|
|||||||
 |
|
|
LinkBack | Thread Tools | Search this Thread | Rate Thread | Display Modes |
03-04-2003, 08:42 PM
|
#1 |
|
Member (7 bit)
Join Date: Nov 2000
Location: Seattle
Posts: 119
|
Can't Install AV software or online scan
Buddy's computer seems to have a virus.
His inbox is filled with "undeliverable" mail from his ISP from emails he didn't send out. Sounds like a virus. When he tried to install Norton it started the install process, then just kicked him out. He tried the online scan at symantec's site and was kicked off the site. Anyway to find out what virus this is and remove manually? I'm going to have him try housecall site. Not real confident that will work either. Any ideas? thanks Mike |
|
|
|
03-04-2003, 08:48 PM
|
#2 |
|
Member (12 bit)
Join Date: Jul 2002
Location: Illinois
Posts: 3,557
|
This is a good place also.
http://www.trendmicro.com/en/home/us/enterprise.htm |
|
|
|
|
03-05-2003, 01:44 AM
|
#3 |
|
Member (12 bit)
Join Date: Jan 2002
Location: Central Arkansas
Posts: 2,170
|
What operating system? If you can get into DOS, try F-Prot for DOS , here are instructions for setting up the floppies, you will also need a boot disk.
__________________
Roger "Our greatest glory is not in never falling, but in rising every time we fall." -Confucius |
|
|
|
|
03-05-2003, 09:14 AM
|
#4 |
|
Member (7 bit)
Join Date: Nov 2000
Location: Seattle
Posts: 119
|
Just as I thought,
housecall did not work either, was kicked off the site. Redo, thanks for the site. I've forgotten all about f-prot. I remember back in win3.11 that was the shiznit! I'll let you know what happens. Also, I had him print off one of the emails that was returned by is ISP. It had attachements, ATT00020.DAT & New Image().eml Does this mean anything to anyone? thanks Mike |
|
|
|
|
03-05-2003, 09:46 AM
|
#5 |
|
Banned
Join Date: Jul 2000
Location: Bakersfield,CA
Posts: 7,761
|
|
|
|
|
|
03-05-2003, 09:48 AM
|
#6 |
|
Forum Administrator
Staff
Premium Member
Join Date: May 2000
Location: Joplin MO
Posts: 37,777
|
Run msconfig and list everything in the startup - I might be able to recognize what virus it is by an entry in there - and by disabling it you may be able to get a good housecall or Norton install. I'm guessing it's probably Klez or Yaha.
|
|
|
|
|
03-06-2003, 08:18 AM
|
#7 |
|
Member (7 bit)
Join Date: Nov 2000
Location: Seattle
Posts: 119
|
ok
the f-prot on floppy didn't work. I followed their instructions copied the listed files to disk 1 & 2. When it runs it ask for disk with the and when asks for the disk with "sign.def" which is disk 2. put that in then it asks for "sign2.def", put in disk 1 and it ask for a command module of some sort. Don't know what going on. MSconfig list looks good, except a line for "winkuko.exe" and "Load=". Tried unchecking all lines, restarting and trying an online scan with no results. mike |
|
|
|
|
03-06-2003, 10:06 AM
|
#8 |
|
Forum Administrator
Staff
Premium Member
Join Date: May 2000
Location: Joplin MO
Posts: 37,777
|
winkuko.exe is the virus.
You got the Klez. Download the removal tool: http://securityresponse.symantec.com...er/FixKlez.com Run it in safe mode. |
|
|
|
|
| Bookmarks |
| Thread Tools | Search this Thread |
| Display Modes | Rate This Thread |
|
|
Linear Mode
