-
okie dokie, just to update my progress; I've been able to successfully delete all 700+ infected files except for one, explore.exe *C:\WINDOWS\system32\explore.exe*.
After running the online virus scanner (housecall.trendmicro.com) and determining the folder in which the files were located, I was unable to delete them. Despite knowing the file name and pathway (eg. c:\my shared folder\Matchbox20 - unwell.exe), I couldn't manually locate the file in that particular folder. All that was there was the original mp3 (Matchbox20 - unwell.mp3).
So I cut and paste all files from My Shared Folder and temporarily stored it somewhere else, while deleting the empty My Shared Folder folder. When I ran the scanner again, all the 700+ infected files were gone except the one remaining "explore.exe *C:\WINDOWS\system32\explore.exe*".
I'm pretty sure I can't use the same technique, I'm afraid my comp will crash if I attempt to temporarily move system files.
-
The wiser will correct if I am wrong, but I am almost sure that erasing explorer.exe is not a good idea!
-
Have a look at this page from symantec. It describes the virus that dropped explore into your system folder and offers both a tool to remove it and the manual instructions. There are other details that you should make note of including what kind of files it may have destroyed.
http://www.symantec.com/avcenter/ven...plore.zip.html
When you're done you should probably get a second opinion with a different product's scan just to be safe..
http://www.ravantivirus.com/scan/
EDIT- The Hawawi worm also drops an explore.exe into the sys directory.. read these instructions
http://securityresponse.symantec.com...wawi.worm.html
-
ah, I forgot to thank you again for all your help, fink ;)
I'm pretty sure the virus is gone, but as you might have noticed a new problem has arisen to which I have started another thread lol.:eek:
