Guest guest Posted July 25, 2001 Report Share Posted July 25, 2001 In a message dated 7/25/01 6:06:03 AM Pacific Daylight Time, Agaw12577@... writes: > Guys, watch out for a nasty virus out there... I got it three times > yesterday > and once this morning. It will come from someone you know (mine came from > someone at taebo.com) and look like this: > > > Yep, I got that one, too. I deleted it, of course. We have to be careful, sometiems these viruses are hard to spot. Moeser Halfway to Crazy, the Journal of My Life http://www.ericmoeser.com Quote Link to comment Share on other sites More sharing options...
Guest guest Posted July 25, 2001 Report Share Posted July 25, 2001 Hi everybody, I got the email with the virus, but never opened the attachment so I should be safe. A friend at a bulletin board I belong to got the virus, and posted this fix: Don't panic, everyone. This will not destroy your computer. It is just a very big nuisance. Here is the step-by-step: Before you do anything, go and update the DAT files for whatever anti-virus software you are using. Then study the following instructions twice, before proceeding. This should take you 10-15 minutes from start to finish. Rename the Windows Registry Editor: 1. Click on the Start button. 2. Highlight Run. 3. Type in COMMAND and hit the OK button. A window will then appear with a black background. The last line of text in the window will look something like C:\Windows\Desktop> (followed by a blinking cursor). 4. Type this in at the prompt CD.. and press enter.(Note ensure this is the next prompt you get C:\Windows\> ) 5. Type in the following at the prompt: COPY REGEDIT.EXE REGEDIT.BAT <then press the ENTER key on the keyboard> EXIT <then press the ENTER key on the keyboard> The window will then disappear. Boot into Safe Mode: 1. Shut the computer down so the power is off. 2. Wait 20 seconds or so. 3. Turn the computer on and immediately begin pressing the F8 key on the keyboard, once every second repeatedly. Do this until the Windows Startup Menu appears. If you get a keyboard error, press F1 to resume and then continue pressing the F8 key once every second. 4. Select Safe Mode from the Windows Startup Menu, then press the Enter key on the keyboard. 5. Windows will then boot into Safe Mode. NOTE: This may take longer than a normal boot. 6. At the end of the boot process a dialog box will appear informing you that Windows is in Safe Mode. Click OK on this dialog box. 7. Windows is now in Safe Mode. Backup the Registry: 1. Click on the Start button. 2. Click on Run. 3. Type REGEDIT.BAT in the Open field. 4. Click the OK button. The Registry Editor window will appear. 5. Click on the Registry pull-down menu. 6. Click on Export Registry File. 7. In the File Name field type " backup " (without the quotation marks). 8. In the Save In field be sure that the desktop is selected (if it is not, click on the pull down menu and select " Desktop " ). 9. Select " All " in the Export Range group box. 10. Click on the Save button. The registry will then be saved. 11. Click the X in the top right corner to close the Registry Editor. NOTE: You now have a backup of your Registry saved as " backup " on your desktop. If you need to restore the Registry you can double-click on the " backup " file located on the desktop. Once these instructions are complete and everything is running properly be sure to delete this backup file by right-clicking on it then left-clicking on Delete from the pop-up menu that appears. This will ensure that the old registry is not accidentally restored once the Trojan has been removed. Remove the Worm Entries from the Registry: As you go through this process, you will be asked to confirm each change. Make sure that the change is correct, then confirm each change. 1. Click the Start button. 2. Click on Run. 3. Type in REGEDIT.BAT in the Open field. 4. Click the OK button. The Registry Editor window will appear. 5. Click on the plus sign next to HKEY_CLASSES_ROOT. 6. Click on the plus sign next to exefile. 7. Click on the plus sign next to shell. 8. Click on the plus sign next to open. 9. Single-click on command so it is highlighted. 10. On the right side of the screen is a Name column and a Data column. Locate and right-click on (Default) under the Name column. 11. A pop-up menu will appear. Left-click on Modify. 