Sorry to hear that you are still being afflicted with the virus.
My suggestion (after cleaning up more than my fair share of viri ridden computers)
is to attack it with more than one tool. Mcafee has the ability to create a boot
disk that will rid core windows files of a virus or at least identify that they
have been modified so you can replace the nasty modified files with clean files.
I used that capability to route a really nasty virus from my computers the last
time I got hit. Then I loaded Trend Micros software and actually had both
anti-viri software packages runnning at the same time. What one did not fix,
often times the other one did. Yes, it can get really ugly. At some point you
may want to pull out the windows boot disks and reformat your drive and start
over.
I believe that both Mcafee and Trend Micro offer free anti-viri software that you
can download and try free for a period of time. That might be long enough to get
you out of trouble.
My point about Netscape is that to my knowledge it has not been hit with any viri
that causes it to send out messages without the senders knowledge to further
spread the virus. Outlook has been plagued with viri that do just that.
Dave
>>>>>>>>>>>>>>>>>>>>>>>>>
Douglas Greville wrote:
> Jaime
>
> > 3rd. A copy is saved into the WINDOWS directory as INETD.EXE and an entry is
> > entered into the WIN.INI file to run INETD.EXE at startup. KERN32.EXE (a
> > backdoor Trojan), and HKSDLL.DLL (a valid keylogger DLL) are written to the
> > WINDOWS SYSTEM directory, and a registry entry is created to load the Trojan
> > upon system startup.
>
> Sorry to disagree, but I think you are not correct. In the
> messages of the last day or 2 you will see that James Swan and I have
> had a late night session cleaning out his computer. He is a Netscape
> user just like me.
> His computer had the virus just like mine did and yet
> it manifested with a different file. I found a log file generated by the
> virus in my computer. Stripped of all the gobbledegook here is what it
> did. I have added the numbers.
>
> Hkk32.exe (0) (Virus?)
> Wsock32.dll (1) (Genuine Windows file?)
> Msvcrt.dll (2)
> Win.ini (Genuine Windows file - but modified.)
> Ws_32.dll (3)
> Ws2help.dll (4)
> Wininet.dll (5) (Virus? Name is similar to "Inetd.exe" the virus file)
> Shlwapi.dll (6)
> Mswsock.dll (7)
> Kern32.dll (8) (Virus)
>
> Now you will notice that Hkk32.exe is not mentioned in your email, BUT
> I did not find any instance of Hksdll.dll! But it was present on James
> computer!
>
> What I need is for one of our "hard core computer types" in this group
> (Chuck Chris? or Arthur?) to have a look at the above list and tell me
> which of the numbered events is the execution of a genuine Windows
> subroutine and which are virus files that have a very similar name
> (eg Kern32.exe which is a similar name to Kernel32.dll - a genuine
> Windows file) and tell me if any of the above indicates a remaining
> virus file that I (and perhaps the rest of you) need to kill?
> I don't want to go and gleefully delete essential Windows subroutines
> in teh mistaken belief they are virus files and end up with a computer
> that only displays "the blue screen of death".
>
> Do remember that I have already run a supposedly successfull Virus
> kill program (Norton 2001) yet it proved totally incapable of removing
> Kern32.exe and Hkk32.exe both of which I had to delete via a boot
> disk and DOS commands.
>
> Most importantly, although the Virus was killed, the Trojan horse
> (Kern32.exe) still remained along with Hkk32.exe (whatever it may be).
> So much for those vaunted Anti-Virus programmes!
>
> There are far too many ".dll"'s in that above list for my liking, the
> problem being to recognise the genuine from the fake, just relying on
> "date created" is not reliable?
>
> Help please?
>
> I am still stumped for the compulsory MV content as I am more concerned
> about not having an active spy (Virus) in my computer! When I know I
> have my computer back to rights I can enthrall all of you with an
> intriguing (infuriating actually) Greyhound idle miss saga.
>
> Regards
> Doug
>
> ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
> Armoured Vehicles Collector
> _______
> _/_(_o_)_\_ ____
> _/|___|_|___|\_ /____\
> / [___] [___] \ Douglas Greville _/[o]___\_
> /\_ [o] [o] _/\ Broken Hill __/=_|____|_=\__
> |w||___________||w| N.S.W. /__\__________/__\
> |w|\u u/|w| Australia |w| \ / |w|
> |w| \_________/ |w| |w|$ \______/ $|w|
> [w] [w] [w] [w]
> M8 Ferret
>
> dgrev@ruralnet.net.au
>
> Web Armour site at:
>
> http://www.users.zetnet.co.uk/lsm/dhmg/index.html (UK mirror site)
>
> and
>
> http://members.nbci.com/dgrev/index.html (US mirror site)
>
> To unsubscribe from this group, send an email to:
> MVlist-unsubscribe@yahoogroups.com
> **Please trim your replies**
> **Do not post in HTML or "Rich Text" mode**
> **Plain ASCII Text only please**
> **Attachments will be stripped**
>
>
>
> Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
This archive was generated by hypermail 2b29 : Tue May 01 2001 - 07:42:42 PDT