From: "Roger M" <
[email protected]>
| Recently had machines infected with this virus??? All
| machines are of Dell manufacture on a LAN and are loaded
| with XP-SP1. Syptoms include : cannot open word or excel
| files; cannot edit registry; cannot perform software
| updates of anykind & some websites will not load. Machines
| preloaded with XP-SP2 do not appear to be affected. Thru
| shear desparation, disconnected machines from network and
| did a complete reload of XP from original CDs. Yes HD was
| formatted during reload. Applied the folllowing patches:
| WindowsXP-KB823980-X86-ENU, KB824146-X86-ENU &
| KB835732-X86-ENU. Thought these would protect the new
| install but found out that MSNPG came back almost
| immediately. What did I miss? Has anyone run into this
| one before and what is the "cure"? TIA.
There are anti virus News Groups specifically for this type of discussion.
microsoft.public.scripting.virus.discussion
microsoft.public.security.virus
alt.comp.virus
alt.comp.anti-virus
What you missed in the installation of anti virus software. If you did you would find that
you would have protected your computers.
You would have also found that the infector using MSNPG.exe has a name. That name would
help you find and remove the infector and prevent re-infection and cross-contamination.
Dump the contents of the IE Temporary Internet Folder cache (TIF)
start --> settings --> control panel --> internet options --> delete files
1) Download the following items...
McAfee Stinger
http://vil.nai.com/vil/stinger/
BHOdemon
http://www.definitivesolutions.com/bhodemon.htm
Trend Sysclean Package
http://www.trendmicro.com/download/dcs.asp
Latest Trend Pattern File.
http://www.trendmicro.com/download/pattern.asp
Ad-aware SE (free personal version v1.05)
http://www.lavasoftusa.com/
Create a directory.
On drive "C:\"
(e.g., "c:\New Folder")
or the desktop
(e.g., "C:\Documents and Settings\lipman\Desktop\New Folder")
Download Sysclean.com and place it in that directory.
Download the Trend Pattern File by obtaining the ZIP file.
For example; lpt540.zip
Extract the contents of the ZIP file and place the contents in the same directory as
sysclean.com.
2) Update Ad-aware with the latest definitions.
3) Disable System Restore
http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm
4) Reboot your PC into Safe Mode [F8 key during boot]
and shutdown as many applications as possible.
5) Using Trend Sysclean, Stinger and Ad-aware, perform a Full Scan of your
platform and clean/delete any infectors/parasites found.
(a few cycles may be needed)
6) Restart your PC and perform a "final" Full Scan of your platform using the three
utilities; Trend Sysclean, Stinger and Adaware
7) Re-enable System Restore and re-apply any System Restore preferences,
(e.g. HD space to use suggested 400 ~ 600MB),
8) Reboot your PC.
9) Install, execute and update BHOdemon and then scan the platform and remove
any unkown Browser Helper Objects.
10) Create a new Restore point
* * * Please report your results ! * * *