One scary virus ate up computer.

[sheriff]

A friend brought his comp to me wanting me to try getting virus's off it. The ISP had him blocked from internet. I used one of my boxes with win2kpro and lan connection to get to internet, got it checked by the online virus checker. Nothing detected. Finally got it networked to my 2k box ran a up to date pccillin check, found 124 virus's on his machine. Pccillin cant delete or clean the virus's and I cant seem to find a program that can. I think I am going to have to LLF (low level format) his hard drive and reload win98se. Anyone any ideas???

[Martoch]

Quote:

Originally posted by sheriff
Pccillin cant delete or clean the virus's and I cant seem to find a program that can.

What programs have you tried so far? Also, have you found out which virus you're dealing with?

[sheriff]

There were several different worms KLEZ and three others. The only Detector that I could get to work was pccillin, norton and the rest would no load on his machine. I had to use one of my boxes networked to his to check his. The online virus detector's didnt work either. Got to go the wife is wating to go out door.

[OC Guy]

Did you go to HouseCall? They are the best ive seen so far. Heres the link .
But itn't it true that there could be a few viri(plural?) that could go undetected? So i would have to say after a few trys an nothing fixes it, just bite the bullet and format it. Ive had to go this route many times and a fresh install feels good.

You might also want to try The Cleaner.. http://www.moosoft.com/

It might pick up any trojans the others (Norton) might have missed.

Good luck!

[NeoStarO1]

If all else fails for cleaners might try and get the names of all the virus' and then look them up on the net to get more details of the file and get manual removal instructions.

However if you have found

Quote:

found 124 virus's on his machine

On his machine, I would opt for a complete low level foromating. To manually remove all that is IMO possible but would take far too long to do that.

I opt for low level format. And once the computer is reloaded with the OS get some sort of AV's installed on the machine.

NeoStar

[sharder8]

Quote:

found 124 virus's on his machine

Does that mean 124 different virii, or 124 infected files?

With KLEZ, you need to download the "Fix Tool", run it and follow the directions closely, MULTIPLE TIMES!!! Also, you may be looking only at the top of the iceberg. After I ran the fix tool and then re-scanned, I found that KLEZ had been hiding the MYPARTY worm as well. (In total, I removed over 140 KLEZ infected files and 15 MYPARTY files.)

The worst computer I successfully clean had over 2200 infected files, w/ 17 hidden infected folders. (Mostly Badtrans.A and a variety of others, none as destructive as KLEZ.) The only thing that I need to re-install was OE.

Good luck and keep us posted.

Harder

P.S. When PC-cillin can't delete the virus, it puts it in it's Quarantine folder. You can delete it from there.

[wyvrn]

I have successfully cleaned machines that had 3 or 4 viruses on them, but it often took booting into safe mode, editing the registry, deleting certain files, and running virus programs 2 or 3 times to clean out the remaining gunk. If there are 124 infected files or *gasp* 124 actual viruses on the machine, I wouldn't bother trying to clean it. Even after you have spent hours of your time on it, some infected files may remain and you may have more trouble down the line. Plus, formatting the HDD so that your friend loses all of his data is a good way to ensure he keeps his current anti-virus up to date and doesn't waste your time in the future And if his ISP blocked him, tell him you can't fool around or he may have to look for another ISP.

[NeoStarO1]

Quote:

Plus, formatting the HDD so that your friend loses all of his data is a good way to ensure he keeps his current anti-virus up to date and doesn't waste your time in the future And if his ISP blocked him, tell him you can't fool around or he may have to look for another ISP.

Good advise on this one, will have to remember that one for machines that are severely effected by virus's.


NeoStar

[sharder8]

I agree with wyvrn, but the worst ones that I've had to clean, belonged to business' and were full of documents that hadn't been backed up! Anyway, they paid the money to save their data! They also learned how to backup the important documents daily and to keep their AV programs up to date!

One thing to remember about KLEZ is that it will attack your AV program files and kill it. The one I mentioned above, looked to have up-to-date definitions for McAfee (hard to tell after KLEZ got done destroying it), but KLEZ still was able to get in and do its thing.

Harder