Virus Help

[PBBPaul]

Any experts? I recently contracted the W32.Dupator virus. I have it isolated to one file: Kernel32.dll. Unfortunately this file really screws with memory and my virus cleaner can't touch it. Apparently the virus has a way of locking all access to this file. I've tried booting from a fresh system floppy but it still denies access. Any ideas? Anybody run across this critter before or know where to find a fix? This one's driving me nuts. Any help would be much appreciated. Thanks, Paul

[Alndln]

Try the free scanner/cleaner from [url=http://www.trendmicro.com]www.trendmicro.com[/url] since it's alway's being updated.I know this wont help now,but I alway's keep all my files on a seperate partition so in case of reformatting/installin I usually don't have back any personal/work files up.Maybe someone here with more knowledge of virus's can help.

[Wewus432]

Try booting in Safe Mode, and seeing if you can delete it. You might need a clean copy of that file to put in it's place.

[deanmass]

Get to symantec's site http://securityresponse.symantec.com/avcenter/tools.list.html Pull down a tool that removes your virus and following the instructions. You should be fine.

[Rog]

Try a search for a program to sort it out. I know there was a specific program on an antivirus website which just cleaned out the klez virus. You might find something similar?

[NYCDrew1642606430]

Do you have another machine available? If yes, immediately update you Anti Virus software definition files. Then put this drive (with the virus) in that machine (say on the CD connection); boot as usual from the machine, then scan/clean the infected drive. You may need to replace the infected file when all is said & done.

[Wewus432]

Here's some info on getting into [url=http://www.mustek.com/Support/techdocs/safemode.html]Safe Mode[/url] . Some Operating Systems substitute the delete key(I think) for the F8 key. The reason you can't access that file is probably because it's in use by a driver or some other system program. Safe mode boots your computer with minimal drivers which may allow you to access, and delete or repair the infected file.

[PBBPaul]

Thank you all very much for the suggestions. So far I have tried making a new bootable floppy from another PC and using it to boot the infected to basic DOS. The file was still locked out. I have not yet tried booting into safe mode but will do that tonight. I received a reply from tech support at WinClean (my anti virus s/w) with additional recomendations using a tool that they have on their site. I will try that too. Thanks again for the help. Wish me luck tonight. I really don't want to have to reformat just for this one miserable little file.

[phaeton]

if you can get into DOS, can't you change the permissions on the file itself? I.E. on unixy machines you would "chmod 766" or "chmod +rwx". I think DOS (being a really, really weak imitation of the unix commandline) is something similar. Or maybe i'm talking out of my ass and someone will call me an idiot.

[PBBPaul]

The first thing the worm does is hide the file. That's easy enough to overcome but it then blocks access to the file and will not allow it to be renamed, deleted, overwritten or have its properties changed. It's not really destructive but it is disruptive. What a PITA.

[deanmass]

Do not reformat the drive. Use another PC if needed to download the repair tool. It will work.

[deanmass]

Ok..no tool...I was wrong, but, update the defs on a clean PC and follow these instructions... 1. Update the virus definitions. 2. Boot the computer from a clean boot disk. 3. Run the Norton AntiVirus DOS scanner. Repair all files that are detected as W95.Dupator.1503.

[michael saulnier]

Some good tips above... Hopefully one will work. ***LAST RESORT WHEN ALL ELSE FAILS*** 1. Remove the hard disk from the system. 2. Lay the disk on hard, flat surface. 3. If you have a clamp, clamp it firmly in place. 4. Take a 5lb... NO... 10lb sledgehammer. 5. Impact. 6. Repeat until you feel better. This won't actually fix your problem. But [b]you[/b] may feel a bit better. :D guitplayer

[Super 8]

[quote]Originally posted by guitplayer: [b]1. Remove the hard disk from the system. 2. Lay the disk on hard, flat surface. 3. If you have a clamp, clamp it firmly in place. 4. Take a 5lb... NO... 10lb sledgehammer. 5. Impact. 6. Repeat until you feel better. [/b][/quote]With all due respect to ya, Guit, I've never been able to get the job done right with anything short of a 25lb hammer. I think with a stubborn virus like this 'un you really should go with the 'right tool for the right job'.

[michael saulnier]

I "bow" to the MASTER! :thu: guitplayer

[PBBPaul]

I just wanted to say thank you all. I'm not sure which of the many fixes I've tried over the past few days actually worked but as of right now, I am cured! No more virus and I didn't even need the hammer. Thanks again.