«

A friend's computer that I built recently has been plagued with Virus
problems, the most prevelant being W32.randex. I dropped over to his
place last weekend and when his machine booted up Norton reported
numberous (8-10) instances of this Randex virus. I cleaned it up and
it seemed to be working fine when I left.

He phoned again last night to say he was having the same problem all
over again only this time Norton was detecting W32.hllw.moega as well.

I have had my computer report blocking the occasional virus but his
was reporting in the order of 10 time right at boot up. Bizzare in my
experience!!

I am boggled as to why he is having this problem. Does anyone have
any ideas where this comes from? He mostly downloads mp3 files thru
the newsgroups (alt.binaries.sounds.mp3.jazz) although I'm sure he
must be doing something else he doesn't know what it would be.

His Norton files are up to date so at least in theory there should not
be anything on his computer except that somewhere, on bootup, it is
trying to install/download these infected files.

Thanks for any input.

Ken

Dear Bald Eagle,

I unfortunately made the mistake of posting to a newsgroup last month for
the first time.
Since then my e-mail has been inundated with an average of 8 - 12 virus
infected e-mails
a day. I had no idea newsgroups had become virus wastelands. I know now that
there
are various bots and spamming programs that harvest e-mails from postings
via your
newsgroup server and so I understand where all the junk e-mail is coming
from. I don't
know, however, why your friend gets so many viruses just from booting up his
machine.

All I can suggest is thoroughly disinfecting the PC with the latest
definitions and having your
friend change his e-mail address then download his mp3s from elsewhere. I
also set my
Norton Antivirus to quarantine the viruses so I could quickly dispose of
them without
a hassle. Lastly I would suggest making a rescue disk with the antivirus
program and booting
to it to see whether or not his boot sector or other memory areas has been
infected.

Good luck.

--
David Bland

"BaldEagle" <> wrote in message
news:...
>
> A friend's computer that I built recently has been plagued with Virus
> problems, the most prevelant being W32.randex. I dropped over to his
> place last weekend and when his machine booted up Norton reported
> numberous (8-10) instances of this Randex virus. I cleaned it up and
> it seemed to be working fine when I left.
>
> He phoned again last night to say he was having the same problem all
> over again only this time Norton was detecting W32.hllw.moega as well.
>
> I have had my computer report blocking the occasional virus but his
> was reporting in the order of 10 time right at boot up. Bizzare in my
> experience!!
>
> I am boggled as to why he is having this problem. Does anyone have
> any ideas where this comes from? He mostly downloads mp3 files thru
> the newsgroups (alt.binaries.sounds.mp3.jazz) although I'm sure he
> must be doing something else he doesn't know what it would be.
>
> His Norton files are up to date so at least in theory there should not
> be anything on his computer except that somewhere, on bootup, it is
> trying to install/download these infected files.
>
> Thanks for any input.
>
> Ken

In the worst case scenario I would suggest you format the hard drive and
reinstall the OS. I hope u have a clean backup of your data. At this point
even if you try to back up your data you run the risk of backing up the
virus. Good luck.

"David BlandIII" <> wrote in message
news:LerVb.2315$...
> Dear Bald Eagle,
>
> I unfortunately made the mistake of posting to a newsgroup last month for
> the first time.
> Since then my e-mail has been inundated with an average of 8 - 12 virus
> infected e-mails
> a day. I had no idea newsgroups had become virus wastelands. I know now
that
> there
> are various bots and spamming programs that harvest e-mails from postings
> via your
> newsgroup server and so I understand where all the junk e-mail is coming
> from. I don't
> know, however, why your friend gets so many viruses just from booting up
his
> machine.
>
> All I can suggest is thoroughly disinfecting the PC with the latest
> definitions and having your
> friend change his e-mail address then download his mp3s from elsewhere. I
> also set my
> Norton Antivirus to quarantine the viruses so I could quickly dispose of
> them without
> a hassle. Lastly I would suggest making a rescue disk with the antivirus
> program and booting
> to it to see whether or not his boot sector or other memory areas has
been
> infected.
>
> Good luck.
>
> --
> David Bland
>
> "BaldEagle" <> wrote in message
> news:...
> >
> > A friend's computer that I built recently has been plagued with Virus
> > problems, the most prevelant being W32.randex. I dropped over to his
> > place last weekend and when his machine booted up Norton reported
> > numberous (8-10) instances of this Randex virus. I cleaned it up and
> > it seemed to be working fine when I left.
> >
> > He phoned again last night to say he was having the same problem all
> > over again only this time Norton was detecting W32.hllw.moega as well.
> >
> > I have had my computer report blocking the occasional virus but his
> > was reporting in the order of 10 time right at boot up. Bizzare in my
> > experience!!
> >
> > I am boggled as to why he is having this problem. Does anyone have
> > any ideas where this comes from? He mostly downloads mp3 files thru
> > the newsgroups (alt.binaries.sounds.mp3.jazz) although I'm sure he
> > must be doing something else he doesn't know what it would be.
> >
> > His Norton files are up to date so at least in theory there should not
> > be anything on his computer except that somewhere, on bootup, it is
> > trying to install/download these infected files.
> >
> > Thanks for any input.
> >
> > Ken
>
>

I suggest that you actually remove the program that is loading the virus.
Chances are there is something in the registry that runs and then propogates
the machine with further virus. Do a search for that virus an see what the
recommended steps are for manual removal - chances are there will be a key
in HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run that loads it.

Thanks to all for the suggestions.

I am going to go over right now and see what I can do. I expect that
I will have to reformat and try again. The problem may stem from the
fact that I imported his mail messages from a backup cd I made before
redoing his machine. I assumed that Norton would scan and catch
anything that I uploaded if it had a virus, but perhaps not..

Ken



On Mon, 9 Feb 2004 07:52:51 +1300, "RussS" <>
wrote:

>I suggest that you actually remove the program that is loading the virus.
>Chances are there is something in the registry that runs and then propogates
>the machine with further virus. Do a search for that virus an see what the
>recommended steps are for manual removal - chances are there will be a key
>in HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run that loads it.
>

BaldEagle wrote:
> Thanks to all for the suggestions.
>
> I am going to go over right now and see what I can do. I expect that
> I will have to reformat and try again. The problem may stem from the
> fact that I imported his mail messages from a backup cd I made before
> redoing his machine. I assumed that Norton would scan and catch
> anything that I uploaded if it had a virus, but perhaps not..
>
> Ken
>
>
>
> On Mon, 9 Feb 2004 07:52:51 +1300, "RussS" <>
> wrote:
>
>
>>I suggest that you actually remove the program that is loading the virus.
>>Chances are there is something in the registry that runs and then propogates
>>the machine with further virus. Do a search for that virus an see what the
>>recommended steps are for manual removal - chances are there will be a key
>>in HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run that loads it.

If it doesn't work, then download the knoppix disk, fdisk,
blow out the partitions, then format the drive as ext2,
then re-install windows.

The only way to be sure is to use a different OS, that may not be
infected by a WIN-Virus...

Good luck.