RideCamp@endurance.net
How to get rid of the virus manually if you don't think it's 'possible'
Yes, it can be deleted...just not from within windows. You're probably referring to the message that you get when you try to delete it in the 'find' screen on windows after you have found it which says "file in use by windows, cannot be deleted" or something to that effect.
Here's what to do:
Before anything else, open a word processing program and open 'win.ini'. This is the file that tells windows everything to do on startup--even what wallpaper to put up. You will need to find 'win.ini' under C:/windows/system/win.ini most likely. (I hope most people know how to look through file structures, if no, you'll have to enlist a friend who can)
Now, at the top of this file there will be the text line : "Load: XXX" where XXX is the name of the virus (there are many names for this particular virus, but .pif is the extension for all of them). Simply delete that line..backspace over it, highlight and delete...whatever. Now, save the file back to win.ini and you're done for part #1.
Next, restart windows. Now, go back to 'find' and look for those files again. This time, you can highlight them, right click, select 'delete' and it will because win.ini didn't load them upon start up! AHHH, isn't outsmarting them fun?
Now, you have one more problem...that's the Trojan horse program. It's there, and you can find it in 'find' but you wont be able to find it in the win.ini....or at least I couldn't. So, here's where DOS comes in (thank God for DOS...if all else fails, DOS won't!).
Restart your computer in DOS mode. Now, you'll see a C:/ prompt on the screen. at this C prompt, type so your screen looks like this: <C:/cd windows> (no carrots in that, I'll use carrots to separate what the line should look like from the instructions I"m typing.) and hit 'enter'. You're screen will now show C:/windows. Ok, now, once again...type so the screen looks like this: <C:/windows/cd system> and hit enter.
Now, your screen will look like C:/windows/system. K, here's where we get rid of the damn critter.
make your screen look like this: <C:/windows/system/del filename> where 'filename' is the exact name of the file that is the Trojan virus. Hit 'enter'. If you're successful, DOS will not give you an error message.
It's gone..you just deleted the Trojan virus from outside of windows so it couldn't protect itself by being in use!! How sneaky are you?! Give yourself a clap on the back (careful, don't hurt your riding arm!!).
Now, type <cd..> after each / until you get back to <C:/>. Once you get there, type <C:/win> and the computer will ask if you want to go back to windows. Hit <Y> for yes.
Hope this helps. You'll have to look through the ridecamp archives for the file names to delete specifically, as I chucked the instructions from mcaffee after removing them from my system, and don't remember them offhand.
Corrine
> ** Original Subject: RE: RC: Possible permant cure for virus's !
> ** Original Sender: "Carolyn Burgess" <carolyn_burgess@hotmail.com>
> ** Original Date: 2 May 2001 16:11:11 -0000
> ** Original Message follows...
>
> <html><DIV>
> <P><BR>But some of us did manage to get infected, even with virus protection. The message below is for those who did get infected, even if you don't think you did not. I didn't think I got infected, but when I updated the virus checker, it showed I was infected and couldn't be deleted because it had insinuated itself into windows.</P></DIV>
> <DIV></DIV>
> <DIV></DIV>>From: "steven" <TRAILS@JPS.NET>
> <DIV></DIV>>To: "Carolyn Burgess" <CAROLYN_BURGESS@HOTMAIL.COM>, <RIDECAMP@ENDURANCE.NET>
> <DIV></DIV>>Subject: Re: RC: Possible permant cure for virus's !
> <DIV></DIV>>Date: Wed, 2 May 2001 08:31:15 -0700
> <DIV></DIV>>
> <DIV></DIV>>Hi: As I have stated, the attachment if it can not be repaired "never" is recieved by the computer. It is scanned by "Norton" if it is a virus or has a infected/virus attachment it is stripped from the message or the whole message and attachment is deleted and does not go to "Windows" "DOS" or Outlook Express, ect.
> <DIV></DIV>>Hope this is clear enough.
> <DIV></DIV>>Steven
> <DIV></DIV>> ----- Original Message -----
> <DIV></DIV>> From: Carolyn Burgess
> <DIV></DIV>> To: trails@jps.net ; ridecamp@endurance.net
> <DIV></DIV>> Sent: Wednesday, May 02, 2001 8:22 AM
> <DIV></DIV>> Subject: Re: RC: Possible permant cure for virus's !
> <DIV></DIV>>
> <DIV></DIV>>
> <DIV></DIV>> The thing about this virus is that it attaches itself to windows and 3 of the files cannot be deleted through windows, you must go into DOS and delete it. You can tell when you get it because the worm just regurgitates a message and then says "look at this attachment". I got one just like it from a friend and deleted it. She swore that there was a real attachment there.
> <DIV></DIV>>
> <DIV></DIV>>
> <DIV></DIV>>
> <DIV></DIV>> Thi
> <DIV></DIV>> >From: "steven"
> <DIV></DIV>> >To:
> <DIV></DIV>> >Subject: RC: Possible permant cure for virus's !
> <DIV></DIV>> >Date: Wed, 2 May 2001 06:47:29 -0700
> <DIV></DIV>> >
> <DIV></DIV>> >Hi Folks: I use Symantec virus scan which is a part of Norton SystemWorks. I
> <DIV></DIV>> >have used one of the different settings available from a list of options.
> <DIV></DIV>> >The option that I have chosen to use is:
> <DIV></DIV>> >
> <DIV></DIV>> >"Try to repair, then delete if unsuccessful"
> <DIV></DIV>> >
> <DIV></DIV>> >This setting does not allow any of the virus's on my machine PERIOD. In
> <DIV></DIV>> >short if Norton does repair a incoming "Virus" it just DELETES the
> <DIV></DIV>> >attachment and I never see it nor does the computer. This program scans all
> <DIV></DIV>> >incoming E-Mail messages or downloads.
> <DIV></DIV>> >
> <DIV></DIV>> >Hope this helps.
> <DIV></DIV>> >Steven
> <DIV></DIV>> >
> <DIV></DIV>> >
> <DIV></DIV>> >=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
> <DIV></DIV>> >Ridecamp is a service of Endurance Net, http://www.endurance.net.
> <DIV></DIV>> >Information, Policy, Disclaimer: http://www.endurance.net/RideCamp
> <DIV></DIV>> >=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
> <DIV></DIV>> >
> <DIV></DIV>>
> <DIV></DIV>>
> <DIV></DIV>>------------------------------------------------------------------------------
> <DIV></DIV>> Get your FREE download of MSN Explorer at http://explorer.msn.com
> <DIV></DIV>>
> <DIV></DIV>>
> <DIV></DIV><br clear=all><hr>Get your FREE download of MSN Explorer at <a href="http://explorer.msn.com">http://explorer.msn.com</a><br></p></html>
>
>
> =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
> Ridecamp is a service of Endurance Net, http://www.endurance.net.
> Information, Policy, Disclaimer: http://www.endurance.net/RideCamp
> =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
>
>** --------- End Original Message ----------- **
>
Download NeoPlanet at http://www.neoplanet.com
Home
Events
Groups
Rider Directory
Market
RideCamp
Stuff
Back to TOC