1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

[Resolved] VIRUS-how can you get one out safely?

Discussion in 'Virus & Other Malware Removal' started by whytwolf, Jan 27, 2002.

Thread Status:
Not open for further replies.
Advertisement
  1. whytwolf

    whytwolf Thread Starter

    Joined:
    Nov 12, 2001
    Messages:
    23
    My friend did a scan and found some viruses in her system....badtrans and [email protected]

    The badtrans added a file called kernal32.exe in her windows/system folder and the hybris added 2 files called EEALEKOK and BICFKEHE in her windows/system folder.

    She has mcaffee but didn't quarantine the files when it found them while she did a scan....now she doesn't know where they are. I could be wrong but i told her to set mcaffee up to auto quarantine any suspected virus files and then run another scan....that way they would at least be quarantined. Was that right?

    She has Windows ME...and i don't know much about ME...as i have win 98se.....she said she read that these infected files could have ruined her restore program for ME....so shes afraid to do a restore. Also...mcaffee said she would need to restore those system files but she doesn't know how to do that....she only has a 'restore disk' not the windows ME full disk....and shes afraid if she puts that in; it might format and try to reinstall ME.....and she certainly doesn't want to lose everything or try to reinstall windows....shes very new at this and doesn't know how to do that. (i'm not much better myself!) I know a little about win 98 but not ME; and am afraid of giving her wrong information....she has enough problems! :)

    Could someone please help us?

    THANKS SO MUCH!!!
     
  2. Rollin' Rog

    Rollin' Rog

    Joined:
    Dec 9, 2000
    Messages:
    45,855
    Symantec has an automatic cleaning tool for Badtrans and manual cleaning instructions if you need them. Be sure you don't delete

    kernel32.dll (note the .dll)

    http://securityresponse.symantec.com/avcenter/venc/data/[email protected]

    These files can be deleted:

    EEALEKOK and BICFKEHE

    Hybris cleaning instructions are here:

    http://www.symantec.com/avcenter/venc/data/w95.hybris.gen.html

    If the pluggin is present, there is a removal tool for that.

    The wsock32.dll needs to be replaced; you can follow the instructions on the symantec link or see this one:

    http://www.claymania.com/wsock32-extraction.html

    Your suggestion was proper. Once the files are in quarantine, the path to them should be available. They can be deleted if they are not in the "restore archive". If they are, see this:

    http://support.microsoft.com/default.aspx?scid=kb;EN-US;q263455
     
  3. whytwolf

    whytwolf Thread Starter

    Joined:
    Nov 12, 2001
    Messages:
    23
    They weren't in her restore archive.....and she was able to delete them with no problems.

    Thanks so much!
     
  4. whytwolf

    whytwolf Thread Starter

    Joined:
    Nov 12, 2001
    Messages:
    23
    I forgot to mention......she cleaned the hybris according to the instructions....everything went fine.

    She also learned how to update her dat and engine files for mcaffee! I'd been telling her she needed to do that.....so now she KNOWS HOW.....and i suspect she'll do it regular after this scare!

    Thanks again!
     
  5. Rollin' Rog

    Rollin' Rog

    Joined:
    Dec 9, 2000
    Messages:
    45,855
    Great, thanks for the follow-up -- good to hear all went well :)
     
  6. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/66654

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice