security alert

[Rome Opendak]

I am a computer professional in the field for 11 years
now, and yesterday caught my first virus. The file is
quarantined, so there is no way it can be transmitted.

Unfortunately the program infected is wincfg32.exe, which
is marked in use by windows. (C:\WINDOWS\System32\)

What are the steps I need to take to delete or replace
the file, short of reinstalling windows xp?

 

[Carey Frisch [MVP]]

"wincfg32.exe" is the virus file itself....delete it.

Visit: http://www.sophos.com/virusinfo/analyses/w32ronopera.html

--
Carey Frisch
Microsoft MVP
Windows XP - Shell/User

Be Smart! Protect your PC!
http://www.microsoft.com/security/protect/

--------------------------------------------------------------------------


|I am a computer professional in the field for 11 years
| now, and yesterday caught my first virus. The file is
| quarantined, so there is no way it can be transmitted.
|
| Unfortunately the program infected is wincfg32.exe, which
| is marked in use by windows. (C:\WINDOWS\System32\)
|
| What are the steps I need to take to delete or replace
| the file, short of reinstalling windows xp?

 

[Fritz]

wincfg32.exe is not a Windows system process. Just kill it from the task
manager and delete the file.

http://securityresponse.symantec.com/avcenter/venc/data/backdoor.silverftp.html

 

[Rick]

Ronoper/SilverFTP worm/backdoor trojan; removal simple for a computer
professional; see here:

http://www.sophos.com/virusinfo/analyses/w32ronopera.html and
http://securityresponse.symantec.com/avcenter/venc/data/backdoor.silverftp.html

Since it is shown as "in use", stop the applicable process in task manager
before going about the removal procedure. Then change whatever AV program
you are using because it is certainly not quarantined if it has installed
itself and is running as a process (in use).

Rick