re: Trojan problem.There must be a way to get rid of it
Friday, July 15, 2005 at 8:18 am
Windows Me Annoyances Discussion Forum
Posted by Shannon33
(2 messages posted)
Thanks for responding Jack. You have given me the best , most comprehensive advise.
I am now running the online scan from the link you gave me. And I will get a friend
to make me a boot diskette this weekend. I am considering changing to Windows XP
in the near future. Do u think it is better security wise that ME? I don't know how
I got this trojan problem, because I am very careful and don't open attachments,
or go to any crazy sites, and ALWAYS keep my AV stuff up to date................Again
thanks for the great info!!! And Have a nice weekend!!
On Thursday, July 14, 2005 at 2:35 pm, Jack Gulley wrote:
>Sounds like you and a very few other who run Windows ME have had a lot of problems
>getting rid of this thing. There is almost no information on it, so it must be something
>new.
> First step is you need to boot the system from a Windows ME boot diskette
>(or an image of one on a bootable CD). You can make one on any Windows ME system
>in Control Panel, Add/Remove Programs, Startup Disk tab. If you do not have one
and
>can not get to Add/Remove Programs, you will have to have someone make one for you
>on Windows ME system. If necessary, you could use a Windows 98 boot diskette if
that
>is all you have or can get. But the first step requires deleting some files with
>DOS.
> Boot with the Windows ME startup diskette and at the DOS prompt delete the hidden
>System Restore folder and files. Use:
>
>DELTREE C:\_RESTORE
>
> This should remove all of the System Restore files.
> Then delete all of the TEMP files with:
>
>DELTREE C:\WINDOWS\TEMP\*.*
>
> It will prompt you for all of the folders in your Windows\Temp folder. Delete
>them.
> With the basic clean up done, remove the boot diskette and reboot the system.
>The next step is to try to find the module causing the problem. The TrendMicro virus
>scan should give you the exact location and module name of the module(s) causing
>the problem. Write the whole path and name down so that you can later boot with
the
>Windows ME boot diskette and use DOS to rename or remove the modules.
> I would also recommend running the OnLine scan from
>target="_blank">CA eTrust 'Scan for Virus' (click on the "Scan for Virus" link
>on their web page), as they are currently doing a better job of finding and removing
>new threats of this type.
> If you can locate module names (most likely random names) of the DLL files of
>the Trojan, and the AV scans do not delete them all, you can use the Windows ME
startup
>diskette and DOS to rename or delete these modules. It might be best to post what
>path/names you find first. Also keep in mind that this type of Trojan often has
more
>than one copy of itself on your system, makes new copies each time you reboot and
>prevents you from deleting the active copy while Windows is running, even in Safe
>Mode.
|
