Please help me remove this virus

Discussion in 'Computer Information' started by MBell72398, Nov 14, 2003.

  1. MBell72398

    MBell72398 Guest

    I am working on a machine that runs XP home version. It has a file infected
    with the w95.Hybris.gen virus. I have ran NAV and it will not repair, quaratine
    nor delete the infected file. I have tried in safe mode also. Symantec does not
    have a removal tool for the .gen virus, but does have one to remove other
    W95.Hybris types.(Which they make a note that the tool will not work with .gen)
    The NAV files are updated.
    The source of the virus is
    \Device\Harddisk0\Partition1\WINDOWS\system\WSOCK32.DLL
    it states this is a compressed file within C:\undo\backup.cab which I can not
    locate. I have tried scanning with sys restore on and off. Can someone shed
    some light on how to remove this? Also, as one may know from the file which is
    infected, I can not get online except in safemode.
    Thanks, Mike
    Please remove nospam to email me
    Michael Bell @Bell Electronics
    Rincon, GA.31326
    MBell72398, Nov 14, 2003
    #1
    1. Advertising

  2. MBell72398

    Thor Guest

    Well, since that file is not the virus executable, but rather the infected
    result of the virus, I assume that NAV was able to kill the virus itself
    that created the infected wsock32.dll file, as well as remove the registry
    entries that called the virus up at startup to infect the winsock file. If
    this is the case, all you really need to do is replace that wsock32.dll file
    with the valid one. As you discovered this isn't easy, since WinXP uses
    system file protection to prevent you from easily replacing that file. (of
    course, the virus would have defeated this moderate protection in order to
    infect in the first place). So, I have a couple of suggestions that might do
    the trick. First, try running SFC /scannow from a command prompt window.
    Have your WinXP cd handy because it may ask for it. This may detect the
    bogus file and replace it with the proper original. If that doesn't work,
    you can try a program called "move on boot" which allows you to designate a
    file to replace or move on bootup, which should circumvent the XP file
    protection. You'll probably need to expand the original wsock32.dll file
    from the WinXP CD first, then designate the expanded file as the one you
    want to move to the windows\system32 folder, overwriting the old infected
    one. Then, rescan with NAV and verify that the infection is gone.

    http://www.gibinsoft.net/gipoutils/bin/moveonb.exe



    "MBell72398" <> wrote in message
    news:...
    > I am working on a machine that runs XP home version. It has a file

    infected
    > with the w95.Hybris.gen virus. I have ran NAV and it will not repair,

    quaratine
    > nor delete the infected file. I have tried in safe mode also. Symantec

    does not
    > have a removal tool for the .gen virus, but does have one to remove other
    > W95.Hybris types.(Which they make a note that the tool will not work with

    ..gen)
    > The NAV files are updated.
    > The source of the virus is
    > \Device\Harddisk0\Partition1\WINDOWS\system\WSOCK32.DLL
    > it states this is a compressed file within C:\undo\backup.cab which I can

    not
    > locate. I have tried scanning with sys restore on and off. Can someone

    shed
    > some light on how to remove this? Also, as one may know from the file

    which is
    > infected, I can not get online except in safemode.
    > Thanks, Mike
    > Please remove nospam to email me
    > Michael Bell @Bell Electronics
    > Rincon, GA.31326
    >
    Thor, Nov 14, 2003
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Phil B

    Virus, Virus, Virus.....

    Phil B, Sep 22, 2003, in forum: Computer Support
    Replies:
    2
    Views:
    516
    DaveW
    Sep 22, 2003
  2. tpg comcntr

    HELP! HELP! PLEASE, PLEASE, PLEASE

    tpg comcntr, Feb 14, 2004, in forum: Computer Support
    Replies:
    11
    Views:
    842
    michael turner
    Feb 15, 2004
  3. Caractucus Potts

    How to remove items from add/remove list please

    Caractucus Potts, Jul 3, 2005, in forum: Computer Support
    Replies:
    5
    Views:
    1,422
  4. David H. Lipman
    Replies:
    0
    Views:
    434
    David H. Lipman
    Nov 16, 2003
  5. David H. Lipman
    Replies:
    1
    Views:
    432
    N. Miller
    Nov 20, 2003
Loading...

Share This Page