uh-oh http://www.PCGuide.com/ubb/eek.gif

in connection with this (http://www.pcguide.com/ubb/Forum8/HTML/000372.html) post, it appears that I have this virus (http://support.microsoft.com/support/kb/articles/q242/1/91.asp).

I have most of the symptoms.

Just goes to show, no matter HOW carefull you are.......anything can and will happen.

I have obtained and run the "fix"- to no avail.

wonder if anything on my HDD is safe enough to save or will everything be infected?

this "fix" was supposed to get rid of it completely, but I'm still getting the errors- so it is looking more like a Full Restore.

any thoughts??


------------------
sea1_69@hotmail.com

homepage (http://www.seanweb1.homestead.com/3.html)


[This message has been edited by sea69 (edited 09-01-2001).]

I seen somthing about this now i can't remember where not good http://www.PCGuide.com/ubb/frown.gif
you know more about this stuff than i. But i will say back when i was in the military before Internet our exchanging files is the only way you could pass viruses . i think i would down load all my files and i know there is a way to do this use three or four different anti virus checkers in a series and clean clean clean i wish i could remember how they actually had done this. I hate i can't help man, damn Viruses And the people that make them. good luck. http://www.PCGuide.com/ubb/mad.gif

thanks for the reply.

I also wonder if it is very bad to not close the window that says 'explorer has caused an....will be closed...'

I am not clicking on "Close", just continueing to do whatever I'm doing.

Is this bad for the machine I wonder??

------------------
sea1_69@hotmail.com

homepage (http://www.seanweb1.homestead.com/3.html)




[This message has been edited by sea69 (edited 09-01-2001).]

More on W95.MTX from Symantec (http://www.symantec.com/avcenter/venc/data/w95.mtx.html). Looks like a nasty one...

Boot Disk (http://www.bootdisk.com) should have a copy of F-prot that fits on a floppy, it should be able to spot that one, being a year old.

Have you tried using an emergency rescue disk for your virus scanner? The only way you can deal with this one is with a clean boot floppy of some kind, if you boot to the hard drive at all it will run itself. It also looks for antivirus programs, and won't let them run...

Sounds like you got yourself a mess...hope the Symantec page has enough info...

------------------
Support the right to keep and arm bears.
Note: Please post your questions on the forums, not in my email.

Computer Information Links (http://www.geocities.com/paleopete/)

Eventually it will lockup and you WILL need to reboot....but until then you should be ok (well sort of...)

------------------
mjc
Links list:Computer Links (http://www.dreamwater.org/tech/mjc/index.htm)

Celts are the men that heaven made mad, For all their battles are merry and their songs are all sad.

Gun Control...hitting what you aim at!

Did you run the Symantec fix? This PCHell how-to (http://www.pchell.com/virus/mtx.shtml) is one of the more complete listings of cleanup steps.


------------------
reido@my-deja.com

Friends don't let friends install Windows ME



[This message has been edited by Reid (edited 09-01-2001).]

seems like a real mess alright.

yes, I ran the fix from safe mode in a DOS box, complete power off, not restart, as instructed.

same stuff happening.. running ok.. just ignored the (blabla will be closed) box.

was wondering what that extra HDD activity was going on with nothing open sometimes.

very clever virus.

wonder exactly what possible happiness this could bring to someone ??

I guess I'm wondering about my mp3 files and some other things I would like to save.. and some of my word and home publihsing, and web (cgi-bin).

think these will be ok to copy to CD and put back in ??

after all, it has been over a year, don't most reformat (win9x) every 4 to 6 months??

heh


------------------
sea1_69@hotmail.com

homepage (http://www.seanweb1.homestead.com/3.html)


[This message has been edited by sea69 (edited 09-01-2001).]

I think it would be OK save your files and reload them after your system is restored and you are running real-time virus protection.

------------------
reido@my-deja.com

Friends don't let friends install Windows ME

that's what I was thinking (and hoping to hear)

thanks Reid.

any other thoughts??



------------------
sea1_69@hotmail.com

homepage (http://www.seanweb1.homestead.com/3.html)


;)~

If it were to happen to me, I'd probably expect to do a fresh install with this particular virus/worm/trojan.

My current backup scheme is to save Ghost images to a removeable drive, so recovery is quick. I don't mind a reload to make Windows run better, but downloading updates is a pain.

------------------
reido@my-deja.com

Friends don't let friends install Windows ME

I agree, and now that I know how to (unlike when I 1st got this machine)- after I use the Recovery CD, I will do just that.

one thing that makes me wonder.

How long has this thing been in here ??

I remember, about at least 2 months ago my innoculate would no longer go to update automatically, I had to do it manually, but the updates seemed to work.

so much for innoculate.

mcafee, I have (but do not run @ startup-) only virus scans weekly (I thought it was updated longer than every (2) weeks.)

currently, mcafee's (definitions) date is aug 29th 20001, so what's up w/ that??

