| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 46889 | 2004-07-09 01:13:00 | Worm_RBOT.WG and JC viruses won't stop coming | Supertrooper (2510) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 250844 | 2004-07-09 01:13:00 | A friend's computer is being constantly attacked with these two variants of the same virus. He has PC-Cillin on it which is completely updated, and it finds and quarantines these viruses as they come in, but they keep on coming and we're not sure how they are getting in. The PC is running Win2000 Pro, and has had SP4 installed. We've just downloaded a removal tool for these viruses, but I'd like to know how it's getting into the system. |
Supertrooper (2510) | ||
| 250845 | 2004-07-09 01:19:00 | Info here (www.trendmicro.com) | Jim B (153) | ||
| 250846 | 2004-07-09 01:36:00 | It sounds like the worm/virus/trojan is not being completely removed. The startup entries in the registry need to be deleted as per the link that Jim B referred to. It is also a good idea to give the computer a complete clean, eg delete all temporary files, including temporary internet files, history, cookies, etc. If Windows 2000 has the system restore feature it will need to be disabled prior to scanning with the anti-virus and re-enabled after the computer is cleaned. |
tommy (2826) | ||
| 250847 | 2004-07-09 01:48:00 | Thanks for the pointer to the info . I've done everything that the site suggests, but this worm still keeps coming back, even after cleaning the machine of it . Trend Micor says this about the worm: "This memory-resident worm spreads via network shares . It gathers available list of hardcoded user names and passwords to gain access over compromised machines . " Can someone please explain this in plain english . What are network shares? |
Supertrooper (2510) | ||
| 250848 | 2004-07-09 01:50:00 | I've just been into the registry and the startup values aren't there. Dammit all! LOL | Supertrooper (2510) | ||
| 250849 | 2004-07-09 01:50:00 | if he keeps getting it (assuming its not in the restore) then its possible the network is incorrectly setup and keeps getting reinfected. install firewall at the very least. | tweak'e (174) | ||
| 250850 | 2004-07-09 02:03:00 | Ok, it seems like after the system is cleaned, and rebooted, we go back on the net and the virus attacks again. I've found a link to a microsoft patch, I'll keep you posted. | Supertrooper (2510) | ||
| 250851 | 2004-07-09 02:12:00 | I tried installing a firewall and then the other computer on the network couldn't access the internet. Oh the joys of computers... NOT. |
Supertrooper (2510) | ||
| 250852 | 2004-07-09 02:48:00 | > I tried installing a firewall and then the other > computer on the network couldn't access the > internet. sounds like your useing ICS. theres very few free firewalls that have ICS support. you may need to go to a paid one or drop the sicurity settings down a tad. |
tweak'e (174) | ||
| 250853 | 2004-07-09 03:55:00 | > sounds like your useing ICS. theres very few free > firewalls that have ICS support. you may need to go > to a paid one or drop the sicurity settings down a > tad. Zone alarm supports ICS (I think the free version does as well), the only down side is that you will need to teach it what programs etc… you want to allow access to the internet. |
stu120404 (268) | ||
| 1 2 | |||||