1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

I-worm stator

Discussion in 'Virus & Other Malware Removal' started by ginnywinnieb, Feb 27, 2002.

Thread Status:
Not open for further replies.
Advertisement
  1. ginnywinnieb

    ginnywinnieb Thread Starter

    Joined:
    Sep 28, 2001
    Messages:
    65
    I opened my computer up to the detrement of having this awful worm. I have lost 57 files and cannot get the computer to allow me to restore them. HELP! How can I fix this. I am dying here and need my computer to work with.
    Thanks,
    Kristi
     
  2. Rollin' Rog

    Rollin' Rog

    Joined:
    Dec 9, 2000
    Messages:
    45,855
    Wow, this is a really tough one. There are instructions here from symantec:

    http://www.symantec.com/avcenter/venc/data/[email protected]

    The first thing I would try is to restore a prior registry. If it works, it will save you the difficult task of manual registry editing.

    Which version of Windows do you have? For Win98, do this:

    >> press and hold the ctrl key on startup to access the "startup menu". Choose the "command prompt" option. At the c:\> prompt enter:

    scanreg /restore

    use the arrow keys to select a started registry prior to the infection, don't try to restore the very oldest (5th), just select from the ones you see.

    If you have WinME, boot with a WinME startup disk (select Minimum boot).

    At the a:\> prompt, remove the boot disk and enter:

    c:
    cd windows\command
    scanreg /restore
     
  3. ginnywinnieb

    ginnywinnieb Thread Starter

    Joined:
    Sep 28, 2001
    Messages:
    65
    Thanks for replying.
    I cannot access startup with the control key like to said. It is giving me a message, "Keyboard error"
     
  4. ginnywinnieb

    ginnywinnieb Thread Starter

    Joined:
    Sep 28, 2001
    Messages:
    65
    I forgot to mention that I am running windows 98
     
  5. Rollin' Rog

    Rollin' Rog

    Joined:
    Dec 9, 2000
    Messages:
    45,855
    Try tapping the f8 key repeatedly instead. If that fails, use a Win98 boot disk and follow the same instructions as for the WinME version.
     
  6. ginnywinnieb

    ginnywinnieb Thread Starter

    Joined:
    Sep 28, 2001
    Messages:
    65
    I tried what you said and it let me restore only twice. It is still the same way that it was. I have my norton rescue disks to use, but everytime that I try to open something in them, it gives me the message that it cannot find load.pe. If I try to open a readme file, it says it cannot find the file notepad.exe.
    .
     
  7. ginnywinnieb

    ginnywinnieb Thread Starter

    Joined:
    Sep 28, 2001
    Messages:
    65
    Sorry,
    It is loadpe.com
     
  8. Rollin' Rog

    Rollin' Rog

    Joined:
    Dec 9, 2000
    Messages:
    45,855
    The registry restore was not able to provide you with a registry predating the infection.

    You are going to have to read and follow step by step the instructions in the Symantec link for manuall editing the registry and renaming the files that were renamed by the worm.

    Start with the section on Editing the registry and work your way down. I hope you have a second computer to work with, it might help to print out the instructions if you can.

    If you can download the copy of exefix08.com from this site and run it, it may allow you to run Norton without that error.


    http://home.earthlink.net/~rmbox/Reticulated/Only_IE.html
     
  9. ginnywinnieb

    ginnywinnieb Thread Starter

    Joined:
    Sep 28, 2001
    Messages:
    65
    It allowed me to access most of my programs, but there are still some files missing. I made some backup disks for norton and have one in the drive right now. I chose rescue, but it is giving me a message that it took a "snapshot" of my computer and that now it no longer matches my computer. Should I continue with this or should I not.
     
  10. Rollin' Rog

    Rollin' Rog

    Joined:
    Dec 9, 2000
    Messages:
    45,855
    ginny I'm not familiar enough with Norton to know what that "snapshot" refers to. If this is the registry, I would have it do the restore. Hopefully the "snapshot" is not too old.

    Were you able to get through the registry edit as detailed in the link -- and to restore the "renamed" files by naming them back?

    What files are "missing"? If they are Windows files they can be restored using the System File Checker. If not, then it depends on how they were created and what programs they were associated with.

    I'm going to be offline for a few hours, so I can just wish you luck for now. Keep us posted.
     
  11. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Similar Threads - worm stator
  1. keithcowden
    Replies:
    1
    Views:
    264
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/70643

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice