have recieved a virus ,W32.Weird (description can be found at
http://securityresponse.symantec.com/avcenter/venc/data/w32.weird.html). My norton anti-virus could not fix it, so i followed the instructions on there website to remove it but without any luck. Is it possible for you to explain how to remove this virus please. If more information is needed, just say so. P.S i have windows XP home.
thanx
When you say you have "received a virus" do you mean that you got an email
with an infected file attached and Norton has warned you about it? If yes,
all you have to do is delete that email and delete it from the trash too.
If on the other hand, Norton has informed that the system is actually
infected then you need to perform the removal process outlined in their
documentation.
If you are infected, I can see why you would have trouble with this. Even
though Windows XP has been added to the list of affected systems, the
directions for removal have not been updated to include XP removal methods
(date of this document is 1999). The best thing to do is probably to call
Symantec technical support and have them walk you through the removal step
by step.
I've adapted the steps the best that I can in case you want to get started
on this on your own but if you use them, suggest that you still follow up
with Symantec's technical support: 1) They need to update that document and
2) They are more knowledgeable about what this virus is and what it does
and how to pick out all of its parts.
Summary:
This is a "virus." That is different than a trojan or worm. It's main
purpose in life is to damage your system. The longer it exists on the
system, the more damage it can cause. This particular virus attacks EXE
files, perpetuates its existence with a planted INI file and as an extra
little goodie it sets up a small server app to grant remote access to an
intruder.
Infected EXE files may not run as expected or they may not run at all.
The good Windows File Protection *should* have protected your Windows
system files. As long as you did not okay any modifications, this tool
should have replaced any bogus file with a fresh bonafide XP copy. This
only covers core system files but hopefully has lessened the amount of
damage that has occurred.
Before starting, set Folder Options> View to show hidden files and folders
and uncheck the box to show system protected files. Also check the box to
display the contents of system folders and uncheck the box to hide known
file extensions.
Replace "Windows folder" and "\Windows" with whatever the name of your
Windows folder is. If you have a C:\Winnt folder in addition to your
Windows folder, check that folder for the files mentioned below as well.
=========================================
The file that the virus places to run the server application is in your
Windows folder. The file will be named after your computer with a few
characters changed. You can find out the name of your computer by right
clicking My Computer and selecting Properties. On the Computer Name page,
whatever is shown after "Full Computer Name" (minus the period XP sticks in
there) is the name that you are trying to match up with the virus file.
Go to the Windows folder. Set View to Details. Click on the header in the
"Type" (click on the actual bar) to sort the list by file type. After the
section that lists all "Folders", you'll see Application files listed
Look for a file with a name that is similar to your computer's name with a
few changed characters in it.
Delete the file.
Delete the following two files (also in the Windows folder, sort by name to
get to the files starting with "W":
wininit.ini
wininit.bak
Restart the computer.
Symantec next says to run live update. This virus is pretty old so you
should already have the needed definitions to address it, but if you can
still connect to the internet with this computer, it certainly would be
wise to run live update anyhow.
Next Norton says to run a full system scan. If you have never done this
before, open the main window for the program and check the help file for
directions. Usually you select your drives from this window and click a
Scan button. Typically a full scan checks more files and file types than
autoprotection so be prepared to allow extra time for this to run to
completion.
Symantec's recommendation is to allow NAV to attempt a repair to any
infected files it can find. If the files cannot be repaired you must allow
Norton to delete them and then manually replace the files. System File
Checker (SFC) can help you with replacing Windows XP files.
http://www.microsoft.com/technet/prodtechnol/winxppro/proddocs/system_file_checker.asp
The last thing that Norton says to do is: If NAV reports that it cannot
delete an infected file, you must shut down the computer, turn off the
power, and wait 30 seconds. Then restart the computer in Safe mode and run
the scan again.
Suggestion: Run Live Update. Then restart to Safe Mode and perform the
entire scanning process there.
If you have programs that do not run after the repairs, reinstall them. If
Windows is not quite right, you may have to perform a repair install:
How to Perform an In-Place Upgrade (Reinstallation) of Windows XP
http://support.microsoft.com/default.aspx?scid=kb;EN-US;315341
NOTE: The above article applies to retail CD or a generic OEM CD. If your
Windows came preinstalled and your recovery media has been customized by
the manufacturer, check your system manual for restore/repair options and
for directions.
