OT: [AccessD] Viruses

Jim Lawrence (AccessD) accessd at shaw.ca
Sun Sep 21 17:00:49 CDT 2003 

Thanks Carlos. That is a great idea.

Jim

-----Original Message-----
From: accessd-bounces at databaseadvisors.com
[mailto:accessd-bounces at databaseadvisors.com]On Behalf Of Carlos Alberto
Alves
Sent: Sunday, September 21, 2003 4:09 AM
To: Access Developers discussion and problem solving
Subject: Re: OT: [AccessD] Viruses


On Sat, 20 Sep 2003 18:38:35 -0700, Jim Lawrence (AccessD)
<accessd at shaw.ca> wrote:

> Hi All:
>
> Seeing we are on the off topic subject of viruses I have one that I have
> been trying to remove.
>
> The client has an XP profession, formatted with NTFS. The worm is
> W32/Spybot-B and the key file to remove is in the system32 directory call
> tftp.exe. (What a time for their CDRom to fail.)
>
> I can not remove the file. It is locked in normal or safe mode. The worm
> process has removed access to command prompt in normal mode and it is
> hidden
> and unacccessible from a Command boot disk. When checking the
> taskmanager,
> in safe mode, the file is not running but it still refuses to be deleted.
> (Note: cmd prompt, taskmanager, regedit and msconfig programs are render
> in-operative in normal mode.)
>
> The file is a particular problem as it will not allow any Windows Update
> to
> run because the update process locks when it hits this file. I have tried
> a
> variety of virus scanning and removal applications but they either ignore
> it
> or fail when they hit this file.
>
> McAfees or Symantec do not even recognize this worm but Sophos Anti-Virus
> and Trend Micro  scan programs do.
>
> Any help would be greatly appreciated
> Jim
>

Hi Jim!
A simple solution I tested with great success is to remove your HD, install
it as slave in another machine and run at least two antivirus, for example
you may run Sophos and F-prot just to be sure.
HTH,
--
**************************************
* Carlos Alberto Alves               *
* Child Neurologist                  *
* Systems Analyst/Programmer         *
* Rio de Janeiro, Brazil             *
* mailto:caa at highway.com.br          *
**************************************
_______________________________________________
AccessD mailing list
AccessD at databaseadvisors.com
http://databaseadvisors.com/mailman/listinfo/accessd
Website: http://www.databaseadvisors.com

More information about the AccessD mailing list