Vicious Virus Attack - How do I get info to fix things

[Guest]

Sorry in advance for the length of this

I got an email from a technically challenged friend in Australia with an attached zip file which I tried to open. I have it isolated. It was definitely the cause of my virus infection. It wasn't from him and the address was truncated (so reply won't work). The attachment looked like a zip file but wouldn't open. Properties also mentioned screen saver somewhere

The effect of the virus was to change the user ID picture at the login screen (first thing I noticed), rollup my My Documents and other files into similar Zip files and delete them, disable task manager, create executables and put some of these into my startup stream. I reloaded SOPHOS and it detected 2 occurences of Troj/Mendwar - A. Reading the net, this appears to be a relatively benign virus and may well be a red herring. I deleted the two ocurances

I've now gone back to a system restore point (by luck and planning, yesterday). This has given me back task manager and appears to have stopped the executables from getting started. I still have no My documents data and a pile of apparent zip files, rtf files (which I can't open) and application files. One of each for each missing set of files

Can anyone recognise a well known virus from these symptoms and direct me to a safe and well known web site which contains details of how to get my system sorted out again? At worst, I'll go back to backups but they are a little stale (It's a home machine - no vital data)

I have got a bit more info and data but I would think there's enough here for recognition purposes

Thanks in advance people.

 

[Carey Frisch [MVP]]

There is a very helpful virus removal newsgroup you may wish to post to:
news://msnews.microsoft.com/microsoft.public.security.virus

Symantec Security Check
http://security.symantec.com/sscv6/default.asp?langid=ie&venid=sym

Virus Removal Tools
http://securityresponse.symantec.com/avcenter/tools.list.html

Online Virus Removal Tutorials
http://www.symantec.com/techsupp/virusremoval/virusremoval_info_tutorial.html

Computer viruses: description, prevention, and recovery
http://support.microsoft.com/default.aspx?scid=kb;EN-US;129972

--
Carey Frisch
Microsoft MVP
Windows XP - Shell/User

Be Smart! Protect your PC!
http://www.microsoft.com/security/protect/

---------------------------------------------------------------------------------------------------------


| Sorry in advance for the length of this.
|
| I got an email from a technically challenged friend in Australia with an attached zip file which I tried to
open. I have it isolated. It was definitely the cause of my virus infection. It wasn't from him and the
address was truncated (so reply won't work). The attachment looked like a zip file but wouldn't open.
Properties also mentioned screen saver somewhere.
|
| The effect of the virus was to change the user ID picture at the login screen (first thing I noticed),
rollup my My Documents and other files into similar Zip files and delete them, disable task manager, create
executables and put some of these into my startup stream. I reloaded SOPHOS and it detected 2 occurences of
Troj/Mendwar - A. Reading the net, this appears to be a relatively benign virus and may well be a red herring.
I deleted the two ocurances.
|
| I've now gone back to a system restore point (by luck and planning, yesterday). This has given me back task
manager and appears to have stopped the executables from getting started. I still have no My documents data
and a pile of apparent zip files, rtf files (which I can't open) and application files. One of each for each
missing set of files.
|
| Can anyone recognise a well known virus from these symptoms and direct me to a safe and well known web site
which contains details of how to get my system sorted out again? At worst, I'll go back to backups but they
are a little stale (It's a home machine - no vital data).
|
| I have got a bit more info and data but I would think there's enough here for recognition purposes.
|
| Thanks in advance people.

 

[Guest]

Carey

Thanks for this. I tried to repost on the security.virus group but it's a differnet format and my outlook installation refused to play ball. This is a bit like going to cut the grass and ending up fixing the garage door so I've stopped trying this for the moment

Message was something like can't sed, no sender name, check your news account

Meanwhile I'll try some of your other suggestions

I would have thought that something so bad would be very well known but I can't find any references so far

Dougie

 

[Guest]

Getting places now. Although latest SOPHOS (I think) gives me a clean bill of health, the free web based Symantec product found an infestation of W32.MyDoom.F@mm (100+ entries)

Going to bed now but will tackle tomorrow.

 

[Lanwench [MVP - Exchange]]

Carey,

Thanks for this. I tried to repost on the security.virus group but it's a

differnet format and my outlook installation refused to play ball. This is a
bit like going to cut the grass and ending up fixing the garage door so I've
stopped trying this for the moment.

Message was something like can't sed, no sender name, check your news

account.

Try using msnews.microsoft.com for all the MS newsgroups. No login
credentials required.

Meanwhile I'll try some of your other suggestions.

I would have thought that something so bad would be very well known but I

can't find any references so far.

 

[Lanwench [MVP - Exchange]]

Unplug your computer before you go to bed!

Getting places now. Although latest SOPHOS (I think) gives me a clean bill

of health, the free web based Symantec product found an infestation of
W32.MyDoom.F@mm (100+ entries).