help pls: virus attack/NAV disabled

[tg]

I've had a virus attack on a Win98 PC I've been working on and nothing seems
to repair it. The PC had NAV 2003 on it but it won't start, and it won't
install the program update from Live Update. I keep getting a failure to
install message. I took the hard drive out and plugged it in to another
computer (as a slave drive) and scanned it with McAffee Virus Scan, which
found the MyLife worm twice and I deleted both files. I also scanned the
drive from DOS using the latest f-prot but it didn't find anything. I've
re-installed windows. I've run the mcaffee stinger. I've run several worm
removal tools - nothing. But even after all this scanning NAV will still not
start. I've reinstalled NAV but still no difference. I've spent hours on
this damn PC and still can't break the ice with it.
What can I do? Unforunately format c: is not an option here. I have to get
it back working the way it was.

 

[Duane Arnold]

What can I do? Unforunately format c: is not an option here. I have to get

it back working the way it was.

I would try some specialized applications like the Cleaner or others and
scan the machine some more. And the registry could be infected or
compromised too.

My take on it is never keep anything on a machine you're not willing to
wipeout the machine for and off load or back-up critical data on a periodic
basis.

I back-up the address book, favorites, and Gator password files and that's
it anything else I send to off-line storage.

HTH

Duane

 

[Larry Sabo]

I've had a virus attack on a Win98 PC I've been working on and nothing seems
to repair it. The PC had NAV 2003 on it but it won't start, and it won't
install the program update from Live Update. I keep getting a failure to
install message. I took the hard drive out and plugged it in to another
computer (as a slave drive) and scanned it with McAffee Virus Scan, which
found the MyLife worm twice and I deleted both files. I also scanned the
drive from DOS using the latest f-prot but it didn't find anything. I've
re-installed windows. I've run the mcaffee stinger. I've run several worm
removal tools - nothing. But even after all this scanning NAV will still not
start. I've reinstalled NAV but still no difference. I've spent hours on
this damn PC and still can't break the ice with it.
What can I do? Unforunately format c: is not an option here. I have to get
it back working the way it was.

I remove a whack of trojans off a client's system, one part of which
ran killnav.exe and frustrated NAVCE from running. I would suggest
downloading and running a trial version of Trojan Hunter, or running
http://rav.ro/scan (click under the registration box to run without
registering). Save the scan report(s) and remove the infections
manually, as RAV was unable to fix them. You might also have to remove
NAV using RNAV2003 and even manually remove all traces of NAV from the
registry and Program Files (see Symantec's site for instructions,
which vary with OS).

You can also consider installing Win98 as a "fresh" install without
reformatting. (You rename your Windows and Program Files directories,
save files located at root, rename win.com and winver.exe then
reinstall Windows to c:\Windows (not c:\Windows.000). Be sure to
locate and save the Product Key in the registry first.) This will save
all the data but you will have to reinstall programs. Google for the
procedure, which is described on the microsoft site.

Good luck!

Larry

 

[tg]

"tg" <[email protected]> wrote:

You can also consider installing Win98 as a "fresh" install without
reformatting. (You rename your Windows and Program Files directories,
save files located at root, rename win.com and winver.exe then
reinstall Windows to c:\Windows (not c:\Windows.000). Be sure to
locate and save the Product Key in the registry first.) This will save
all the data but you will have to reinstall programs. Google for the
procedure, which is described on the microsoft site.

Good luck!

Larry

thanks for your feedback Larry. I'm afraid this one ended up defeating me
and I had to format c: and rebuild.

 

[Hank Gans]

Larry,

I found a virus on my wife's computer, the Klez32.a using rav.co. Thanks for
posting that suggestion.

What bothers me is that Norton missed the virus which was in a deleted
outlook express email. It was deleted but was sitting in the deleted folder
within outlook express.

I poked around Norton to find out why it missed it and it had under
exclusions the .nch and .dbx file formats to exclude. The infected email was
contained in an outlook express .dbx file.

My question to you is: who excluded the .dbx file format from what Norton
should be scanning? Is it possible a virus could do this? If an outlook
express folder uses this file format and outlook express can be one of the
most likely places for viruses or worms to enter the computer why would
Norton exclude looking for it in that folder? What happens if I delete the
..dbx format from the excluded list?

Also on that list is \system volume information.

Thanks again for posting that web site for scans. I did an external scan
from the symantec site as well and it didn't see the virus either.

 

[kurt wismer]

Larry,

I found a virus on my wife's computer, the Klez32.a using rav.co. Thanks for
posting that suggestion.

What bothers me is that Norton missed the virus which was in a deleted
outlook express email. It was deleted but was sitting in the deleted folder
within outlook express.

I poked around Norton to find out why it missed it and it had under
exclusions the .nch and .dbx file formats to exclude.

sounds natural to me...

The infected email was
contained in an outlook express .dbx file.

My question to you is: who excluded the .dbx file format from what Norton
should be scanning?

probably symantec (the folks who make nav) and for good reason...

Is it possible a virus could do this? If an outlook
express folder uses this file format and outlook express can be one of the
most likely places for viruses or worms to enter the computer why would
Norton exclude looking for it in that folder? What happens if I delete the
..dbx format from the excluded list?

the last thing you want is nav quarantining the dbx file when it detects
a virus in it... it'll break OE, all your saved/new/unsent emails will
disappear...

if you had the on-access component of nav running it should still have
prevented the virus from being activated, but to scan within that
database format (yes, it's a kind of database for email) you may need a
more specialized solution... or it might just be a setting in nav, i
don't know since i don't use the product...

Also on that list is \system volume information.

possibly not so good... that's where your system restore would be, i
think most people would like to know when there's a virus trapped in
their system restore so that they can avoid restoring it...