[AccessD] Viruses

Bob Gajewski rbgajewski at adelphia.net
Sat Sep 20 20:48:43 CDT 2003


Jim

Off-the-wall suggestion, but have you tried running an AUTOEXEC.BAT file ?

***********************************************
@echo off
attrib c:\windows\system32\tftp.exe -a -h -r -s
del c:\windows\system32\tftp.exe /y
***********************************************

Stranger things have worked before ....

Regards,
Bob Gajewski


-----Original Message-----
From: accessd-bounces at databaseadvisors.com
[mailto:accessd-bounces at databaseadvisors.com]On Behalf Of Jim Lawrence
(AccessD)
Sent: Saturday, September 20, 2003 21:39
To: Access Developers discussion and problem solving
Subject: OT: [AccessD] Viruses


Hi All:

Seeing we are on the off topic subject of viruses I have one that I have
been trying to remove.

The client has an XP profession, formatted with NTFS. The worm is
W32/Spybot-B and the key file to remove is in the system32 directory call
tftp.exe. (What a time for their CDRom to fail.)

I can not remove the file. It is locked in normal or safe mode. The worm
process has removed access to command prompt in normal mode and it is hidden
and unacccessible from a Command boot disk. When checking the taskmanager,
in safe mode, the file is not running but it still refuses to be deleted.
(Note: cmd prompt, taskmanager, regedit and msconfig programs are render
in-operative in normal mode.)

The file is a particular problem as it will not allow any Windows Update to
run because the update process locks when it hits this file. I have tried a
variety of virus scanning and removal applications but they either ignore it
or fail when they hit this file.

McAfees or Symantec do not even recognize this worm but Sophos Anti-Virus
and Trend Micro  scan programs do.

Any help would be greatly appreciated
Jim



_______________________________________________
AccessD mailing list
AccessD at databaseadvisors.com
http://databaseadvisors.com/mailman/listinfo/accessd
Website: http://www.databaseadvisors.com




More information about the AccessD mailing list