JS/Psyme query

[Chrisssssss.........]

I have Windows XP with SP2 and I regularly update.
Yesterday, my AVG halted the JS/Psyme virus.
However, all the AVG options to Remove, Delete, Quarantine etc would not
work with this virus.
I therefore didn't know what to do next. So I turned off the computer at the
On/Off button and rebooted.
Apart from a warning at startup saying that a missing registry file had been
successfully replaced from an earlier folder or copy, the computer seems to
be working fine.
What should I do now if anything?
Any advice would be appreciated.
Thanks, Chrisss.....

 

[David H. Lipman]

From: "Chrisssssss........." <[email protected]>

| I have Windows XP with SP2 and I regularly update.
| Yesterday, my AVG halted the JS/Psyme virus.
| However, all the AVG options to Remove, Delete, Quarantine etc would not
| work with this virus.
| I therefore didn't know what to do next. So I turned off the computer at the
| On/Off button and rebooted.
| Apart from a warning at startup saying that a missing registry file had been
| successfully replaced from an earlier folder or copy, the computer seems to
| be working fine.
| What should I do now if anything?
| Any advice would be appreciated.
| Thanks, Chrisss.....
|

1) Dump the contents of your IE cache -
Start --> settings --> control panel --> Internet options --> delete files

2) Dump the contents of your Sun Java cache -
Start --> settings --> control panel --> Java applet --> cache --> clear
or
Start --> settings --> control panel --> Java applet --> general --> settings -->
delete files

3) Download the following two items...

Trend Sysclean Package
http://www.trendmicro.com/download/dcs.asp

Latest Trend signature files.
http://www.trendmicro.com/download/pattern.asp

Trend Sysclean Method 1
---------------------------------------
Create a directory.
On drive "C:\"
(e.g., "c:\sysclean")

Download SYSCLEAN.COM and place it in that directory.
Download the signature files (pattern files) by obtaining the ZIP file.
For example; lpt572.zip

Extract the contents of the ZIP file and place the contents in the same directory as
SYSCLEAN.COM.

Trend Sysclean Method 2
---------------------------------------
The utility SYSCLEAN_FE at the following URL http://www.ik-cs.com/got-a-virus.htm
automates the download and execution process of the Trend Sysclean Package.

Direct URL:
http://www.ik-cs.com/programs/virtools/Sysclean_FE.exe

4) Disable System Restore
http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm
5) Reboot your PC into Safe Mode then shutdown as many applications as possible.
6) Using the Trend Sysclean utility, perform a Full Scan of your platform and
clean/delete any infectors found
7) Restart your PC and perform a "final" Full Scan of your platform
8) Re-enable System Restore and re-apply any System Restore preferences,
(e.g. HD space to use suggested 400 ~ 600MB),
9) Reboot your PC.
10) Create a new Restore point

* * * Please report back your results * * *

 

[Chrisssssss.........]

Dear Dave,
Many thanks for your detailed reply.
However, before I attempt your rather complicated instructions, I need to
ask this:
Is it likely that I am infected, bearing in mind that AVG stopped the virus
(although I was unable to get AVG to delete or quarantine it)?
If I am infected, why does my computer appear to be working fine?
Many thanks, Chrissss.....

 

[David H. Lipman]

| Dear Dave,
| Many thanks for your detailed reply.
| However, before I attempt your rather complicated instructions, I need to
| ask this:
| Is it likely that I am infected, bearing in mind that AVG stopped the virus
| (although I was unable to get AVG to delete or quarantine it)?
| If I am infected, why does my computer appear to be working fine?
| Many thanks, Chrissss.....

You have a 50-50 chance of being infected. Just becuase the PC is working OK doesn't mean
too much.
The brights side would be nothing is found. But on the otherhand, if you don't do the
scans -- are you sure you are clean ?

 

[Chrisssssss.........]

Thanks Dave,

The reason I ask is that other people seem to have been OK after deleting
the temp folder.
I did this immediately, plus ran Clean Cache. I then ran scans, Ad-Aware,
Microsoft's antispyware prog and all seem to be clear (all progs are
updated).
I therefore dont want to put my computer to further risk if it's not reallt
necessary.

Any further thoughts?

Thanks Chrisss......

 

[David H. Lipman]

|
|
|
|| You have a 50-50 chance of being infected. Just becuase the PC is working
|| OK doesn't mean
|| too much.
|| The brights side would be nothing is found. But on the otherhand, if you
|| don't do the
|| scans -- are you sure you are clean ?
||
|| --
|| Dave
|| http://www.claymania.com/removal-trojan-adware.html
|| http://www.ik-cs.com/got-a-virus.htm

There is no further risk in using these files to scan.
The risk *may* be in NOT using the utilities ;-)

 

[andy smart]

Thanks Dave,

The reason I ask is that other people seem to have been OK after deleting
the temp folder.
I did this immediately, plus ran Clean Cache. I then ran scans, Ad-Aware,
Microsoft's antispyware prog and all seem to be clear (all progs are
updated).
I therefore dont want to put my computer to further risk if it's not reallt
necessary.

Any further thoughts?

Thanks Chrisss......

Think of the scanning as being equivalent to going to the doctor - you
may be worried about what the doc will tell you, but it won't make it
worse (well, not if they're a good doctor LOL). However not scanning
your machine/going to the doctor can result in you getting worse or
spreading your ailments around.

David's given you good advice, I recomment taking it...