12. The Edit String dialog box will appear with the value highlighted. Delete all text in the Value and type the following characters (WITHOUT THE BRACKETS): [ " %1 " %*] If you are unsure of how the characters should be, the following is a spelled out version of the correct characters: quote, percentage, one, quote, space, percentage, asterisk. 13. Click the OK button to close the Edit String dialog box. 14. On the left side of the screen click on the minus sign next to open. 15. Click on the minus sign next to shell. 16. Click on the minus sign next to exefile. 17. click on the minus sign next to HKEY_CLASSES_ROOT. 18. Click on the plus sign next to HKEY_LOCAL_MACHINE. 19. Click on the plus sign next to SOFTWARE. 20. Single click on the SIRCAM folder so it is highlighted, then hit delete. 21. Click the plus sign next to Microsoft. 22. Click the plus sign next to Windows. 23 Click the plus sign next to CurrentVersion. 24. Single click on the RunServices Folder so it is highlighted. 25. On the right side of the screen is a Name column and a Data column. Under the Name column locate and single-click on Driver32 = C:\WINDOWS\SYSTEM\SCam32.exe so it is highlighted. 26. Press the Delete key on the keyboard to remove the entry. 27. Close the Registry Editor by clicking the X in the top right corner. 28. Remove reference in Autoexec.bat file: 1. Click Start, and click Run. 2. Type the following, and then click OK. edit c:\autoexec.bat The MS-DOS Editor opens. 3. Remove the line " @win \recycled\sirc32.exe " if it is present. 4. Click File and then click Save. 5. Exit the MS-DOS Editor Restart the Computer Remove referance to the SCam32.exe file: Open My Computer Open the C: drive Open the Windows Folder If need be click on display files Open the System Folder If need be click on display files Locate the SCam32.exe file Delete the file Hope this helps someone. Haven't been doing any tae-bo lately--seem to be swollen somewhere or other most of the time. I did get the taebo gold video finally and will start again once my body decides to behave itself. , I got your email, but it was blank--Lycos has been having some problems lately, so maybe they messed up. (All my emails were in French for awhile) Could you resend it? Thanks--Betty I live in my own little world, but its okay; they know me here > Guys, watch out for a nasty virus out there... I got it three times yesterday > and once this morning. It will come from someone you know (mine came from > someone at taebo.com) and look like this: > > > From: alisar@t... (Alisa Roshong) > To: Agaw12577@a... > > File: katttestimon.doc.bat (157696 bytes) DL Time (115200 bps): < 1 minute > > Hi! How are you? > > I send you this file in order to have your advice > > See you later. Thanks > > > > Quote Link to comment Share on other sites More sharing options...
Guest guest Posted July 25, 2001 Report Share Posted July 25, 2001 It was the one where I told you about my niece and asked you about the guidelines > In a message dated 7/25/01 3:07:58 PM Eastern Daylight Time, > niteowl16@l... writes: > > > > , I got your email, but it was blank--Lycos has been having some > > problems lately, so maybe they messed up. (All my emails were in > > > > Hmmmmmm.... I can't think of which email it was! Were you on my list for the > Tae-Bo newsletter? It may have been that!! I hope you are doing well!!!! > Thanks for sending that virus fix, I am sure that will help a lot of people!! > I hope to see you pop in more often > > > > Quote Link to comment Share on other sites More sharing options...
Guest guest Posted July 25, 2001 Report Share Posted July 25, 2001 It was the one where I told you about my niece and asked you about the guidelines > In a message dated 7/25/01 3:07:58 PM Eastern Daylight Time, > niteowl16@l... writes: > > > > , I got your email, but it was blank--Lycos has been having some > > problems lately, so maybe they messed up. (All my emails were in > > > > Hmmmmmm.... I can't think of which email it was! Were you on my list for the > Tae-Bo newsletter? It may have been that!! I hope you are doing well!!!! > Thanks for sending that virus fix, I am sure that will help a lot of people!! > I hope to see you pop in more often > > > > Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You are posting as a guest. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.