| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 62197 | 2005-09-30 03:34:00 | Config32y virus??? | somebody (208) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 392187 | 2005-09-30 03:34:00 | A friend of mine has just encountered a major virus problem. A file by the name of config32y.exe in C:/WinNT/ (On Windows 2k) wrecks havoc, stopping internet access and stopping the ability to install antivirus software. They can manually delete the file, but it will re-create itself on reboot. His updated antivirus software (not sure what version/brand) cannot pick it up. I also cannot find anything about it on Google, Symantec etc. Does anyone know anything about this? Could it possibly be a new virus?? |
somebody (208) | ||
| 392188 | 2005-09-30 07:16:00 | I'm picking its a variant of config32.exe.. which is indicative of a few worms/viruses (Xabot being one) Get hold of a good AV with definitions and install it to the infected PC (install them onto a CD). But before you do that, Google config32.exe and read up on it. That will give you ideas what it might be a new strain of, and could also give clues as to how to kill it |
Myth (110) | ||
| 392189 | 2005-09-30 07:42:00 | Nod32. | Metla (12) | ||
| 392190 | 2005-09-30 07:45:00 | Cheers Tazz. I've given him a copy of UBCD4Win, to try to fix the problem without booting to the actual HDD itself. I've suggested he manually delete the problem files, and try looking through msconfig etc. Metla: The computer doesn't let him install NOD32 - it was one of the first things he tried. I have suggested he try in safe mode - not sure what the outcome is yet. |
somebody (208) | ||
| 392191 | 2005-09-30 08:23:00 | Worth a shot, you could try an antispyware app (if it will install). Maybe even follow it up with a registry cleaner.. it may kill the reg key responsible. Long shot.... |
Myth (110) | ||
| 392192 | 2005-09-30 21:18:00 | try booting in safe mode and run your virus checker from there also if your file system is fat download f-prot DOS version unzip it to a directory and then boot with a boot disk then navigate to the f-prot directory and run it F-prot has cleaned out simular virus's for me in the past. The reason I reccomend F-prot is, it's a command line scanner only and does not offer real time protection, therefore the virus shouldn't stop its installation because it has no active threads making it undetectable to the virus and will only run in a command line enviroment which most modern virus's don't, which leaves them open for this method of cleaning. Normally these self repairing virus have companion exe that monitors the status of the other or I had a real nasty one that the companion and the virus each monitored each other status, recreating which ever was deleted first (safe mode is wonderfull) good luck |
beama (111) | ||
| 1 | |||||