Is it possible? Every now and then norton downloads new definitions and it
asks if it should try cleaning the infected files with the new definitions
but it always fails. I really want to get W32.HLLW.Niklas off these files.
They are important and are in quarantine. Is there anyway of doing it?

Joe Piscapo wrote:
> Is it possible? Every now and then norton downloads new definitions
> and it asks if it should try cleaning the infected files with the new
> definitions but it always fails. I really want to get
> W32.HLLW.Niklas off these files. They are important and are in
> quarantine. Is there anyway of doing it?

If the new definitions can't clean the files then they are most likely
uncleanable. Sorry, you're SOL on this one.

"Joe Piscapo" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Is it possible? Every now and then norton downloads new definitions and
it
> asks if it should try cleaning the infected files with the new definitions
> but it always fails. I really want to get W32.HLLW.Niklas off these
files.
> They are important and are in quarantine. Is there anyway of doing it?

I would try at least one of these
free online virus scan programs,

RAV
http://www.ravantivirus.com/scan/

Panda:
http://www.pandasoftware.com/activescan/

BitDefender
http://www.bitdefender.com/scan/license.php

HTH,
Tom

On Fri, 28 May 2004 22:31:58 -0400, "Joe Piscapo"
<(E-Mail Removed)> wrote:

>Is it possible? Every now and then norton downloads new definitions and it
>asks if it should try cleaning the infected files with the new definitions
>but it always fails. I really want to get W32.HLLW.Niklas off these files.
>They are important and are in quarantine. Is there anyway of doing it?
>
YEs,.. perhaps some other soft
http://www.nondisputandum.com/html/a..._firewall.html


--
www.nondisputandum.com

Protect, clean, tools, office, webbuilding
newsfeeds, entertainment, searching
+ the internet addiction test!

"Joe Piscapo" <(E-Mail Removed)> wrote in message news:(E-Mail Removed)...
> Is it possible?

Probably not.

> Every now and then norton downloads new definitions and it
> asks if it should try cleaning the infected files with the new definitions
> but it always fails.

This one confuses me because HLLW if I'm not mistaken stands for
High Level Language Worm - and if it is a worm file (as opposed to
a virally infected file) there is nothing to clean as it is all malware. The
descriptions I have read indicate that you should delete files detected
as W32.HLLW.Niklas, which is in keeping with the worm assumption.

> I really want to get W32.HLLW.Niklas off these files.
> They are important and are in quarantine. Is there anyway of doing it?

Are these file important, or do you just believe that they are important
because you assume that they are infected (otherwise legitimate) program
files that you wanted from your p2p application's offerings?

I'm not trying to accuse you of stupidity - I am just trying to figure out
what this thing really is from the confusing descriptions I have found.
Symantec calls it a worm, and yet mentions that it prepends itself to
executable program files (which seems like virus function to me).

....no wonder there is so much confusion as to what these terms mean.

Important files like the registry and msconfig are infected. I am wondering
how I can still install stuff (doesn't windows xp need the registry when
installing?)
I used to get that dialog saying to insert the xp disk to replace the
corrupt files but I couldn't find my cd so I just kept clicking cancel. Now
I found the cd but I don't get that dialog anymore

"FromTheRafters" <!(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
>
> "Joe Piscapo" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> > Is it possible?
>
> Probably not.
>
> > Every now and then norton downloads new definitions and it
> > asks if it should try cleaning the infected files with the new
definitions
> > but it always fails.
>
> This one confuses me because HLLW if I'm not mistaken stands for
> High Level Language Worm - and if it is a worm file (as opposed to
> a virally infected file) there is nothing to clean as it is all malware.
The
> descriptions I have read indicate that you should delete files detected
> as W32.HLLW.Niklas, which is in keeping with the worm assumption.
>
> > I really want to get W32.HLLW.Niklas off these files.
> > They are important and are in quarantine. Is there anyway of doing it?
>
> Are these file important, or do you just believe that they are important
> because you assume that they are infected (otherwise legitimate) program
> files that you wanted from your p2p application's offerings?
>
> I'm not trying to accuse you of stupidity - I am just trying to figure out
> what this thing really is from the confusing descriptions I have found.
> Symantec calls it a worm, and yet mentions that it prepends itself to
> executable program files (which seems like virus function to me).
>
> ...no wonder there is so much confusion as to what these terms mean.
>
>

