Carlos Alberto Alves
caa at highway.com.br
Sun Sep 21 06:09:10 CDT 2003
On Sat, 20 Sep 2003 18:38:35 -0700, Jim Lawrence (AccessD) <accessd at shaw.ca> wrote: > Hi All: > > Seeing we are on the off topic subject of viruses I have one that I have > been trying to remove. > > The client has an XP profession, formatted with NTFS. The worm is > W32/Spybot-B and the key file to remove is in the system32 directory call > tftp.exe. (What a time for their CDRom to fail.) > > I can not remove the file. It is locked in normal or safe mode. The worm > process has removed access to command prompt in normal mode and it is > hidden > and unacccessible from a Command boot disk. When checking the > taskmanager, > in safe mode, the file is not running but it still refuses to be deleted. > (Note: cmd prompt, taskmanager, regedit and msconfig programs are render > in-operative in normal mode.) > > The file is a particular problem as it will not allow any Windows Update > to > run because the update process locks when it hits this file. I have tried > a > variety of virus scanning and removal applications but they either ignore > it > or fail when they hit this file. > > McAfees or Symantec do not even recognize this worm but Sophos Anti-Virus > and Trend Micro scan programs do. > > Any help would be greatly appreciated > Jim > Hi Jim! A simple solution I tested with great success is to remove your HD, install it as slave in another machine and run at least two antivirus, for example you may run Sophos and F-prot just to be sure. HTH, -- ************************************** * Carlos Alberto Alves * * Child Neurologist * * Systems Analyst/Programmer * * Rio de Janeiro, Brazil * * mailto:caa at highway.com.br * **************************************