*puff*

http://www.PCGuide.com/ubb/wink.gif

------------------
sea1_69@hotmail.com

homepage (http://www.seanweb1.homestead.com/3.html)




[This message has been edited by sea69 (edited 09-02-2001).]

It looks like the original outbreak was reported about a year ago, so I wonder too where it has been hiding out if it did not come in recently on an e-mail.

If I read correctly, your infected system may have sent out attachments with your e-mails, so you may want to warn people that you have written to.

------------------
reido@my-deja.com

Friends don't let friends install Windows ME

Originally posted by Reid:
It looks like the original outbreak was reported about a year ago, so I wonder too where it has been hiding out if it did not come in recently on an e-mail.

If I read correctly, your infected system may have sent out attachments with your e-mails, so you may want to warn people that you have written to.




I hope not !!!!

anyone recieve any attachments from me??

(that weren't intentional??)

?

http://www.PCGuide.com/ubb/eek.gif http://www.PCGuide.com/ubb/eek.gif


------------------
sea1_69@hotmail.com

homepage (http://www.seanweb1.homestead.com/3.html)


;)~

Some of these little buggers wrap themselves onto a particular type of file. You may want to do a find and search for any instances of the virus name.

If you go into regedit under run command, you can also search to see where the little guy is hiding in your registry. Good Luck.

------------------
Of all the things from my youth that I miss, I miss my mind the most.

[This message has been edited by biggmc01 (edited 09-02-2001).]

Good idea, Biggmc01. This DataFellows (http://www.datafellows.com/v-descs/mtx.shtml) link tells what text strings are in the various components.

------------------
reido@my-deja.com

Friends don't let friends install Windows ME

No, if I did I would have let you know about it.......

Hey could that last machine you were working on have been the source? The one with the HDD prob (the PB from Hell)?


------------------
mjc
Links list:Computer Links (http://www.dreamwater.org/tech/mjc/index.htm)

Celts are the men that heaven made mad, For all their battles are merry and their songs are all sad.

Gun Control...hitting what you aim at!

Originally posted by mjc:
Hey could that last machine you were working on have been the source? The one with the HDD prob (the PB from Hell)?




no, I never transfer files from unlocked disks from other machines to mine.



------------------
sea1_69@hotmail.com

homepage (http://www.seanweb1.homestead.com/3.html)


;)~

Just a thought......

------------------
mjc
Links list:Computer Links (http://www.dreamwater.org/tech/mjc/index.htm)

Celts are the men that heaven made mad, For all their battles are merry and their songs are all sad.

Gun Control...hitting what you aim at!

update:

looked for listed registry keys regarding this virus. (none found)

results of "fix"- (took 15 minutes to complete)

Fixmtx: Detect and repair W95.MTX - pjf+cng (c) Symantec 2001

Scanning C:
Scanning C:\system.sav
..............,,>>>>>>>>>> ending says: Scanning D:\RECYCLED

Scanned: 40188, infected: 0, repaired: 0

ran scanreg /fix, IE Repair tool, Sysytem File Checker.

still have explorer shut down immediately after opening/connecting to Outlook Express, or IE 5.01.

keeping in mind my other thread on this, could I still be missing this icmp.dll.. could this be the only reason it's acting like this??

many of the virus symtoms are still present, but NONE OF THE EVIDENCE.

innoculate and mcafee both are updated virus definitions, and niether are working correctly, or find anything.

pfffffffffffffffffffffffffffffffffffffffttttttttt


------------------
sea1_69@hotmail.com

homepage (http://www.seanweb1.homestead.com/3.html)




[This message has been edited by sea69 (edited 09-02-2001).]

frustrated....... anyone still there ??

------------------
sea1_69@hotmail.com

homepage (http://www.seanweb1.homestead.com/3.html)


;)~

Could be, I imagine that some of the other programs you listed would eventually be able to be traced back to using it...I know Neotrace uses it. It should be in the windows\system folder...it is installed with the DUN1.3 update, so try running that if you already haven't. But I haven't been able to find anything that would indicate not having it would cause a virus scan program not to work.

------------------
mjc
Links list:Computer Links (http://www.dreamwater.org/tech/mjc/index.htm)

Celts are the men that heaven made mad, For all their battles are merry and their songs are all sad.

Gun Control...hitting what you aim at!

I know what you mean.


It has to be some virus type.

I connected with backup dial up account, at 1st there were no 'explorer performed an illegal'.... - then it (whatever) seemed to 'find' my new connection and it now is attacking that one as well.

s>l>o>w.

have been backing up EVERYTHING with Direct CD.

