I need to delete some virus files and entry's on my Windows 2000 pro that
was installed on a FAT32 drive. I know I can start in the command prompt
from a F5 at start up.

When I do that I need to delete these files from my C:\WINNT\system32\
folder:
hiden.exe
p2.ini
tmpf00.exe
mszx.exe
drct16.dll
vdnt32.sys
klogini.dll
i.a3d
fltr.a3d
redir.a3d
ps.a3d
w32tm.exe
cz.dll
hz.dll
wz.dll



Its the Haxdoor Backdoor Trojan.

So how do I get into the C:\WINNT\system32\ folder, and how do I Type in a
way to remove them?

Something like this? "klogini.dll del" ? When the folder is
available????



There are also registery things I should delete. How do I open that up and
delete from there?



Sorry it has been sometime since I have messed around with this stuff....

TIA!!!!

-=Mr_B=-

"-=Mr_B=-" <(E-Mail Removed)> wrote in message
news:%(E-Mail Removed)...
> I need to delete some virus files and entry's on my Windows 2000 pro that
> was installed on a FAT32 drive. I know I can start in the command prompt
> from a F5 at start up.
>
> When I do that I need to delete these files from my C:\WINNT\system32\
> folder:
> hiden.exe
> p2.ini
> tmpf00.exe
> mszx.exe
> drct16.dll
> vdnt32.sys
> klogini.dll
> i.a3d
> fltr.a3d
> redir.a3d
> ps.a3d
> w32tm.exe
> cz.dll
> hz.dll
> wz.dll
>
>
>
> Its the Haxdoor Backdoor Trojan.
>
> So how do I get into the C:\WINNT\system32\ folder, and how do I Type in a
> way to remove them?
>
> Something like this? "klogini.dll del" ? When the folder is
> available????
>
>
>
> There are also registery things I should delete. How do I open that up
and
> delete from there?
>
>
>
> Sorry it has been sometime since I have messed around with this stuff....
>
> TIA!!!!
>
> -=Mr_B=-

You're probably thinking of Windows 98 with your method.
With Windows 2000, it's F8 you press, not F5, and it does
not give you a Command Prompt.

Assuming that your infected files are locked while Windows
2000 is up and running, you need to reboot your machine
with your Win2000 CD, select Repair, then select Recovery
Console. You now need to navigate to the System32 directory:

cd \winnt\system32

Rather than deleting your files, you should rename them, just
in case!

ren hiden.exe hiden.ex

This deactivates them.

Lastly: You can save yourself a lot of grief if you maintain
your virus scanner and firewall up-to-date.

In news:%(E-Mail Removed),
-=Mr_B=- <(E-Mail Removed)> had this to say:

> So how do I get into the C:\WINNT\system32\ folder, and how do I Type
> in a way to remove them?
>
> Something like this? "klogini.dll del" ? When the folder is
> available????
>
> There are also registery things I should delete. How do I open that
> up and delete from there?
>
> Sorry it has been sometime since I have messed around with this
> stuff....

Bring up command prompt. Type "cd C:\WINNT\system32\" Hit enter. It should
chance directory to that. Then type "del *******.***" with the full name and
extension and hit enter. Repeat the last step for all of the files named. To
manually edit your registry type bring up the run command and type "regedit"
and start poking away at stuff.

Now, before you do any of this... If you can't remember command prompts and
you can't remember how to open the registry are you 100% certain that you
want to go through with this? Deleting files and altering the registry can
cause serious problems to your systems functionality and stability. There
are probably virus scanning tools which will rid you of this problem and
many of them are available free. Consider AVG and a quick online scan
somewhere and/or downloading Stinger and giving that a try. Really... I'm
not kidding... Poking around in the registry and deleting files can be
harmful.

Galen
--

"My mind rebels at stagnation. Give me problems, give me work, give me
the most abstruse cryptogram or the most intricate analysis, and I am
in my own proper atmosphere. I can dispense then with artificial
stimulants. But I abhor the dull routine of existence. I crave for
mental exaltation." -- Sherlock Holmes

In news:%(E-Mail Removed),
Pegasus (MVP) <(E-Mail Removed)> had this to say:

> Rather than deleting your files, you should rename them, just
> in case!
>
> ren hiden.exe hiden.ex

For some reason your post didn't show up here until just now. How odd...
Anyhow, I didn't think of renaming them which is probably better advice than
my post about deleting them. So, OP, if you happen to read this... Renaming
is usually better than deleting them.

