[AccessD] Viruses

William Hindman wdhindman at bellsouth.net
Sun Sep 21 03:24:21 CDT 2003


Jim

...without the CD working, you can dl a file from MS to another system ...it
creates a set of boot disks for XP Home/Pro ...six floppies ...they will get
you to a command prompt which will let you delete any file on the client
...had to do exactly that last week on a client system that had the registry
hive screwed :(

...can't recall the KB article that gave me the file but it turned up on my
first search ...HTH :)

William Hindman
So, then, to every man his chance -- to every man, regardless of his birth,
his shining golden opportunity -- to every man his right to live, to work,
to be himself, to become whatever his manhood and his vision can combine to
make him -- this, seeker, is the promise of America.
-- Thomas Wolfe



----- Original Message ----- 
From: "Jim Lawrence (AccessD)" <accessd at shaw.ca>
To: "Access Developers discussion and problem solving"
<accessd at databaseadvisors.com>
Sent: Saturday, September 20, 2003 9:38 PM
Subject: OT: [AccessD] Viruses


> Hi All:
>
> Seeing we are on the off topic subject of viruses I have one that I have
> been trying to remove.
>
> The client has an XP profession, formatted with NTFS. The worm is
> W32/Spybot-B and the key file to remove is in the system32 directory call
> tftp.exe. (What a time for their CDRom to fail.)
>
> I can not remove the file. It is locked in normal or safe mode. The worm
> process has removed access to command prompt in normal mode and it is
hidden
> and unacccessible from a Command boot disk. When checking the taskmanager,
> in safe mode, the file is not running but it still refuses to be deleted.
> (Note: cmd prompt, taskmanager, regedit and msconfig programs are render
> in-operative in normal mode.)
>
> The file is a particular problem as it will not allow any Windows Update
to
> run because the update process locks when it hits this file. I have tried
a
> variety of virus scanning and removal applications but they either ignore
it
> or fail when they hit this file.
>
> McAfees or Symantec do not even recognize this worm but Sophos Anti-Virus
> and Trend Micro  scan programs do.
>
> Any help would be greatly appreciated
> Jim
>
>
>
> _______________________________________________
> AccessD mailing list
> AccessD at databaseadvisors.com
> http://databaseadvisors.com/mailman/listinfo/accessd
> Website: http://www.databaseadvisors.com
>




More information about the AccessD mailing list