Can anyone help me with a virus?

shaggy · Post by **shaggy** » Wed Jul 17, 2002 12:01 pm

I am trying to remove the w32.magistr.39921@mm virus from a friends computer, they have Norton 5.0 which detected it, but couldnt remove it. I have the comp here at my house, the first time I booted it up it locked up just after the "loading new hardware" bar came up. I assume it detected my monitor and is trying to load a driver but it crashes at 0% every time. I am able to get into safe mode, but have no cd access there and I had hoped to install NAV 2002 to remove the virus. Anyone have any suggestions as to what I could try? To make things worse the OS is WinME, which I dont have a copy of, and I doubt they do either as it is a Compaq

dadx2mj · Post by **dadx2mj** » Wed Jul 17, 2002 12:12 pm

A good place to start would be the Symantec website they have a large data base. You should be able to look up the virus that the box has and it should give you instructions on how to remove it. Good Luck

shaggy · Post by **shaggy** » Wed Jul 17, 2002 12:19 pm

I did actually look there and it is listed, the first thing they say to do is update your definintions and run NAV, which I cant do. The version of nortons that was already present was out of date or past product life I guess, as it detected 72 infected files but could not repair or quarantine them. Thanks for the reply

blade · Post by **blade** » Wed Jul 17, 2002 12:24 pm

As dad suggested, symantec is the best place to search for a virus and removal. I found this:
http://securityresponse.symantec.com/av ... 21@mm.html

Scroll down for removal instructions.

*edit

Doh, I see you can't run the av. Try the first link and where it shows remobing it from the registery. This might help some too.
http://securityresponse.symantec.com/av ... 76@mm.html

NOTE: This virus contains bugs which will corrupt some files while attempting to infect them, as well as when the first payload activates. These files cannot be repaired; they must be restored from a backup. (These files may be detected as W32.Magistr.corrupt.)

nexus_7 · Post by **nexus_7** » Wed Jul 17, 2002 12:25 pm

run this then: http://housecall.antivirus.com/

Greg

shaggy · Post by **shaggy** » Wed Jul 17, 2002 1:02 pm

I havent tired the online one, but again I dont know if I can get at it in safe mode. The comp doesnt have an nic so the whole scan would be over the modem. I think I actually made thier problem worse

I was however able to find the registry key where it was running itsself. Thanks to everyone, if anyone knows any way to get a cd in safe mode I would be eternally grateful!

Post by **FlyingPenguin** » Wed Jul 17, 2002 2:09 pm

You can use that housecall scanner in safe mode - even over a modem. It only needs to download an applet which will take a few minutes on a dialup, then it runs the AV program locally. It will take an hour or more to scan an entire drive, but you shouldn't need to stay online for it.

If you have access to a computer with McAfee VScan 6 installed, you can burn the entire "program files\common files\Network Associates\VirusScan Engine\4.0.xx" folder to a CD then run the DOS scanner manually from DOS right off the CD (you'll need to boot from a Win98 emergency disk with CD support). Use the command line:

scanpm c:\ /sub /clean /report c:\vscan.txt

This will scan all drives, clean (or delete if can't be cleaned) any infected files, and create a log file called VSCAN.TXT in the C drive root with a compete list of all infected files and the actions taken.

This is the reason I still use McAfee - you can can run it's DOS scanner on any system without installing the software.

Make sure to read the information in Symantec's database. Many of these modern viruses also require that you delete an entry in the registry to totally eliminate them.

shaggy · Post by **shaggy** » Thu Jul 18, 2002 2:27 am

Thanks to everyone for taking the time to reply. I kinda went about it a wierd way, but am no closer to being fixed. I couldnt get online to run the housecall scan, the computer wouldnt load the modem drivers in safe mode. I got creative and ripped the nav2002 cd, then zipped it and burned it to a cd. Then I booted into dos and copied the zip, then back to safe mode, expanded and installed. I also had the latest downloadable definitions on the cd, everyting was up to date. The wierd thing is it just finished scanning and it came back with nothing. Nothing infected, no virus. Uggggg. I even tried running the stupid system restore utility included with ME and it refused to work also. I think I smell a format coming on. Thanks again to all-

wvjohn · Post by **wvjohn** » Thu Jul 18, 2002 7:18 am

one other thing you might look for is a specific magistr removal tool - try the norton/mcaffee/grisoft etc. website

does sound like format time though

nexus_7 · Post by **nexus_7** » Thu Jul 18, 2002 9:04 am

If you have a second PC, which it seems you do. Load the latest anti virus o nthere and install the HD from your other system. and scan it in there.

Greg

shaggy · Post by **shaggy** » Thu Jul 18, 2002 2:34 pm

Whelp, I scanned it with AVG and it came back with 1 infected file, dxdiag.exe . Still crashes while trying to boot into windows normally, format time. Something that they quarantined or that was corrupted must have been a critical windows file. Anyone know if you can reinstall ME over itself without losing settings like you can with 98se? I think I'll give that a try if it is possible, its not like it can get any worse at this point. As always, thanks for all of your time.

blackhawk · Post by **blackhawk** » Fri Jul 19, 2002 6:02 am

Sometimes the virus has done enough damage to other files that its easiest and best to reformat and reinstall.

This is what happened to me with klez and I run NAV but my auto protect had gotten turned off somehow.

You could try to reinstall the OS overtop of the old one and then try to remove the virus again if you have the time and patience. In that way you may be able to save some data but dont count on it.

Post by **FlyingPenguin** » Fri Jul 19, 2002 8:54 am

Yes, I'd try just doing a re-install over itself first. That should restore any missing or coorupt system files and you'll retain all your installed programs.

shaggy · Post by **shaggy** » Fri Jul 19, 2002 1:29 pm

Stupid Compaq doesnt include an OS disk i guess as they didnt have one, only a restore disk. Thats what it finally came to as I dont have a copy of Windows ME either.

Post by **FlyingPenguin** » Fri Jul 19, 2002 4:28 pm

BLACKHAWK: There's a free downloadable repair kit for Klez. There's no need to do a reformat, and Klez doesn't permanently damage anything (trust me I've fixed a LOT of Klez infected systems).

The hassle with Klez, until the reapir kit came out, is that it's tedious as hell to do it manually.

SHAGGY: Compaq NEVER gives you an OS CD on their home systems - just a restore CD. Sucks.