Galen
--

"My mind rebels at stagnation. Give me problems, give me work, give me
the most abstruse cryptogram or the most intricate analysis, and I am
in my own proper atmosphere. I can dispense then with artificial
stimulants. But I abhor the dull routine of existence. I crave for
mental exaltation." -- Sherlock Holmes

I was so edggie that I went a head and looked up Doss commands and deleted
all those files and one or two more I should not have. I had to reinstall
again and get the updates from MS to get my Norton to work right
again...Needless to say I have been downloading AV's and Spy cleaners all
day. I should have waited for the reposts.

I have 5 spyware progs
AD-Aware 6
S&Destroy
Webroot Sweeper {Trial}
SpySubtract w/CWS Shedder {it caught the MSCONFIG one that stated my
problems}
Pest Patrol {trial at least I could find the registry keys}

Webroot has a 30day and you can uninstall and reinstall monthly until I can
afford it =-)

By the way I think I will be having two AV programs on my computer from now
on... AVG did a great job of finding 3 more back door Trojans
2.exe a TH dropper.small9.bv
TVM_B537.exe TH downloader.small.12BQ
243461__.exe TH Dialer.15ba

Thank you again!
-=Mr_B=-

So I guess I am really lucky
"Pegasus (MVP)" <(E-Mail Removed)> wrote in message
news:#(E-Mail Removed)...
>
> "-=Mr_B=-" <(E-Mail Removed)> wrote in message
> news:%(E-Mail Removed)...
> > I need to delete some virus files and entry's on my Windows 2000 pro
that
> > was installed on a FAT32 drive. I know I can start in the command
prompt
> > from a F5 at start up.
> >
> > When I do that I need to delete these files from my C:\WINNT\system32\
> > folder:
> > hiden.exe
> > p2.ini
> > tmpf00.exe
> > mszx.exe
> > drct16.dll
> > vdnt32.sys
> > klogini.dll
> > i.a3d
> > fltr.a3d
> > redir.a3d
> > ps.a3d
> > w32tm.exe
> > cz.dll
> > hz.dll
> > wz.dll
> >
> >
> >
> > Its the Haxdoor Backdoor Trojan.
> >
> > So how do I get into the C:\WINNT\system32\ folder, and how do I Type in
a
> > way to remove them?
> >
> > Something like this? "klogini.dll del" ? When the folder is
> > available????
> >
> >
> >
> > There are also registery things I should delete. How do I open that up
> and
> > delete from there?
> >
> >
> >
> > Sorry it has been sometime since I have messed around with this
stuff....
> >
> > TIA!!!!
> >
> > -=Mr_B=-
>
> You're probably thinking of Windows 98 with your method.
> With Windows 2000, it's F8 you press, not F5, and it does
> not give you a Command Prompt.
>
> Assuming that your infected files are locked while Windows
> 2000 is up and running, you need to reboot your machine
> with your Win2000 CD, select Repair, then select Recovery
> Console. You now need to navigate to the System32 directory:
>
> cd \winnt\system32
>
> Rather than deleting your files, you should rename them, just
> in case!
>
> ren hiden.exe hiden.ex
>
> This deactivates them.
>
> Lastly: You can save yourself a lot of grief if you maintain
> your virus scanner and firewall up-to-date.
>
>

Thanks for Idea of AVG and Stinger. Stinger was a dud but AVG worked great!

Kudo's,
-=Mr_B=-

In news:%(E-Mail Removed),
-=Mr_B=- <(E-Mail Removed)> had this to say:


> Thanks for Idea of AVG and Stinger. Stinger was a dud but AVG worked
> great!
>
> Kudo's,
> -=Mr_B=-

And it's free though there's a pay version if you wish to support them and
get support from them. Free was, if I recall, without support but I found
the interface pretty simple and intuitive. Just for the record, if there's
nothing major lost sometimes it's fun to re-install and the like. I've often
just dumped an OS and started again simply to try new tweaks and settings.
Of course this means I'm an addict but that's okay.

Galen

--

"My mind rebels at stagnation. Give me problems, give me work, give me
the most abstruse cryptogram or the most intricate analysis, and I am
in my own proper atmosphere. I can dispense then with artificial
stimulants. But I abhor the dull routine of existence. I crave for
mental exaltation." -- Sherlock Holmes