KAZAA LITE (VIRUS) HELP

[neillsmob]

can someone help me out here, my friend DL kazaa lite and DL something and didnt scan it first with AV software, and he executed the DL, and now he cant get access to his computer at all when he boots his system it doesnt get by the red compaq logo, then flashing curusur, that said that the time and date are wrong or not working, dont now his specs apart from that hes running Windows Me, any help or suggestions much appreciated,
(EDIT):Also the PC does not let me boot into safe mode, it does not even let me get into the windows enviroment.any help please.

[pdxpiano]

oohh, ouch...bad virus. I removed a virus with spybot search and destroy.....but that doesn't help if you can't get into windows. Can you use the boot disk to get into to run a windows repair? ya gotta use heavy virus scan when on kazaa. do you know what file he was trying to download when he got the virus? kazza has known virus with known files, like a particular worm that goes with a bad copy of XP pro.

copy this into your address bar: It is Spybot search & destroy 1.2. If that doesn't get it: www.download.com and words spybot. But you have to have windows to use this.

http://download.com.com/3000-2144-10....html?tag=lst-

[nomaxim]

McAfee A/V {Norten may have something similar} can make a boot disk that will load a 'NIA OS' too scan the HDD. Can you get one of these somewhere?

Never used this myself,( havn't had a virus get this far yet) but this may be able to help. as it will at least ID the virus.

pdxpiano; spybot search and destory is used for spyware not virus's.

PS: wait and some other people will come along with other ideas!


BUMP!!!!

[pdxpiano]

your right, it removed a spyware, but i had a worm and spyware at the same time, it gets so tedius when you are trying to delete register keys, you forget what you had. I run spybot regularly with norton several other sites, because both over look virus, but bottom line you have to have something in place to scan kazaa before you download. if it has hacked so far as not being able to boot your computer past the main screen you have big problems.

The question still remains. What file was the friend trying to download? if you know that you can usually look on norton, or macfee virus definition area and find out what the name of the worm or virus is and if you know that you are one step closer to removing it.

if you can figure out what you have it makes it easier to correct problems.

[Front242]

First off, what OS are you using. If it is XP home or 98SE you will probably have to format and reinstall. if it is xp pro or w2k pro you can do a repair from the original software cd. Use something like System Suite 4 or 5 to do a recovery, then clean out the virus. This does not always work, but you do have a better chance with xp pro or w2k pro.

[neillsmob]

Originally posted by Front242
First off, what OS are you using. If it is XP home or 98SE you will probably have to format and reinstall. if it is xp pro or w2k pro you can do a repair from the original software cd. Use something like System Suite 4 or 5 to do a recovery, then clean out the virus. This does not always work, but you do have a better chance with xp pro or w2k pro.

The OS in question is WinME, and i dont now if he has all original PC software, what can i do to access windows if he has no PC software if i can. I have Norton systemworks 2003 and I've made rescue disks for my puter and boot disk for win XP home, so can i use them to try and boot his system, he has no firewall or AV software installed, so can someone please advise on the rescue disks and boot disk (write protected)

[JPMiller]

If you have a good antivirus with active auto protect and all the updates.... you could slave his drive to yours and run antivirus on it...may have to run a repair install on his drive when done to replace the files that the virus erased...wich is probably why it wont boot

[neillsmob]

what would the pin configuation be to make a slave drive, not quit got to that stage in the studies so any info would be very helpfull. =)

[JPMiller]

As long as you have your hard drive set as the Master drive at the end of the cable and the drive from your freinds computer set as the slave on the center connection of the cable you should be fine.
Each brand of hard drive is different when it comes to the pin configuration as to Slave or Master. The drive itself should have a diagram on it...or go to the manufacturers site and look it up.

[Eryk]

*screams like a girl* ahhhhhhhhh

the RIAA is on you RUN FOR YOUR LIFE!!!

yes try what pdx said... it worked for me

[Front242]

Okay, let me get this straight... He is downloading from KaZa lite without antivirus or firewall? Just make sure you tell him you will never do this for him again.

I kind of worry at the Idea of connecting your HD to his unless you know what virus he has. KaZa is the place some virus programers use to launch new stuff. It is possable (though not likely) that you could infect your own computer. Do you have a spare HD you can try this on?

Come to think of it I would format and reinstall just to teach him a lesson.

[Soheils91]

--

[pdxpiano]

Once again, what was the friend downloading? I agree with front242. don't hook up to your harddrive until you know what the virus possibly was. If he was in ME, like you said...if i remeber right that is a fat32? and I just removed literally 12 virsus from my dad's fat32 formatting, those little buggers hide and jump, especially some of the new worms. So just try to get an idea of what you are dealing with....but I like the reformatting the hard drive to teach a lesson method

Then do like Eryk and "scream like a girl" just to show the proper level of frustration

[Mike]

Well a firewall/AV software is usually a good idea. I never run an .exe file anyway.

[neillsmob]

pdxpiano, the file that he was downloading was "Age Of The Empires" hope that helps, but for the reformatting his drive i am not sure if he has a copy of the OS, any other ways round this, i was told that i will need to go into the BIOS and reset it and do a fresh install of OS, but once again i dont now if he has copy of the OS and the PCs software, any ideas thanx

[pdxpiano]

check out this website, that talks about the benjamin worm that effects "age of empires"

http://www.f-secure.com/v-descs/benjamin.shtml


This second site is norton. and it has the removal procedure. But I believe you would have to get the boot disk to load up windows in the safe mode. you may be able to load a previous working date in safe mode. Maybe someone else can chime in with some more solutions now that I think we have identified the worm that may have caused this.

http://securityresponse.symantec.com...amin.worm.html

[neillsmob]

pdx, can this bejamin worm disable a Computer system, seems a bit unclear to me.

[Front242]

Tell him to contact Compaq and get the recovery disk (about ten dollars). with that disk you should be able to get into the system as it is bootable. Run a good updated AV program to clean the virus and you should be good to go. you may have to run the recovery program again to fix infected files once they have been cleaned or removed.

Caviate: Compaq recovery disks are notorious for not working.

[Siliconjunkie]

Interesting that someone would download a 400k game. Did they think it was using the new "superzip" compression or something? Doesn't take much sense to know that a 400k file WON'T be what you are looking for.

[Front242]

Originally posted by Siliconjunkie
Interesting that someone would download a 400k game. Did they think it was using the new "superzip" compression or something? Doesn't take much sense to know that a 400k file WON'T be what you are looking for.

You forgot that he was also on KaZaa without AV/FW running or even loaded. Obviously someone who would do that isn't running on a lot of sense.