simply do not run the
file attached and delete the email message. In the directory or area you
keep your attachments make sure you use Windows Explorer and delete the
attachment also.
Here is the stuff you need to do to clean it up if the computer does become
infected ...
This is complicated - but is necessary if your Virus Protection Program
cannot find the virus - McAffee does not recognize it for some reason. I
do not know about Norton.
Windows 95/98 users: Change the Folder View Options
1. Double-click on the My Computer icon on the desktop.
2. Double-click on the C: drive.
3. Click on the View pull-down menu then click on Options (or Folder
Options). The Folder Options dialog box will then appear.
4. Click on the View tab.
5. Select the 'Show all files' option.
6. Uncheck 'Hide file extensions for known file types'.
7. Click the Apply button followed by the OK button.
8. Close the remaining open windows until you are back on the desktop.
Windows ME users: Change the Folder View Options
1. Double-click on the My Computer icon on the desktop.
2. Double-click on the C: drive.
3. Click on the Tools pull-down menu and then click on Folder Options. The
Folder Options dialog box will then appear.
4. Click on the View tab.
5. Select the 'Show hidden files and folders' option.
6. Uncheck 'Hide file extensions for known file types'.
7. Click the Apply button followed by the OK button.
8. Close the remaining open windows until you are back on the desktop.
All users: Backup the Registry
1. Click on the Start button.
2. Click on Run.
3. Type in REGEDIT then click the OK button. The Registry Editor will then
appear.
4. Click on the Registry pull-down menu then click on Export Registry File.
5. The Export Registry File dialog box will then appear. The top of this
dialog box contains an option entitled Save In. Make sure Desktop is
selected for the Save In option. If it is not, click the pull-down arrow
and select Desktop from the menu.
6. In the File Name field type "Backup" (without the quotation marks).
7. In the Export Range group box make sure All is selected.
8. Click on the Save button. You have now created a backup of your registry.
9. Close the Registry Editor by clicking the X in the top right corner.
NOTE: If you need to restore the registry you can double-click on the
backup file you created and it will be restored. The backup file will be
located on your desktop. Once you have finished these instructions and are
certain everything is working properly it is important to delete the
"backup" file you created. Do this by right-clicking on the Backup file on
the desktop then left-clicking on Delete from the pop-up menu that appears.
This will ensure that the old registry is not accidentally restored once
this process is complete.
Edit the Registry
1. Click on the Start button.
2. Click on Run.
3. Type in REGEDIT then click the OK button. The Registry Editor will then
appear.
4. On the left side of the screen double-click on HKEY_LOCAL_MACHINE.
5. Double-click on Software.
6. Double-click on Microsoft.
7. Double-click on Windows.
8. Double-click on CurrentVersion.
9. Single-click on the RunOnce folder so it is highlighted. You will notice
the right-side of the screen has a Name column and a Data column.
10. On the right side of the screen, single-click on the word "Kernel32"
under the Name column so it is highlighted.
11. Press the Delete key on the keyboard to remove the highlighted Windows
entry.
12. Close the Registry Editor by clicking the X in the top right corner.
All users: Editing the WIN.INI
1. Click on the Start button.
2. Click on Run.
3. Type in WIN.INI and then click the OK button.
4. The C:\WINDOWS\WIN.INI window will appear.
5. Scroll all the way over to the right in this window and next to RUN=
there will be this reference: c:\windows\inetd.exe.
Remove this reference. If you do not see the reference it may be off the
screen. Remember to scroll all the way over to the right.
6. Click on the X in the top right corner to close the WIN.INI window. You
will be asked if you wish to save changes. Answer Yes.
Windows 95/98 users: Delete the Virus Files
1. Click on the Start button.
2. Highlight Find then click on Files or Folders. The Find Files dialog box
will then appear.
3. Make sure the C: drive is selected for the Look In option.
4. In the Named field type in INETD.EXE then click the Find Now button.
5. The computer will then search for this file. When the file is found the
file's name will be displayed towards the bottom of the dialog box.
