Mike, I was not able to do that last night, we were very busy at home. Anyhow, I did put kaspersky on a disk and I will do that this weekend for sure. I was searching the web on how exactly you get this virus and it seems that you can just be surfing a website and they load without you knowing it. What I can't figure out is why AVG or the Charter Security Suite that I have running on my computer didn't detect these, or even the spyware guard etc. My really scary thought is losing explorer, as I don't have the reinstall disks for my computer. Is there a place I can download them or do you think that Dell will let me buy them? Anyhow, all we can do is try Kaspersky and hope for the best right. Please stick with me a couple more days:smileywink: I will post again, probably Monday cause I don't want to get on the net until I can fix or re-format. I want to thank you for sticking with me on this Mike, I know for a fact that I wouldn't have gotten this far without your help. I will talk to you on Monday and will let you know everything then, cross your fingers:smileyvery-happy: Have a great weekend Mike, you've been great:)
Also, by doing a manual restore point, is that where you name the restore point? Do you by chance know where the computer saves the restore point too? I know I can't do a date restore (where you choose a calendar date, tried that on Sunday last week, wouldn't restore). So maybe the manual restore point will work.
I almost forgot, the restore 'points' are in "system volume information\restore..."; you'll see it as the path or folder where the restore files are kept.
I've often thought that myself. I'm kinda under the impression that it's a hacker or malware writer's way of showing that their software is on a target system. You can also rename the file yourself, to any combination of upper and lower case letters and it should work just the same.
There's been quite a few cases where i've seen files that had multiple 'case' in the name, and i'd suspect something was wrong, unless they were cleared by an anti-virus program; interesting enough, there are a few instances where 'baddies' cannot be detected even by heuristics.
Your more than welcome, and we'll take as long a you need ... :)
-
You might want to create a manual system restore point, and backup c:\windows\explorer.exe by itself, to a floppy disc or cd-r, just in case something happens to it along the way - you just would need to reload (copy) it back out.
Maybe in time, as I become more proficient with 'spyware', i'll be able to develop some pro-active 'tools' to prevent that stuff from getting on a system to begin with.
On the disks, you might try posting that question on the software forums, and note it to the moderator (even try a PM) - they should be able to help you get the disks you need.
Mike, I will do that, I also have the explorer program at work also. I have noticed that with most of the logs posted that have this virus, the hijack log shows C:\windows\explorer.EXE, I wonder if that's the infected file and the "real" explorer file is C:\windows\explorer.exe, and if that's the one that I should download to a disk. Putting it on a disk is an excellent idea by the way, I would have never thought of that. See, you are a genius:smileywink: I think I'll also put the copy from work on a disk, just to be extra safe.
That's what I thought too, I just found it unusual that the EXE is upper and the name lower and in reading several different posts about this virus, no log had just lower case. I also looked on my work computer for the explorer program and it's explorer.exe, all lower case. There are two folders here at work, one with a folder and magnifying glass named just explorer, 1 kb in size named windows explorer and then there is a computer monitor with explorer.exe and it's 981kb in size and it says application. Is it the computer monitor one that I burn to a disk?
I'd burn or copy off the c:\windows\explorer.exe from the infected system. That way, in case you try to copy the same file from a 'healthy' system and something goes wrong, you can always load the original one back out.
Wandalarue2
30 Posts
0
March 4th, 2005 12:00
Mike, I was not able to do that last night, we were very busy at home. Anyhow, I did put kaspersky on a disk and I will do that this weekend for sure. I was searching the web on how exactly you get this virus and it seems that you can just be surfing a website and they load without you knowing it. What I can't figure out is why AVG or the Charter Security Suite that I have running on my computer didn't detect these, or even the spyware guard etc. My really scary thought is losing explorer, as I don't have the reinstall disks for my computer. Is there a place I can download them or do you think that Dell will let me buy them? Anyhow, all we can do is try Kaspersky and hope for the best right. Please stick with me a couple more days:smileywink: I will post again, probably Monday cause I don't want to get on the net until I can fix or re-format. I want to thank you for sticking with me on this Mike, I know for a fact that I wouldn't have gotten this far without your help. I will talk to you on Monday and will let you know everything then, cross your fingers:smileyvery-happy: Have a great weekend Mike, you've been great:)
Wandalarue2
30 Posts
0
March 4th, 2005 13:00
Midnight Star
4.8K Posts
0
March 4th, 2005 13:00
I almost forgot, the restore 'points' are in "system volume information\restore..."; you'll see it as the path or folder where the restore files are kept.
-
Mike.
Midnight Star
4.8K Posts
0
March 4th, 2005 13:00
I've often thought that myself. I'm kinda under the impression that it's a hacker or malware writer's way of showing that their software is on a target system. You can also rename the file yourself, to any combination of upper and lower case letters and it should work just the same.
There's been quite a few cases where i've seen files that had multiple 'case' in the name, and i'd suspect something was wrong, unless they were cleared by an anti-virus program; interesting enough, there are a few instances where 'baddies' cannot be detected even by heuristics.
-
Mike.
Midnight Star
4.8K Posts
0
March 4th, 2005 13:00
Your more than welcome, and we'll take as long a you need ... :)
-
You might want to create a manual system restore point, and backup c:\windows\explorer.exe by itself, to a floppy disc or cd-r, just in case something happens to it along the way - you just would need to reload (copy) it back out.
Maybe in time, as I become more proficient with 'spyware', i'll be able to develop some pro-active 'tools' to prevent that stuff from getting on a system to begin with.
Mike.
Midnight Star
4.8K Posts
0
March 4th, 2005 13:00
On the disks, you might try posting that question on the software forums, and note it to the moderator (even try a PM) - they should be able to help you get the disks you need.
-
Mike.
Wandalarue2
30 Posts
0
March 4th, 2005 13:00
Wandalarue2
30 Posts
0
March 4th, 2005 13:00
Midnight Star
4.8K Posts
0
March 5th, 2005 15:00
I'd burn or copy off the c:\windows\explorer.exe from the infected system. That way, in case you try to copy the same file from a 'healthy' system and something goes wrong, you can always load the original one back out.
-
Mike.