Joined: 14 Sep 2002
Location: Ontario Canada
|Posted: Thu Jan 23, 2003 8:59 pm
Post subject: how to clear up the w32.weird virus quickly and easily.
|PLEASE... if you are too lazy and don't wanna read all this PLEASE SCROLL TO THE BOTTOM AND READ THE **PROBLEMS I HAVE** PARTS. Im hoping SOMEBODY can help me.
well, i spent about 4 hours trying to get it off my mom's friend's computer.
here's what happens...
You download the virus, it erases the Internet explorer icon off your desktop and replaces it with a mock icon. Opening this mock icon exicutes the virus. From there it corruptes most (if not all) files on your computer.
here are the basic steps to remove the actual virus
(please note i have Norton antivirus, but any should work)
|. Insert a clean DOS floppy disk or Windows Startup disk into the floppy disk drive, and restart the computer.
2. At the prompt type the following two commands, pressing Enter after each one:
dir *.exe /a:h
All .exe files in the \Windows folder that have the hidden attribute are displayed.
NOTE: If Windows is installed in a different location, make the appropriate substitution when typing the first command.
3. Look for a file with a size of 10,240 bytes. The name of the file is generated by taking the computer name on the infected system and changing some of the characters. Write down the name of this file.
4. Type the following, and then press Enter after each one:
attrib <file name from step 3> -h
del <file name from step 3>
5. Type the following two commands, pressing Enter after each one:
6. Restart the computer.
7. Start Norton AntiVirus, and run LiveUpdate.
8. Run a full system scan. Attempt to repair any files that are infected with W32.Weird. If they cannot be repaired, you must delete them and restore them from a clean backup copy, or reinstall the deleted file.
NOTE: If NAV reports that it cannot delete an infected file, you must shut down the computer, turn off the power, and wait 30 seconds. Then restart the computer in Safe mode and run the scan again. All Windows 32-bit operating systems except Windows NT can be restarted in Safe mode. For instructions on how to do this, read the document How to start the computer in Safe Mode.
taken from http://securityresponse.symantec.com/avcenter/venc/data/w32.weird.html
That should remove the actual virus. That is the easy and quick part, now comes the long, somewhat hard part.
The site claims that the virus attacks .exe files. Actually, it affects the .exe files by wiping out any info in the autorun file so no icons have a link :O.
there are 2 ways to do this. One you can do without losing files.
1) *Keep all files* (takes more time, but no deletion of important files)
To clean this up, find the target of the icon you are trying to locate and then copy it (or write it down).
Next double click on the icon. Select "LOCATE" and paste in the full directory of the icon (INCLUDING THE icon.EXE part)
if that doesnt work, remove the icon.EXE part
Do that to all vital files that you figure you use most.
**PROBLEMS I HAVE AND NEED HELP**
A lot of files require the run32.dll which is fine, but i'm not totally sure how to link them up becuase it says "RUN32.DLL", moreinfo.dll... but im not sure what to do there. anybody help me?
2) Quick, easy, LOSE ALL FILES
Simply remove windows and re-install it.
**PROBLEMS I HAVE AND NEED HELP WITH**
I have never done this, but i have a bad feeling im gonna have to. If anybody has ever done this please help me out and tell me how. thx
I hope this has been informative.
Thx to all who read all this and helped me