"Joe Piscapo" <(E-Mail Removed)> wrote in message news:(E-Mail Removed)...
> Important files like the registry and msconfig are infected. I am wondering
> how I can still install stuff (doesn't windows xp need the registry when
> installing?)

The registry files are not infectable, as they are data files. Are you
referring to Regedit, the registry editor? Have you scanned those
suspect files with another AV program to help eliminate the false
positive alert possibilities?

I am not familiar enough with XP to help you to extract replacement
files from your installation CD, but it appears that you should do this.
On that CD is a program called the "recovery console" which should
allow you to do this.

> I used to get that dialog saying to insert the xp disk to replace the
> corrupt files but I couldn't find my cd so I just kept clicking cancel. Now
> I found the cd but I don't get that dialog anymore

Sorry I can't help you, hopefully someone else reading this can. (

"FromTheRafters" <!(E-Mail Removed)> wrote in message news:(E-Mail Removed)...

> I am not familiar enough with XP to help you to extract replacement
> files from your installation CD, but it appears that you should do this.

I just stumbled across this - it may help.

http://service1.symantec.com/SUPPORT...01123112044539

On Mon, 31 May 2004 20:35:11 -0400, "Joe Piscapo"
<(E-Mail Removed)> wrote in <(E-Mail Removed)>:

>Important files like the registry and msconfig are infected. I am wondering
>how I can still install stuff (doesn't windows xp need the registry when
>installing?)


Joe, I think you're making this more complicated than it is. Try this
description http://www.sophos.com/virusinfo/analyses/w32lausa.html

The registry is not infected. There is an entry that needs to be
removed, but this is not infection of the registry itself. The same
goes for MSCONFIG - it is merely reading the registry.

>I used to get that dialog saying to insert the xp disk to replace the
>corrupt files but I couldn't find my cd so I just kept clicking cancel. Now
>I found the cd but I don't get that dialog anymore

This was probably because of the niklaus.exe running. The way it's
set up, niklaus.exe is technically a "corrupt system file", however
it's not one you want to replace. It appears Norton is using the term
"appended" rather than "infected" because while these altered files
are _copies_ of system files, they are then only dropped in file
sharing folders, not put in use by the system.

http://securityresponse.symantec.com...lw.niklas.html

If you have used Start > Run > MSCONFIG to disable the entry referring
to niklaus.exe, and deleted all files identified by Norton as infected
- which should be the niklaus.exe, and files in WINNT\Temp\Binary32\,
and anything in file sharing folders - then you are clean of
W32.HLLW.Niklas. Checking with another AV like
http://housecall.trendmicro.com/ wouldn't be a bad idea, and if Norton
isn't running when you start your computer anymore, it may need to be
reinstalled.


Carol

<(E-Mail Removed)> wrote in message news:(E-Mail Removed)...

> The way it's set up, niklaus.exe is technically a "corrupt system file",
> however it's not one you want to replace. It appears Norton is using
> the term "appended" rather than "infected" because while these altered
> files are _copies_ of system files, they are then only dropped in file
> sharing folders, not put in use by the system.

Thanks for the explanation, Carol. So it appears that Norton was using
terminology that focuses on the "trojanization" of the executable rather
than the "infection" (and I only use the term infection when denoting an
infectious modification, not just any modification. I do realize that I am
probably alone in this). When the otherwise legitimate file is executed,
it does result in another iteration if the worm, so I would say that it does
qualify as a viral aspect of the program.

Still - the recommended treatment is that for worm not virus, so I can't
blame them for stating it the way they did (though I wish that they had
been clearer).

Thanks again.