Richard; just get a good anti virus program like Mcafee or Norton, ( you need one anyway, if you're on the net at all) and scan everything on your hard drive with it. It's only when the program can't clean the file that you have to delete it and replace it with a back-up. The newer Windows versions have a file comparison program that will replace what you're missing without messing with your settings too much. Haven't had to use it yet, but that's what the hype says it will do. ( And the computer mags). Kevin E. Ramsey ramsey@extremezone.com ----- Original Message ----- From: "Richard Moody" <remoody@midstatesd.net> To: <pianotech@ptg.org> Sent: Sunday, May 20, 2001 11:18 PM Subject: Re: Lynn Rosenberg Virus Mailing > I got this from the anti virus site Ron N mentions below. Good tip. > ! ! > > "A copy is saved into the WINDOWS directory as INETD.EXE and an entry > is entered into the WIN.INI file to run INETD.EXE at startup. " > > So what I did was looK at WIN.INI and found a command right at the > beginning that said "Load INETD.EXE" I changed the name to > INETD.OXE This may have caused the virus not to lode. To get rid > of it from my HD I have to boot up in DOS. I will try that tomorrow. > I know I am affected with this virus and if posts to this list from me > contain an attachment, DO NOT OPEN or DO NOT CLICK ON THE > ATTACHMENT. ---ric > > ----- Original Message ----- > From: Ron Nossaman <RNossaman@KSCABLE.com> > To: <pianotech@ptg.org> > Sent: Sunday, May 20, 2001 6:01 PM > Subject: Re: Lynn Rosenberg Virus Mailing > > > | You may be in trouble. EVERYBODY go to: > | http://vil.nai.com/vil/virusChar.asp?virus_k=99069 > | and read: > | > | This mass mailing worm attempts to send itself using Microsoft > | Outlook by replying to unread email messages. > It also > | drops a > | remote access trojan (detected as > Backdoor-NK.svr with > | the 4134 > | DATs; detected heuristically as New Backdoor > prior to > | the 4134 DAT > | release). > | > | When run, the worm displays a message box > entitled, > | "Install error" > | which reads, "File data corrupt: probably due > to a bad > | data > | transmission or bad disk access." A copy is > saved into > | the > | WINDOWS directory as INETD.EXE and an entry > is entered > | into the > | WIN.INI file to run INETD.EXE at startup. > KERN32.EXE (a > | backdoor > | trojan), and HKSDLL.DLL (a keylogger DLL) are > written to > | the > | WINDOWS SYSTEM directory, and a registry > entry is > | created to load > | the trojan upon system startup. > | > | > HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ > | RunOnce\kernel32=kern32.exe > | > | Note: Under WinNT/2K, an additional registry > key value > | is entered > | instead of a WIN.INI entry: > | > | HKEY_USERS\Software\Microsoft\Windows NT\ > | CurrentVersion\Windows\RUN=%WinDir%\INETD.EXE > | > | Once running, the trojan attempts to mail the > victim's > | IP Address to > | the author. Once this information is > obtained, the > | author can connect > | to the infected system via the Internet and > steal > | personal information > | such as usernames, and passwords. In > addition, the > | trojan also > | contains a keylogger program which is capable > of > | capturing other vital > | information such as credit card and bank > account numbers > | and > | passwords. > | > | The next time Windows is loaded, the worm > attempts to > | email itself > | by replying to unread messages in Microsoft > Outlook > | folders. The > | worm will be attached to these messages using > one of the > | following > | filenames (note that some of these filenames > are also > | associated > | with other threats, such as W95/MTX.gen@M): > | > | > | As you can see, the error messages you saw are part of the trojan > installation. > | Check the Windows directory for INETD.EXE. A diskscan for errors and > a defrag > | won't disinfect the system. You need a good antivirus system, and > fast. > | > | Ron N > | > >
This PTG archive page provided courtesy of Moy Piano Service, LLC