GAMEBOOMERS provides you with all the latest PC adventure computer games information, forum, walkthroughs, reviews and news.
GB Reviews Latest & Upcoming Adventure Games GB Annual Game Lists GB Interviews

BAAGS

GB @ acebook

GB @ witter

About Us
Walkthroughs free games galore Independent Games World of Adventure Patches Game Publishers & Developers GameBoomers Store
Big Fish Games Homepage    
Page 2 of 4 < 1 2 3 4 >
Topic Options
#135648 - 05/02/04 10:31 AM Re: Need help with a virus
burpee Offline
Addicted Boomer

Registered: 12/14/00
Posts: 4516
Loc: North aurora IL
I'm ready to cry after reading this post.

I just got back from a week's vacation and checked my email and visited my 3 favorite sites. While responding to an email I got the NT authority system [url=C://windows/system32/lsass.exe][url=C://windows/system32/lsass.exe][url=C://windows/system32/lsass.exe]C://windows/system32/lsass.exe[/url][/url][/url] shutdown message. I can't be on the internet long enough to fix anything. Right now I'm on my old W98.

I've have visted this Symantec site:
http://securityresponse.symantec.com/avcenter/venc/data/backdoor.irc.ratsou.b.html

I don't know if this is the same thing.

QUESTION: how do I get into the Host file area? Is doing that so that the virus checker will work? Would I need to do that if my McAfee is working ok?

Top
#135649 - 05/02/04 10:45 AM Re: Need help with a virus
looney Offline
Addicted Boomer

Registered: 03/05/02
Posts: 3004
Loc: USA
If you know which files to delete, try booting XP in safe mode by pressing the f8 key when windows first starts to load. It may not load the virus in memory in this mode.
_________________________
Banana phone!

Top
#135650 - 05/02/04 05:05 PM Re: Need help with a virus
Jema Offline
Adept Boomer

Registered: 09/11/02
Posts: 13648
Loc: Virginia
Jen in Chgo,

Click Here to read about how to disable/enable System Restore in XP.

Disabling it will purge all your restore points. Then, when you enable it, it begins monitoring your system again.

If scannow didn't ask you to insert your install disk, I would think that means it didn't find any files that needed to be repaired/replaced. I'm not familiar with scannow, so maybe lasanidine can tell you if that's true.

wave Jema
_________________________
Wouldn't that jar your mustard!

Top
#135651 - 05/02/04 05:40 PM Re: Need help with a virus
Jema Offline
Adept Boomer

Registered: 09/11/02
Posts: 13648
Loc: Virginia
burpee,

The Hosts file can be used to list sites the user doesn't want to connect to. Unfortunately, it is also used by certain viruses/worms to prevent the user from connecting to any site of its choice - including all or most of the sites that have anything to do with virus protection.

looney's suggestion to reboot into Safe Mode is a good one. I've never tried it but it may be that if your computer is infected and your antivirus software won't work in Standard Mode, it will in Safe Mode.

To find the Hosts file, click on Start, go to Find and click on Files and Folders. In the Named field type Hosts, make sure Look in has your primary drive and that Include subfolders is checked, and then click on Find now.

Open the Hosts file in Notepad (making sure always use this program is unchecked). Once you delete the offending entries, save the file and close Notepad. If theres's more than one Hosts file, do the same thing for each of them.

wave Jema
_________________________
Wouldn't that jar your mustard!

Top
#135652 - 05/02/04 06:28 PM Re: Need help with a virus
Hagathaone Offline
Shy Boomer

Registered: 05/01/04
Posts: 19
As per last night's post I have downloaded the files, unzipped the pattern file and run the scan. I have AGOBOT.HM on my computer as well as a SASSER variant. The Virus scan did not remove either of them although it found them and I had it set to automatically remove them. I have tried it over and over; probably a dozen times. The scan will tell me that I haveno infected files but the next time I turn on my computer it's all back again.

I have deleted the "HOSTS" files about thirty times now, as well as running the scan.

My recycle bin is now called "Norton Protected Recyle Bin" and I can not empty it. If I click on it either on Desk Top or in Explorer my computer freezes.


I do note that the scan I downloaded last night, as well as today's update, do not list AGOBOT. with the .HM extension.

The first couple of times I ran the scan It seemed to think it had deleted AGOBOT. But now when I run it the log does not show any deletions even though it sayd it has detected 82 files. I am running it to automatically delete anything it finds.

Basically,nothing has worked so far.

Do I have any other options?

Top
#135653 - 05/02/04 06:40 PM Re: Need help with a virus
burpee Offline
Addicted Boomer

Registered: 12/14/00
Posts: 4516
Loc: North aurora IL
Hagathaone, I am so sorry for your troubles. I just can't fathom why someone finds this so amusing...to hurt other people for no good reason. Would they do this to their own mother or father?

