PCA Forums

I am trying to remove the w32.magistr.39921@mm virus from a friends computer, they have Norton 5.0 which detected it, but couldnt remove it. I have the comp here at my house, the first time I booted it up it locked up just after the "loading new hardware" bar came up. I assume it detected my monitor and is trying to load a driver but it crashes at 0% every time. I am able to get into safe mode, but have no cd access there and I had hoped to install NAV 2002 to remove the virus. Anyone have any suggestions as to what I could try? To make things worse the OS is WinME, which I dont have a copy of, and I doubt they do either as it is a Compaq

A good place to start would be the Symantec website they have a large data base. You should be able to look up the virus that the box has and it should give you instructions on how to remove it. Good Luck

I did actually look there and it is listed, the first thing they say to do is update your definintions and run NAV, which I cant do. The version of nortons that was already present was out of date or past product life I guess, as it detected 72 infected files but could not repair or quarantine them. Thanks for the reply

As dad suggested, symantec is the best place to search for a virus and removal. I found this:
http://securityresponse.symantec.com/av ... 21@mm.html

Scroll down for removal instructions.


*edit

Doh, I see you can't run the av. Try the first link and where it shows remobing it from the registery. This might help some too.
http://securityresponse.symantec.com/av ... 76@mm.html



NOTE: This virus contains bugs which will corrupt some files while attempting to infect them, as well as when the first payload activates. These files cannot be repaired; they must be restored from a backup. (These files may be detected as W32.Magistr.corrupt.)

run this then: http://housecall.antivirus.com/

Greg

I havent tired the online one, but again I dont know if I can get at it in safe mode. The comp doesnt have an nic so the whole scan would be over the modem. I think I actually made thier problem worse
I was however able to find the registry key where it was running itsself. Thanks to everyone, if anyone knows any way to get a cd in safe mode I would be eternally grateful!

You can use that housecall scanner in safe mode - even over a modem. It only needs to download an applet which will take a few minutes on a dialup, then it runs the AV program locally. It will take an hour or more to scan an entire drive, but you shouldn't need to stay online for it.

If you have access to a computer with McAfee VScan 6 installed, you can burn the entire "program files\common files\Network Associates\VirusScan Engine\4.0.xx" folder to a CD then run the DOS scanner manually from DOS right off the CD (you'll need to boot from a Win98 emergency disk with CD support). Use the command line:

scanpm c:\ /sub /clean /report c:\vscan.txt

This will scan all drives, clean (or delete if can't be cleaned) any infected files, and create a log file called VSCAN.TXT in the C drive root with a compete list of all infected files and the actions taken.

This is the reason I still use McAfee - you can can run it's DOS scanner on any system without installing the software.

Make sure to read the information in Symantec's database. Many of these modern viruses also require that you delete an entry in the registry to totally eliminate them.

Thanks to everyone for taking the time to reply. I kinda went about it a wierd way, but am no closer to being fixed. I couldnt get online to run the housecall scan, the computer wouldnt load the modem drivers in safe mode. I got creative and ripped the nav2002 cd, then zipped it and burned it to a cd. Then I booted into dos and copied the zip, then back to safe mode, expanded and installed. I also had the latest downloadable definitions on the cd, everyting was up to date. The wierd thing is it just finished scanning and it came back with nothing. Nothing infected, no virus. Uggggg. I even tried running the stupid system restore utility included with ME and it refused to work also. I think I smell a format coming on. Thanks again to all-

one other thing you might look for is a specific magistr removal tool - try the norton/mcaffee/grisoft etc. website


does sound like format time though

If you have a second PC, which it seems you do. Load the latest anti virus o nthere and install the HD from your other system. and scan it in there.

Greg

Whelp, I scanned it with AVG and it came back with 1 infected file, dxdiag.exe . Still crashes while trying to boot into windows normally, format time. Something that they quarantined or that was corrupted must have been a critical windows file. Anyone know if you can reinstall ME over itself without losing settings like you can with 98se? I think I'll give that a try if it is possible, its not like it can get any worse at this point. As always, thanks for all of your time.

Sometimes the virus has done enough damage to other files that its easiest and best to reformat and reinstall.

This is what happened to me with klez and I run NAV but my auto protect had gotten turned off somehow.

You could try to reinstall the OS overtop of the old one and then try to remove the virus again if you have the time and patience. In that way you may be able to save some data but dont count on it.

Yes, I'd try just doing a re-install over itself first. That should restore any missing or coorupt system files and you'll retain all your installed programs.

Stupid Compaq doesnt include an OS disk i guess as they didnt have one, only a restore disk. Thats what it finally came to as I dont have a copy of Windows ME either.

BLACKHAWK: There's a free downloadable repair kit for Klez. There's no need to do a reformat, and Klez doesn't permanently damage anything (trust me I've fixed a LOT of Klez infected systems).

The hassle with Klez, until the reapir kit came out, is that it's tedious as hell to do it manually.

SHAGGY: Compaq NEVER gives you an OS CD on their home systems - just a restore CD. Sucks.