| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 58528 | 2005-06-03 08:33:00 | Virus Francette.worm | taly (5956) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 360910 | 2005-06-03 08:33:00 | Hi there! My Norton found a virus in my PC W32.Francette.worm. It couldnot fix it. On the Symantec site found it, but to fix they tell to delete the file it sits in. But the file is Host.sys.exe. What will happen if I delete sys file? Any ideas what this worm can do. I can,t print at the moment and Internet is disconnecting often? Is it because of the virus? Thanks |
taly (5956) | ||
| 360911 | 2005-06-03 08:53:00 | No u dont delete the file. You delete the entry in the registry, this worm installs. So, it doesnt run when windows boots. Click Start, and then click Run. (The Run dialog box appears.) Type regedit Then click OK. (The Registry Editor opens.) Navigate to the key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run In the right pane, delete the value: "Microsoft IIS"="syshost.exe" Exit the Registry Editor. After u delete this entry. Reboot, then get the XP updates, so u wont get it again. This www.microsoft.com And this www.microsoft.com And if u haven't updated Windows yet, now maybe a good idea. If you don't know how to use the registry, get ccleaner. www.ccleaner.com and go to tools programs, and delete the above entry here. |
Speedy Gonzales (78) | ||
| 360912 | 2005-06-03 09:03:00 | Host.sys.exe.................hmmmmm... a double extension........pretty typical of a virus.....yep i'd follow norton advice and most likely boot to safe mode then delete it....... | drcspy (146) | ||
| 360913 | 2005-06-03 09:06:00 | And dont forget to disable system restore before u do it too. | Speedy Gonzales (78) | ||
| 360914 | 2005-06-03 09:09:00 | nortons removal... Disable System Restore (Windows Me/XP). Update the virus definitions. Do one of the following: Windows 95/98/Me: Restart the computer in Safe mode. Windows NT/2000/XP: End the Trojan process. Run a full system scan and delete all the files detected as W32.Francette.Worm. Reverse the changes that the Trojan made to the registry. deleteing Host.sys.exe is not going to hurt anything. |
tweak'e (69) | ||
| 360915 | 2005-06-04 05:29:00 | Hi guys! Thanks for quick responce. Now, how can I end the Trojan process? I have Win XP home on Pent2, by the way, if it is important. Thanks. |
taly (5956) | ||
| 360916 | 2005-06-04 06:12:00 | You need to bring up the Task Manager. If you go CTRL-ALT-DEL once, you will see a dialog box with Task Manager on it. In Task Manager go to the Processes tab and look for "Cnqmax.exe" and click it to highlight it, then click "End Process". You can find the full instructions here (securityresponse.symantec.com) on the Symantec website. :) |
Jen (38) | ||
| 360917 | 2005-06-05 01:30:00 | Hi everybody! And thanks. Have done it. Went to reg and deleted syshost.exe. Now all ok. Thanks again Taly |
taly (5956) | ||
| 1 | |||||