6. Once the file is found right-click on the small icon that appears to the
left of the file's name. A pop-up menu will appear.
7. Left-click on Delete to remove this file.
8. Repeat steps 4 - 7 for the for the following file names:
KERN32.EXE
HKSDLL.DLL
HKK32.EXE
CP_23421.NLS
9. Once all three files have been deleted close the Find Files dialog box
by clicking the X in the top right corner.
10. Empty your recycle bin by right-clicking on the Recycle Bin icon on the
desktop and left-clicking on Empty Recycle Bin.
11. Restart your computer. The trojan has now been removed.
Windows ME users: Delete the Virus Files
1. Click on the Start button.
2. Highlight Search and then click on For Files or Folders. The Search for
Files or Folders dialog box will then appear.
3. Make sure the Look in field shows the C: drive so the entire C: drive
will be searched.
4. Type INETD.EXE in the Search for Files or Folders Named field and click
the Search Now button.
5. Windows will then search for the file. When the file is found, it will
be displayed on the the right-hand side of the dialog box.
6. Once Windows has finished searching, right-click on the small icon to
the left of the file's name. A pop-up menu will appear.
7. Left-click on Delete. If you receive a prompt, answer Yes to have the
file deleted.
8. Repeat steps 4 - 7 for the for the following file names:
KERN32.EXE
HKSDLL.DLL
HKK32.EXE
CP_23421.NLS
9. Close the Search for Files or Folders dialog box by clicking on the X in
the top right corner.
10. Empty your recycle bin by right-clicking on the Recycle Bin icon on the
desktop and left-clicking on Empty Recycle Bin.
11. Restart the computer. The trojan has now been removed.
At Thursday 07:41 PM 4/26/01, you wrote:
>Today I have received 3 viruses from 3 different list members. Luckily
>none of them affect my Mac, but windows users may want to beware
>
>Obviously not blaming here, but I received viruses from:
>
>"Karl Doering" <kilikarl at bignet_net> Sent: hamster.ZIP.scr
>"Ernest E. May" <emay1 at wi_rr.com> Sent: Me_nude.AVI.pif
>"-----Cypher-----" <cypher at cromas_net> Sent: s3msong.MP3.pif
>
>All of these were addressed specifically to me, not to the list.
>
>The accompanying text looks as follows, and then there is an attachment
>for the Virus
>
>
> > Subject:
> > Re: Re: Electronic BNL
> > Date:
> > Thu, 26 Apr 2001 07:39:03 -0400
> > From:
> > "Karl Doering"
> > To:
> >
> >
> >
> >
> >
> > 'Jeremy Adams' wrote:
> > ====
> > - > It is indeed not the general trend and I dare say few of us are
> willing OR
> > - > anxious
> > - > to be stuck with a BNL that is only on the computer screen.
> > - >
> > - > To try to save money by removing a service sounds more like
> Wallstreet and
> > - > less
> > - > like a club of hobbyists.
> > - >
> > - I don't think this has been suggested? I think what has been suggested
> > - is to give people the choice of paper or electronic. The people who do
> > - it electronically would save the AKA money. Th ...'
> >
> >
> > > Take a look to the attachment.
> >
> >
> >
>
>Jeremy
>
>--
>
>
>
>~~~~~~~~~~~~~My Life Story~~~~~~~~~~~~~~~~
>Jeremy Adams - Corvallis, Oregon USA
>Killifish-Frogs-Toads-Aquatic Plants-Fish Ponds
>Bombina orientalis web page:
><http://members.home.net/killifish/bombina.html>
>Loyal Macintosh user since 1988
>~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>
>
>---------------
>See http://www.aka.org/AKA/subkillietalk.html to unsubscribe
---------------
See http://www.aka.org/AKA/subkillietalk.html to unsubscribe
References:
- Viruses
- From: Jeremy Adams <killifish at home_com>