| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 7978 | 2001-02-26 21:12:00 | Cannot find 'yvsdwqywwyk.exe' etc | Guest (0) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 9256 | 2001-02-26 21:12:00 | There is a file in the registry as named above. Should I unclick the items that look foreign as you suggest and also delete this entry from the registry. Would reloading Windows 98 SE help the problem? I am using Windows 98 SE. |
Guest (0) | ||
| 9257 | 2001-02-27 06:37:00 | Yup, I think I had that virus, it takes over hte notepad as well and makes a copy of it, here is the stuff I found on the net about it... W32.HLLW.Qaz.A is a Win32 companion virus with the ability to spread over the network and also create a backdoor. When the virus is launched it searches available network drives for a copies of notepad.exe and renames them to note.com. It then copies itself (virus code) across the network to the infected computers as notepad.exe. Each time notepad.exe is executed it runs the virus code and the original notepad (renamed to note.com) to avoid being noticed. It also modifies the following system registry entry to execute itself every time the system is started: HKLM\Software\Microsoft\Windows\CurrentVersion\Run 'StartIE'='C:\WINDOWS\NOTEPAD.EXE qazwsx.hsq' W32.HLLW.Qaz.A enumerates through the network neighborhood to find computers to infect. When it finds a computer, it infects it by searching for notepad.exe and making the same modifications (renaming notepad.exe to note.com). It does not require any mapped drives to infect other computers. Once the computer is infected, the computer's IP address is emailed to the virus author automatically. The backdoor payload in the virus uses WinSock and awaits connections. This lets a hacker connect to the infected computer and gain access to the computer. Removal: To remove this trojan: 1. Remove the following registry key: HKLM\Software\Microsoft\Windows\CurrentVersion\Run 'StartIE'='C:\WINDOWS\NOTEPAD.EXE qazwsx.hsq' 2. Restart the computer. 3. Scan with Norton AntiVirus and delete all files detected as W32.HLLW.Qaz.A, Qaz.Trojan, or W32.HLLW.Qaz (gen). 4. Search for a file called note.com and rename it to notepad.exe. 5. Scan all other computers on the network to find all other infections and repeat the above steps if infections are found. 6. Password-protect or unshare word-writable shares to prevent future infections. I downloaded Innoculate, a link is on my website at go.to/learnit and it cleared up the mess that even Nortons couldn't fix. Innoculate was free which was even better. Good luck. Email me if you want more into |
Guest (0) | ||
| 9258 | 2001-03-01 11:15:00 | I have a similar , principally due to an encounter with a backdoorpoly virus. I deleted all the infected files but now when I startup I get he following messages for 19 different files with similar meaningless names: 'Cannot find the file igbvvmc.exe (or one of its components. Make sure the path ....' & 'Could not load or run igbvvmc.exe specified in the WIN.INI file. Make sure the file exists ...' So 38 clicks later on the OK button, I get started. Could this problem be fixed in a similar way to the Win 32 virus or is there something else I need to do - presumably I need to tell my computer not to look for all the deleted files at start up but I don't really know how to do that. To show my ignorance further, what's the registry referred to in the fix for Win 32? |
Guest (0) | ||
| 1 | |||||