SirCam still lurking?

I thought I had got rid of SirCam but strange things are happening. First I couldn't connect to the internet at all. AOL reinstalled the access numbers since when the connecting speed is a third of what it used to be. (45333bps against 115K) Next, when double-clicking on My Computer I get this message:
- Explorer -
An error has occurred in your program. To keep working anyway click Ignore and save your work in a new file. To quit this program click Close. You will lose information you entered since your last Save.

The same happens when I click Start/Settings/Control Panel.

On clicking Close I get this error message:
Explorer caused a general protection fault in module GDI.EXE at 0027:000005al.
(Plus various registers and stack nos.)

My Dell puter runs on Windows 98SE, 128 memory, my ISP is AOL.

Any thoughts on what's causing this? Any advice gratefully received.

PS: Scandisk found nothing wrong, and both Scandisk and Defrag seem to work perfectly.


[This message has been edited by Pianorak (edited 08-03-2001).]

Still not sure of what all your errors are but I've got one quick question?

What kind of internet connection do you have...dial up or what?


------------------
mjc
Links list:Computer Links (http://www.dreamwater.org/tech/mjc/index.htm)

Celts are the men that heaven made mad, For all their battles are merry and their songs are all sad.

Gun Control...hitting what you aim at!

115K is not your connection speed, that's the speed your modem communicates with the rest of the machine. The 45,333 is more likely your actual connection speed.

First thing I'd try for the errors is scanreg. Usually illegal operation errors can be traced back to either memory or a program trying to grab memory already allocated to another program. with a recent virus being part of the picture, it may be that registry entries are corrupted.

Boot to a DOS Command Prompt, (use the [F8] key during boot) and try

scanreg_/restore using a space in place of the underscore used here. See if you have a registry backup made before the virus was activated.

scanreg_/fix might repair registry damage if you don't have a usable backup.

------------------
YOU! Out of the gene pool!
Note: Please post your questions on the forums, not in my email.

Computer Information Links (http://www.geocities.com/paleopete/)

mjc - quick reply: dial-up via internal modem.

Later: things are going from bad to worse: MS Word is now inaccessible with this error message: WINWORD caused a general protection fault in module GDI.EXE at 0027: 00005al. (plus various Registers and Stacks)

I also got another "illegal operation message": WAOL caused an invalid page fault in module USER.EXE at 0011: 0000095f. (plus various Registers and stacks)

Later: Have just run McAfee antivirus program which tells me that I have got the two following infected files:
C:\Windows\System\sc1.dll
C:\Windows\System\scd.dll

and this virus: W32/SirCam.dat

McAfee suggestion: delete and replace with uninfected copy. However, for the time being I have put them in Quarantine. Should I have uninfected copies on the Windows 98SE installation CD?

Later still: Having quarantined the files Control Panel is again accessible, but MS Word remains inaccessible.

[This message has been edited by Pianorak (edited 08-04-2001).]

[This message has been edited by Pianorak (edited 08-04-2001).]

[This message has been edited by Pianorak (edited 08-04-2001).]

[This message has been edited by Pianorak (edited 08-04-2001).]

Later: Decided to download symantec's W32.Sircam.Worm@mm Removal Tool which seems to have done the trick: Result: One file deleted; one registry key fixed.

Hopefully this will be the end of this sorry tale.

Computer is again running at its usual speed. Long may it last.

Conundrum

The McAfee antivirus programme discovered these two infected files:
C:\Windows\System\sc1.dll
C:\Windows\System\scd.dll

After running the Symantec W32.Sircam.Worm@mm Removal Tool "successfully" I got this message:
Number of deleted files: 1
Number of registry keys fixed: 1

Is it likely that one of the two files is still harbouring theW32 virus, and if so which one?

Hi there pianorak, i wonder if you could post the address, that you got the sircam remover from could you. thanks in advance, and good luck with your problem:)

Sorry, but am unable to locate the precise address at the moment. But log onto Symantec and look for "Symantec W32.Sircam.Worm@mm Removal Tool". (Use google search engine to find symantec). Hope this helps and good luck.

here ya go Bumty:www.symantec.com

[This message has been edited by YODA74 (edited 08-23-2001).]