Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93081 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Internet Explorer


  • Please log in to reply
50 replies to this topic

#46 Micah_6:8

Micah_6:8

    Evilware Emancipator

  • Authentic Member
  • PipPipPipPipPipPipPip
  • 10,060 posts
  • Interests:Web (Perl, PHP, JavaScript, HTML) programming, CNC programming, Squashing spyware!

Posted 06 July 2004 - 06:00 PM

You may have to turn system restore "off":

http://www.pchell.co...emrestore.shtml

Then run the scan.

Go ahead and post a partial listing, first.
:)
Micah 6:8 He hath shewed thee, O man, what is good; and what doth the LORD require of thee, but to do justly, and to love mercy, and to walk humbly with thy God?

The help you receive here is free.
If you wish to show your appreciation, then you may donate to help keep us online.

Want to help others? Join the ClassRoom and learn how.

Download Hijack This! My Website: UnSpyMe!

    Advertisements

Register to Remove


#47 tcooley

tcooley

    Authentic Member

  • Authentic Member
  • PipPip
  • 26 posts

Posted 06 July 2004 - 06:42 PM

Just ran a new scan it now shows no virus found , so apparently it did heal them but IE will not open from original file. The error now reads MSVCRT DLL error

#48 Micah_6:8

Micah_6:8

    Evilware Emancipator

  • Authentic Member
  • PipPipPipPipPipPipPip
  • 10,060 posts
  • Interests:Web (Perl, PHP, JavaScript, HTML) programming, CNC programming, Squashing spyware!

Posted 06 July 2004 - 07:14 PM

Hmmm...

Find "MSVCRT.DLL" using windows explorer, and rename it to "MSVCRT.old"

Then go here:

http://www.dll-files...es.shtml?msvcrt

And download a new copy INTO THE SAME FOLDER WHERE THE ORIGINAL ONE WAS.

Then reboot & try IE.
Micah 6:8 He hath shewed thee, O man, what is good; and what doth the LORD require of thee, but to do justly, and to love mercy, and to walk humbly with thy God?

The help you receive here is free.
If you wish to show your appreciation, then you may donate to help keep us online.

Want to help others? Join the ClassRoom and learn how.

Download Hijack This! My Website: UnSpyMe!

#49 tcooley

tcooley

    Authentic Member

  • Authentic Member
  • PipPip
  • 26 posts

Posted 07 July 2004 - 06:58 PM

in the last scan here is a sample of files it said not cured zip>VerifierBug.class Java.ByteVerify.exploit cannot cure C:\WINDOWS\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ archiven.jar-26cc6137-50f67d42.zip>Beyond.class Java.Shinwow.I cannot cure C:\WINDOWS\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ archive.jar-27b6d966-706e199c.zip>BlackBox.class Java.ByteVerify.exploit cannot cure C:\WINDOWS\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ archive.jar-27b6d966-706e199c.zip>VerifierBug.class Java.ByteVerify.exploit cannot cure C:\WINDOWS\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ archive.jar-27b6d966-706e199c.zip>Dummy.class Java.ByteVerify.exploit cannot cure C:\WINDOWS\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ archive.jar-27b6d966-706e199c.zip>Beyond.class Java.Shinwow.F cannot cure C:\WINDOWS\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ archive.jar-27b6d962-376cf12e.zip>BlackBox.class Java.ByteVerify.exploit cannot cure C:\WINDOWS\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ archive.jar-27b6d962-376cf12e.zip>VerifierBug.class Java.ByteVerify.exploit cannot cure C:\WINDOWS\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ archive.jar-27b6d962-376cf12e.zip>Dummy.class Java.ByteVerify.exploit cannot cure C:\WINDOWS\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ archive.jar-27b6d962-376cf12e.zip>Beyond.class Java.Shinwow.F cannot cure C:\WINDOWS\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ Dummy.class-6e74ebaf-5f1f1ca6.class Java.ByteVerify.exploit cannot cure C:\WINDOWS\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\ ok.class-2487e7a1-320ee50b.class Java.ByteVerify.exploit cannot cure C:\WINDOWS\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\ Dummy.class-5e7a704e-1c2bd9af.class Java.ByteVerify.exploit cannot cure C:\WINDOWS\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\ javada32.exe Win32.Winshow.N cannot cure C:\WINDOWS\ vaypyq.dat Win32.Winshow.N cannot cure C:\WINDOWS\ pirctj.dat Win32.Winshow.P cannot cure C:\WINDOWS\ yjcfce.dat Win32.Winshow.P cannot cure C:\WINDOWS\ mhtsdu.dat Win32.Winshow.P cannot cure C:\WINDOWS\

#50 Micah_6:8

Micah_6:8

    Evilware Emancipator

  • Authentic Member
  • PipPipPipPipPipPipPip
  • 10,060 posts
  • Interests:Web (Perl, PHP, JavaScript, HTML) programming, CNC programming, Squashing spyware!

Posted 07 July 2004 - 08:34 PM

These I am sure you can delete:

Java.ByteVerify.exploit cannot cure C:\WINDOWS\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\
javada32.exe

Win32.Winshow.N cannot cure C:\WINDOWS\
vaypyq.dat

Win32.Winshow.N cannot cure C:\WINDOWS\
pirctj.dat

Win32.Winshow.P cannot cure C:\WINDOWS\
yjcfce.dat

Win32.Winshow.P cannot cure C:\WINDOWS\
mhtsdu.dat

I'll ask Daemon to peek in and give us an opinion.

My educated guess is that anything "uncleanable" just needs to be deleted. BUT WAIT FOR ANOTHER OPINION!!!! :)

As I understand it, virii do one of two things:

1. Attach themselves to the end of existing files (If so, the file can be cleaned).
2. The WHOLE FILE is a virus and needs deleted.

Let's see what Daemon has to say.

Good job! :thumbup:
Micah 6:8 He hath shewed thee, O man, what is good; and what doth the LORD require of thee, but to do justly, and to love mercy, and to walk humbly with thy God?

The help you receive here is free.
If you wish to show your appreciation, then you may donate to help keep us online.

Want to help others? Join the ClassRoom and learn how.

Download Hijack This! My Website: UnSpyMe!

#51 Micah_6:8

Micah_6:8

    Evilware Emancipator

  • Authentic Member
  • PipPipPipPipPipPipPip
  • 10,060 posts
  • Interests:Web (Perl, PHP, JavaScript, HTML) programming, CNC programming, Squashing spyware!

Posted 09 July 2004 - 09:59 PM

Here's something that may get rid of some of the infected files: Click on Start>Control Panel>Java Plug in>Cache, then click on "Clear". Reboot. Run the virus scan again. Post the names of all the infected files left, if possible. :)
Micah 6:8 He hath shewed thee, O man, what is good; and what doth the LORD require of thee, but to do justly, and to love mercy, and to walk humbly with thy God?

The help you receive here is free.
If you wish to show your appreciation, then you may donate to help keep us online.

Want to help others? Join the ClassRoom and learn how.

Download Hijack This! My Website: UnSpyMe!

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users