I was able to restore to a previous save point, reconnected to the web, McAfee updated and as soon as it finished I got off. A McAfee warning popped up on my desktop saying that it detected and deleted a W32/sasser.worm.b to complete the clean process. Said it was in [url=C://windows/system32/31869_up.exe][url=C://windows/system32/31869_up.exe][url=C://windows/system32/31869_up.exe]C://windows/system32/31869_up.exe[/url][/url][/url] and [url=C://windows/avserve2.exe.][url=C://windows/avserve2.exe.][url=C://windows/avserve2.exe.]C://windows/avserve2.exe.[/url][/url][/url]

It asked if I wanted to scan and I said yes. It found 14 files and deleted them. It then popped up with another warning saying the same virus but in systemvolume/info/_restore. It asked if I wanted to run the scan but the first one was already running so I said NO. Should I have said yes? Do I need to do anything else?

Jema, thanks for explaining the HOSTS location process.

Top
#135654 - 05/02/04 07:17 PM Re: Need help with a virus
infernoj13usa Offline
The Radiant Moderator Staff Reviewer
BAAG Specialist

Registered: 06/07/02
Posts: 5766
Loc: FT. Worth ....Where the West b...
is Hagatha and Hagathaone the same Boomer?

Inferno
_________________________
Watching: Dark Shadows
Reading: Angelique's Descent
Playing: WoW and living in Kil' Jaeden

Top
#135655 - 05/02/04 07:57 PM Re: Need help with a virus
Hagathaone Offline
Shy Boomer

Registered: 05/01/04
Posts: 19
Yes. I am using my partner's computer and couldn't remember my password, it's been so long since I registered. And he (my partner) needs a new keyboard, I see!

I've given up, basically. I don't think anyone can help me - the Recycle bin is probably the reason nothing is working for me because I can't really delete anything. And nobody else seems to have heard about this particular problem. Nothing has worked as it is supposed to, and I have lost my entire weekend (a nice touch after a 70-hour week and just before another one).

Yesterday I bought another computer for games which will never be connected to the Internet. When I have my other system fixed I'm putting Win 98 back on because it's less of a target. When I know my system is clean I'll download patches, updates and the like and burn a cd of them for my new computer.

You really have to wonder what's wrong with people that they get a rise out of this kind of mindless abuse of innocent bystanders. Then again, I don't hold out a whole lot of hope for the human race, anyway.

Top
#135656 - 05/02/04 08:11 PM Re: Need help with a virus
infernoj13usa Offline
The Radiant Moderator Staff Reviewer
BAAG Specialist

Registered: 06/07/02
Posts: 5766
Loc: FT. Worth ....Where the West b...
NO......No.......no! Don't give up... I'm working on it.
Hagatha... Take a break... Mix up a pitcher up Margaritas and drink one for me while your at it. (I'm not allowed to take alcohol because of the "Grave's" but you can drink one for me, I'm only allowed to write about it.)

Give me about an hour and then check back here. Do nothing to your XP just yet. There's got to be a way to fix it... we'll find it. Check back here for updates. I know your upset but remember this if nothing else; I'm here for you and so are all the other Boomies reading and watching this thread as well as your other one. We're all holding your hand.

We'll get through this.......together.


Inferno
_________________________
Watching: Dark Shadows
Reading: Angelique's Descent
Playing: WoW and living in Kil' Jaeden

Top
#135657 - 05/02/04 08:48 PM Re: Need help with a virus
Jenny100 Offline
GB Reviewer Glitches Moderator
Sonic Boomer

Registered: 10/24/00
Posts: 35471
Loc: southeast USA
Sasser seems to be a new worm that struck this weekend.
Yahoo news has a story on it.

Microsoft has this to say about the Sasser worm.
http://www.microsoft.com/security/incident/sasser.asp

Microsoft's tool to remove Sasser is here .

To protect yourself from future infections, get the Microsoft security update here
http://www.microsoft.com/technet/security/bulletin/ms04-011.mspx

Top
#135658 - 05/02/04 09:19 PM Re: Need help with a virus
infernoj13usa Offline
The Radiant Moderator Staff Reviewer
BAAG Specialist

Registered: 06/07/02
Posts: 5766
Loc: FT. Worth ....Where the West b...
Ok, Hagatha ....The Battle begins:

First I want to see if you can do this:

Do not restart the computer just yet.

The reason why your Norton antivirus isn't making thing better right away is because this worm attacks it and renders it useles.... but we'll fix that.
Your Recycle bin has been changed to
"Norton Protected" because there are files in it which have certain extenstions to them which are listed in your Norton Program by default.

