PDA

View Full Version : Help W95.Lorez.1744 virus!!!!



NegLakay
02-14-2003, 01:27 PM
Please I'd like some help to remove the W95.Lorez.1744 and the W95.Spaces.1445 viruses from my Win98 system... I tried the free version of AVG SOS Scanvirus but it doesn't clean my files... Also when I try to install the latest Norton, the virus infects the Norton files also... I already tried the freel removal tool for Spaces but the memory never get cleaned up when I restart my PC... What am I to do????


Thanks in advance...

Budfred
02-14-2003, 02:43 PM
You basically have 2 choices and you may want to use both. The first is to use another known clean system to make a set of updated antivirus floppy disks, write protect them and use them to clean your system. Make sure you write protect them or they will also be infected.

The second is to use an online scan service that provides cleaning as well. I haven't used one of these, so I don't know if they clean full blown infections or not. You can find some through mjc's security links here:

http://www.pcguide.com/vb/showthread.php?s=&threadid=15179

david eaton
02-14-2003, 02:44 PM
NegLakay
I suggest that you make a boot disc, using a KNOWN clean machine, and use the copy of norton that you already have to make a set of rescue discs, again on a known clean computer. Write protect the discs too. It should be possible to boot with the norton disk set and carry out a full scan and clean.

An alternative would be to download AVG to another machine and make a set of rescue disks from that.

Other Anti-virus applications that will fit on a floppy can be found in MJC's AV list (http://www.pcguide.com/vb/showthread.php?s=&threadid=15179) .

Hope that helps. The alternative of carrying out a full erase/overwrite/reformat of the hard drive and reinstallation of everything doesn't bear thinking about!


(Edit Budfred snuck in when I was typing!)

David

NegLakay
02-15-2003, 01:06 AM
Thank you both for your answers;
Using NAV, I followed the instructions given at Symantec's site (http://securityresponse.symantec.com/avcenter/venc/data/w95.lorez.html) but when I try to extract the kernel32 file I get the following message: "Out of memory while processing cabinet file win98_33.cab"... Why is that happening? Also, as an alternative can I copy a kernel32 file from the virus-free PC to a floppy and replace the infected file on the contaminated PC with it?


Thank you in advance...

Budfred
02-15-2003, 01:57 AM
Are you trying to replace the Kernal file from DOS or from Windoze? If you are trying to replace it from DOS and from the CD it should work and I would try it again being very careful to follow instructions to the letter. If it still doesn't work, you may want to go to the online scan since you could have more than one virus at work.

To try to load the Kernal file on a floppy, I would follow the instructions for copying it that are on the Symantec site, but I would do it on the known clean system and extract to A: rather than C:. Write protect that floppy as soon as you are done and before using it in the infected system.

NegLakay
02-16-2003, 12:08 AM
Yes Budfred! I did as you suggested and it seems to have worked except that NAV couldn't remove the W95.Spaces virus... it only remove the Lorez virus...

Also I have a bunch of files with the extension RBx where x represent a number... they all seem to be infected by the W95.Spaces virus... any suggestion? Can I safely delete these files?


Thanks!

Budfred
02-16-2003, 12:30 AM
I imagine that you can, but I don't know for sure, so I would urge you to do some more research on it first. Also, if you haven't removed the virus yet and delete those files, it probably won't help in the long run.

When you say you followed my suggestions, does that include running an online scan and/or using a write protected set of floppies set up on a clean machine?? If you haven't done this, I would make that the first priority. Again, if you have one virus, you may have more; if you have 2, the chances are even greater that you could have some other garbage in there. Your choices are either to very carefully scan as deeply as you can or to wipe the system and start over. If you don't have any files on there that you don't really need, a wipe and reinstall may actually be your best bet.

NegLakay
02-17-2003, 09:12 PM
Your choices are either to very carefully scan as deeply as you can or to wipe the system and start over. If you don't have any files on there that you don't really need, a wipe and reinstall may actually be your best bet.

Yeah, I ended up doing a wipe clean and reinstall the OS... my most important files were backed up fortunately.
Just to answer your question: I did both NAV and online scan... the online scan said it remove the virus but when I restart the PC, NAV said it detected the same virus in the same files again and it was getting annoying... so I decided to wipe everything (save time and hassle!)...

But I went and made some research on the viruses in question: the problem with them is that they attack every exe file you have running on the PC that's why systray,exe explorer.exe were infected and the PC would load but with many errors... plus the file seemed to eat my RAM...

Anyway, everything looks fine now and I'm back up and running...

Thank you for your help