im using win98se. I think i downloaded some weird program(virus?) it's attempting to run on startup. fortunately, my firewall is keeping it from accessing the internet. it's called "nelea.exe". once i restrict it's access to the internet. it gives me the "this program has performed an illegal op..." the details are :

NELEA caused an invalid page fault in
module <unknown> at 0000:00000000.
Registers:
EAX=00000000 CS=0000 EIP=00000000 EFLGS=00000000
EBX=00000000 SS=0000 ESP=00000000 EBP=00000000
ECX=00000000 DS=0000 ESI=00000000 FS=0000
EDX=00000000 ES=0000 EDI=00000000 GS=0000
Bytes at CS:EIP:

then another window pops up
that says "runtime error 216 at 0000a430," i noticed i can make it pop up when i click on the taskbar properties/advanced.

how do i get rid of this? can anyone help? is there a way to remove this thing from my startup. i tried going to the control panel/add remove, and had no luck. i tried taking it out of the startup folder, still no luck. i also tried deleting the program itself, but windows denied me saying it was still in use. even though the error message said the program was being terminated. i even tried using xsetup to take it away from the startup (16-bit program area) but i still had no luck.

can someone please help, this thing is really annoying.

thanx


------------------
Mark Burnett is the Devil...thank goodness.

The BEST thing to do is run a virus detection program on it and be done with it. Try this link:http://housecall.antivirus.com/default.asp
The second best thing to do is go to Start/Run/type in msconfig...and hit enter.......go to the last Tab on the right and uncheck it from the start up and that will keep it from starting....hopefully http://www.PCGuide.com/ubb/biggrin.gif

------------------
"As hard as a rock & dumb as a brick"...Windows CEMeNT

Randy has nailed this one I believe...Google hits only turn up the name Nelea used in a love poem or story in several diff languages and one of them associates it with the "I Love You" virus.

------------------
Jerry

Look in the Win.ini file and see if you find this:

Run=Msrexe.exe

If you do you have the subseven trojan virus check here
http://www.hackfix.org/subseven

thanx for the help everyone, it's nice to know i can trust some strangers when it comes to computers (some of those store technicians are such a*$ho*es).

i tried the housecall site and it didnt detect a virus...it might be because i deleted some of the "nelea" files. i also tried running norton utilities/antivirus and came up with nothing.

there was no run=msrexe in the win.ini but i found a run= (path)prpmq.exe which kept coming up as an error too so i deleted that part. this prpmq isn't a normal windows file is it? i hope not.



------------------
Mark Burnett is the Devil...thank goodness.

Not that I know of. The only problem that I can think of now is that if there were any registry changes you may not be able to undo them because it would be very difficult to figure out what they should have been.

------------------
mjc
I'm making my own links list:Computer Links (http://www.fortunecity.com/skyscraper/highrise/11/index.htm)

thanx for the assist guys, that win.ini thing really helped me out. this virus is a real pain. i started deleting files that looked related to it (identical icons) and i found a whole bunch hidden in my system folder. and i found a program that keeps on re-making these deleted files after i restarted. fortunately, that stopped after i deleted that. the only other thing i did was disable the programs on msconfig (thanx for the tip).

my only problem now is my system keeps on looking for a nelea program on startup and it can't find cuz i deleted it (the path it gives is in windows/system folder). it's a minor problem now, all i have to do is find what's causing it to look for the program and stop it.

thanx a lot for the help everyone.

------------------
Mark Burnett is the Devil...thank goodness.

First .......go to Start/Settings/Task Bar & Start Menu....and hit the Start Menu programs tab......then hit "remove"(dont worry it wont remove anything until you tell it to!).....then arrow down to "Start Up" and click it to see if the offending program is in there(if it is-remove it) .......If not, the only way to stop it from trying to start @ start up is to edit the System.ini or the Win.ini or the registry.....pretty tedious stuff unless you are used to doing it.

------------------
"As hard as a rock & dumb as a brick"...Windows CEMeNT

thanx for the help guys, but randy...your the MAN!!!

the system.ini thing fixed everything. i went in there and just edited all the commands relating to the startup of nelea.

everything is fine now, thank goodness. that's the last time i execute a unknown file.

------------------
Mark Burnett is the Devil...thank goodness.

Hmmm...not often you guys miss anything, so why didn't someone think of using scanreg to replace the registry with a copy made before this happened? Are we maybe not getting enough sleep? http://www.PCGuide.com/ubb/biggrin.gif

Sorry guys, I just couldn't resist...this one was too good to pass up. http://www.PCGuide.com/ubb/smile.gif

As long as it's now working right, don't fix it!! Leave it alone.

I'm wondering if this might have been a trojan rather than an actual virus...

------------------
Eagles may soar, but weasels don't get sucked into jet engines!
Note: Please post your questions on the forums, not in my email.

Computer Information Links (http://www.geocities.com/paleopete/)

He got hit by a "cobbler", they go to web sites that show virus codes and glue two or more virus strings. Mang's trojan was a combination of NELEA and Explorer.Zip that's why it didn't execute right.