Can you open up your Norton program at all?

They would be located in: Options/exclusions

Norton defaults to protect these:
*.nch
*.dbx
\system volume information.

The worm didn't create the Norton Protected...that's you antivirus trying to protect you system files. It takes over your recycle bin when your system is being attacked.

... More to Come in a minute.

Inferno
_________________________
Watching: Dark Shadows
Reading: Angelique's Descent
Playing: WoW and living in Kil' Jaeden

Top
#135659 - 05/02/04 09:25 PM Re: Need help with a virus
Hagathaone Offline
Shy Boomer

Registered: 05/01/04
Posts: 19
Hahahahahahahahahahah

Too bad I don't drink.

Actually,it's not every day I convince myself of the need for a spanking new, kick-butt second computer. And dang, does my dear partner ever need a new keyboard! I'll have to pick one up when I pick up the new screamer (it better scream or I will - a custom job).

I was able to open Safe Mode (XP for Dummies to the rescue) and open the Recyle bin - it contains about 50 copies of AGOBOT and SASSER (all of the ones I have "deleted")

I see that the Recycle bin can be returned to normal, however. Other than the fact that I can't do anything with it in anything but Safe Mode. Still, that makes me feel better. At least SOMETHING worked.

I actually have resigned myself to a complete reinstall on my computer. But if there's a couple of other things I can do, I'll try them.

This all started with me not being able to install a game because of the copy protection, and turning off Norton, and then going on the Internet for about 30 seconds before I remembered. The problems started shortly thereafter. And SASSER got into my system while I was on the 'net getting the AGOBOT scan. So the moral of the story is - if you have to disable Norton to install a game properly because of the copy protection, return the game for a refund and send a nasty note to the developer.

Top
#135660 - 05/02/04 09:35 PM Re: Need help with a virus
infernoj13usa Offline
The Radiant Moderator Staff Reviewer
BAAG Specialist

Registered: 06/07/02
Posts: 5766
Loc: FT. Worth ....Where the West b...
Preparing the field:

I'm happy to see that you are in better spirits. By the time we're finished ...you will be an expert and people from all over the world will be clamoring for your words of wisdom on the subject.

I'm glad that you've discovered what Safe mose is. To properly get rid of any virus in XP you must always use it. Go to the sites below and read. This will help you to understand what just happened to you 'puter.

Go here:
Read everything carefully ...miss nothing and take notes.

Removing the Norton Protected Recycle Bin

How to Exclude Files From the Protected Files Bin


MS SUpport article:Cannot Delete Any Files in Windows

Inferno
_________________________
Watching: Dark Shadows
Reading: Angelique's Descent
Playing: WoW and living in Kil' Jaeden

Top
#135661 - 05/02/04 09:47 PM Re: Need help with a virus
infernoj13usa Offline
The Radiant Moderator Staff Reviewer
BAAG Specialist

Registered: 06/07/02
Posts: 5766
Loc: FT. Worth ....Where the West b...
You'll have to begin again. If your in safe mode now, stay there. Do not reboot. In the meantine use the other computer for your access to the internet. and find some 3.5 floppies while your at it.

go here and download this fix to the floppy.
Make sure your label it, so'll you'll be able to find it,, when you need it. Make sure that you download from the uninfected computer not the XP.

DOS AGOBOT.HM and a SYSHOST new .zip

Inferno
_________________________
Watching: Dark Shadows
Reading: Angelique's Descent
Playing: WoW and living in Kil' Jaeden

Top
#135662 - 05/02/04 09:54 PM Re: Need help with a virus
infernoj13usa Offline
The Radiant Moderator Staff Reviewer
BAAG Specialist

Registered: 06/07/02
Posts: 5766
Loc: FT. Worth ....Where the West b...
The DOS in AGOBOT means "Denial of Services"
that why you can't get to Norton's site... especially about this subjectGezzlouise....whoever created this is really smart.....their punishment shoould be that they have to create a noninfected patch for "Amber"... and then have all thier little fingers broken and be forced to play "The Scroll" with their nose!

INferno

heeheehee Inferno smiles and winks wickedly at her GB Buddy, Hagatha*

Inferno
_________________________
Watching: Dark Shadows
Reading: Angelique's Descent
Playing: WoW and living in Kil' Jaeden

Top
Page 2 of 4 < 1 2 3 4 >


Who's Online
Key: Admin Global Mod Mod Staff  )
10 registered (Space Quest Fan, BrownEyedTigre, Volkana, dorish, shroeder, Marian, Sondi, family, GBC, judith), 95 Guests and 13 Spiders online.
Newest Members
Cabb, Veilant, tookiebgirl12, Adam_B, Polikolp
8542 Registered Users