VIRUSES HELP! W32SWEN.A@mm and W32KLEZ.H@mm

[Guest]

I run Windows XP home ed., on a Toshiba laptop, and find myself the unlucky recipient of one infection of the W32.Swen.A@mm virus, AND of THREE different attacks by the W32.Klez.H@mm virus. All were "caught" by Symantec, and quarantined, but the program could not repair and restore them. The first Klez infected Byf.exe, a TMP file of 90.6 KB. Next infected by Klez was Scd.scr, another TMP file of 88.8KB. Finally, Klez got to size.bat, also TMP, 88.9KB. Swen got to gldtibhn.exe, a TMP file of 104KB. (of course, I have very little idea of what these files are, what they do, or how important they are to the running of my computer, which SEEMS to be fine, except for a few little problems - documents which I had saved to my docs folder, but are now blank, for instance, which I don't know whether or not has anything to do with this)
I went to Symantec's site, where they give the information and downloads to get rid of the viruses, and restore the files, and about a ream of paper later, I am sitting here wondering if the average person is capable of doing this? It seems that one set of instructions leads to another, to another, to another...
Will I have to back up my registry? Will I have to un/reinstall NAV? or un/reinstall Windows Installer? Am I going to lose information I have worked years on? How difficult IS this to do? Is there any REAL support for this process or are you basically on your own
Thanks
Deborah Sweet

 

[David H. Lipman]

First, you posted in the WRONG place !

There are anti virus News Groups specifically for this type of discussion.

microsoft.public.scripting.virus.discussion
microsoft.public.security.virus
alt.comp.virus
alt.comp.anti-virus

Download McAfee's virus and worm removal tool Stinger http://vil.nai.com/vil/stinger/ (which
covers both the Swen and Klez mass mailers) and perform a complete scan of your PC. If it
finds nothing then Norton AV protected you.

Dave



| I run Windows XP home ed., on a Toshiba laptop, and find myself the unlucky recipient of
one infection of the W32.Swen.A@mm virus, AND of THREE different attacks by the
W32.Klez.H@mm virus. All were "caught" by Symantec, and quarantined, but the program could
not repair and restore them. The first Klez infected Byf.exe, a TMP file of 90.6 KB. Next
infected by Klez was Scd.scr, another TMP file of 88.8KB. Finally, Klez got to size.bat,
also TMP, 88.9KB. Swen got to gldtibhn.exe, a TMP file of 104KB. (of course, I have very
little idea of what these files are, what they do, or how important they are to the running
of my computer, which SEEMS to be fine, except for a few little problems - documents which I
had saved to my docs folder, but are now blank, for instance, which I don't know whether or
not has anything to do with this).
| I went to Symantec's site, where they give the information and downloads to get rid
of the viruses, and restore the files, and about a ream of paper later, I am sitting here
wondering if the average person is capable of doing this? It seems that one set of
instructions leads to another, to another, to another....
| Will I have to back up my registry? Will I have to un/reinstall NAV? or un/reinstall
Windows Installer? Am I going to lose information I have worked years on? How difficult IS
this to do? Is there any REAL support for this process or are you basically on your own?
| Thanks,
| Deborah Sweet

 

[Carey Frisch [MVP]]

When Norton quarantines a known virus file, you should delete it from
quarantine and not attempt to repair it. Attempting to repair a known
virus file may result in unleashing the virus into your computer.

Open your Norton Antivirus program and click on:
Reports > Quarantined items (View Reports), then click on
'Quarantined Items', click once on a virus file to highlight it
and then click the 'Delete Item' button on the Toolbar.

Afterward run Norton's LiveUpdate to update your virus
definitions, then perform a full system scan.

--
Carey Frisch
Microsoft MVP
Windows XP - Shell/User

Be Smart! Protect your PC!
http://www.microsoft.com/security/protect/

--------------------------------------------------------------------------------------------------------


| I run Windows XP home ed., on a Toshiba laptop, and find myself the unlucky recipient of one infection of
the W32.Swen.A@mm virus, AND of THREE different attacks by the W32.Klez.H@mm virus. All were "caught" by
Symantec, and quarantined, but the program could not repair and restore them. The first Klez infected Byf.exe,
a TMP file of 90.6 KB. Next infected by Klez was Scd.scr, another TMP file of 88.8KB. Finally, Klez got to
size.bat, also TMP, 88.9KB. Swen got to gldtibhn.exe, a TMP file of 104KB. (of course, I have very little idea
of what these files are, what they do, or how important they are to the running of my computer, which SEEMS to
be fine, except for a few little problems - documents which I had saved to my docs folder, but are now blank,
for instance, which I don't know whether or not has anything to do with this).
| I went to Symantec's site, where they give the information and downloads to get rid of the viruses, and
restore the files, and about a ream of paper later, I am sitting here wondering if the average person is
capable of doing this? It seems that one set of instructions leads to another, to another, to another....
| Will I have to back up my registry? Will I have to un/reinstall NAV? or un/reinstall Windows Installer? Am I
going to lose information I have worked years on? How difficult IS this to do? Is there any REAL support for
this process or are you basically on your own?
| Thanks,
| Deborah Sweet

 

[larry]

go to
http://www.grisoft.com/us/us_ts_removers.php
look for their elkern tool. it runs in DOS off a floppy and will clean
files that the Symantec cleaner won't get because it runs in Windows

good luck

 

[Malke]

go to
http://www.grisoft.com/us/us_ts_removers.php
look for their elkern tool. it runs in DOS off a floppy and will
clean
files that the Symantec cleaner won't get because it runs in Windows

This is incorrect information. The Klez removal tool from Symantec runs
in Windows. You need to first turn off System Restore and then run the
tool in Safe Mode.

Deborah, of course there is support available to you when you've made
the mistake of clicking on an attachment in email and gotten infected.
You can always call a good local computer repair person to clean up
your machine. I do this all the time. You are responsible for
practicing safe computing. Not opening attachments in email - no matter
*who* the email is from - is Rule #1.

From your post, I would strongly suggest you call in outside help to get
your computer back in business.

Best of luck,

Malke

 

[larry]

Malke,

i have used the Symantec removal tool and it still left klez in come
system files; that is why i recommended the grisoft DOS tool. i ran
it after Sym tool and it cleaned maybe 5 or six files that the Sym
tool couldn't get. Maybe random occurrence, but that is whence my
suggestion..

cheers,

larry

 

[Malke]

Malke,

i have used the Symantec removal tool and it still left klez in come
system files; that is why i recommended the grisoft DOS tool. i ran
it after Sym tool and it cleaned maybe 5 or six files that the Sym
tool couldn't get. Maybe random occurrence, but that is whence my
suggestion..

What I was disagreeing with was your first post in which you said the
Symantec tool couldn't be run in Windows, which is incorrect. Although
my experience with Symantec's Klez removal tool is good (nothing left
in system files if System Restore is turned off first and tool is
properly run in Safe Mode), the more tools the better. Of course, DOS
tools won't be useful at all if the file system being checked is nfts
(without the additional ntfsread utility).

Cheers,

Malke