(well, not "everything".. just installed f-prot anti-v)

it found a totally different trojan. igmnuke or something to that effect.

got rid if that.. also there was some 'sexdial9' (??) thing...

oh me. http://www.PCGuide.com/ubb/eek.gif

mjc- how does one put that icmp.dll file where it belongs??

tia

http://www.PCGuide.com/ubb/wink.gif


------------------
sea1_69@hotmail.com

homepage (http://www.seanweb1.homestead.com/3.html)




[This message has been edited by sea69 (edited 09-02-2001).]

extract it to the C:\windows\system directory (and it may need to be registered, I'm not sure...that is is done by using regsvr32.exe (at a command prompt: regsvr32.exe_file.dll)

------------------
mjc
Links list:Computer Links (http://www.dreamwater.org/tech/mjc/index.htm)

Celts are the men that heaven made mad, For all their battles are merry and their songs are all sad.

Gun Control...hitting what you aim at!

Did you get the sirwormW32 virus sea69, because i opened a attachment a while back and luckily i had my autoprotect on and norton caught it.But Im having funny behaviour out of my cpu , but i might be paranoid or something.When you looked in your registry was it screwed up?Did remnants of the virus show up?I look in my registry and it wasnt in there.So hopefully I did not get,but as for you ,sorry.And to answer the question why people do it , THe only conclusion I had was to get back at people that you have done wrong.And of course to find credit card #s and passwords.

------------------
Sledgehammer will save the day!

I'm not sure Sea69 but isn't that file for like licencing somthing to do with ping(icmp.dll)or e-mail???

[This message has been edited by YODA74 (edited 09-03-2001).]

update:

thank GOD I remembered my Test Run by BB- back up registry!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

This afternoon (15 minutes ago) - after staying up ALL Night backing up everything to Direct CD, I switched to my TT by BB test registry.

Everything is a-ok so far! No explorer errors, or connection problems, so far it has not seemed to have affected this registry.

will advise.

http://www.PCGuide.com/ubb/wink.gif

edit: mjc- you have mail.

also- I was thinking, I can now compare the two registries and see what's what!!

------------------
sea1_69@hotmail.com

homepage (http://www.seanweb1.homestead.com/3.html)

[This message has been edited by sea69 (edited 09-03-2001).]

sea... sexDIAL9 thingy?
Busted. http://www.PCGuide.com/ubb/biggrin.gif

------------------
......Indecision may or may not be my problem......
...... Kickin' A Rock....

http://www.PCGuide.com/ubb/smile.gif http://www.PCGuide.com/ubb/biggrin.gif http://www.PCGuide.com/ubb/tongue.gif http://www.PCGuide.com/ubb/wink.gif

conclusion:

My system was saved by the application of TestRun by BB" (http://www.downlinx.com/proghtml/143/14327.htm)!

I always knew it was a useful program, but It had not occured to me that it would one day SAVE my system. (and to think,- I almost did a Full Restore !!)

This program is a MUST HAVE!!

Get this program {{free}}, and save your system/registry settings NOW!!(if all is working correctly) The program automatically creates a Master copy of your 'normal' registry, and another for 'testing' things without fear of messing up. - and then if 6 months down the road something TERRIBLE like what just happened to me occurs, you will be OK!


http://www.PCGuide.com/ubb/wink.gif

hubba bubba...

ranch dog dog............ need I point out my name here ??
(the number is not my age..)

LoL

thanks to all, especially- mjc!

Lovin' Life......... *puff*

http://www.PCGuide.com/ubb/wink.gif


------------------
sea1_69@hotmail.com

homepage (http://www.seanweb1.homestead.com/3.html)


[This message has been edited by sea69 (edited 09-04-2001).]

Sea69 Congratulations! Glad you have sorted that one out! http://www.PCGuide.com/ubb/cool.gif Just a quickie: TestRun by BB says "Platform Win95". Will it work on my Win98SE and Win ME though?

------------------
"These are but wild and whirling words, my lord!" - Hamlet

Yep, it should. My first thought too..but remembered that Sea has 98se.

hhe... not "positive' about ME, but all win9x works fine... I remember at least one person with ME saying that he tried it and it worked, but I do not know personally.

http://www.PCGuide.com/ubb/wink.gif




------------------
sea1_69@hotmail.com

homepage (http://www.seanweb1.homestead.com/3.html)


;)~

http://www.PCGuide.com/ubb/tongue.gif Sea I have been using BB for about 18 months. Great program for testing software! Would never have thought to use it like you though. And no you were not sunk just in a force 9 gale! http://www.PCGuide.com/ubb/wink.gif

------------------
Ernie

hehe.. well ernie, I didn't actually plan it this way- it just was the Master that I made about six or 8 months ago and never @affirmed (changed)it.. so it has not changed.

of course there are other uses for this app..


http://www.PCGuide.com/ubb/wink.gif



------------------
sea1_69@hotmail.com

homepage (http://www.seanweb1.homestead.com/3.html)


;)~