A Digital Age Deserves A Digital Leader

Explorer.exe infected (windows XP)!!! help!!!

Explorer.exe infected (windows XP)!!! help!!!

Postby isaavila » Thu May 22, 2003 12:28 pm

hello... I need help... I use Windows Xp... I have my explorer.exe file infected by the w32.spybot.worm... from what I know (not much) it is impossible to be repaired... I found out how to replace it by a good copy (I have the instalation cd) but in MS-DOS...! didn't know windows xp had no DOS!!! NOw I've been told I should try to fix it through safemode... but I don't know how to extract and copu files in safemode... I want to avoid refformatting the disk... if possible not to. ANy sugestions, please, on what to do? Thank you... desperate Isa
PRO New Member
Posts: 2
Joined: Thu May 22, 2003 4:08 am

Postby *Starz* » Thu May 22, 2003 12:43 pm

Good Morning Isa

Welcome to PROneT...try this link below...so far this is all I have been able to find on this particular worm...Hope this helps.

http://jp.mcafee.com/virusInfo/default. ... 282#method

I'll look a little more... :)
Last edited by *Starz* on Thu May 22, 2003 4:41 pm, edited 1 time in total.
[align=center]Image

~ You Are Never Given A Wish Without Being Given The Power To Make It Come True ~[/align]
PRO Level 16
User avatar
Posts: 1893
Joined: Sat Aug 17, 2002 1:05 am
Location: Great Smoky Mountains

Postby ZeroByte » Thu May 22, 2003 12:56 pm

Sorry you got infected - hope you get it resolved

Some tips -

1. Get some virus software and keep it up to date.

2. Do not download files from popular file sharing services as they are a haven for viruses.

3. Do not open attachments from friends and family, and people you do not know. If the person did not specifically tell you they are sending you something be suspicious.

Now, XP does have a command shell mode (it is not called DOS anymore), the command shell can be opened by typing cmd at a run window (windows key + R).

Hope this helps
ZeroByte
PRO Level 15
User avatar
Posts: 1199
Joined: Thu Aug 01, 2002 2:12 am
Location: Mexico, NY
Real Name: Mike Sheats

Postby *Starz* » Thu May 22, 2003 1:43 pm

Isa

I have moved your thread to the Virus Fixes forum...it should attract more attention here... :)
Last edited by *Starz* on Thu May 22, 2003 4:42 pm, edited 1 time in total.
[align=center]Image

~ You Are Never Given A Wish Without Being Given The Power To Make It Come True ~[/align]
PRO Level 16
User avatar
Posts: 1893
Joined: Sat Aug 17, 2002 1:05 am
Location: Great Smoky Mountains

Postby RRCinci » Thu May 22, 2003 4:35 pm

A couple of questions...what virus scanner are you using?? And is it up-to-date? Most of the "brand-name" virus scanners(Symantec, Mcafee, and I think AVG) will fix this worm. If you don't have a newer version...download one and run it!! I use AVG from Grisoft and am very happy with it...and the price is right....it's free! Go Here to get it.

As to Safe Mode...that's the best place to run most of the virus scanners from if you have a problem. To get there....press and hold your Control Key(Ctrl) on your keyboard after the system starts to boot....but before it shows the WinXP logo screen....you want to wait until AFTER the memory count and the hard drive discovering process...otherwise your computer may just report that there is a "Stuck Key" and not boot!! Once you get to the screen that pops up then...just pick the Safe Mode and go for it. If you already have a virus scanner installed with the current updates installed...scan your system from there with that and see what it says!

Let us know how it goes...this IS fixable(or at least that's what they all say!!! :yesnod: )

Paul
Life is not measured by the number of breaths we take, but by the moments that take our breath away.

Women and cats will do as they please, and men and dogs should relax and get used to the idea.
-Robert A. Heinlein

longhornrulescensor444 Here

<a href='http://www.pro-networks.org/forum/viewtopic.php?t=62589' target='_blank'><img src='http://img134.imageshack.us/img134/4245/pronetkatrinahelp7gs.gif'></a>
PROfessional Member
User avatar
Posts: 1577
Joined: Fri Jul 12, 2002 5:38 pm
Location: Cincinnati, OH

Postby *Starz* » Thu May 22, 2003 4:47 pm

Paul

I hope you don't mind...I highlighted the word Here in your post...it was so hard to see...I was afraid Isa might miss it...I swear that feature seems to be getting lighter and lighter...It can't be "my" eyes... :lalala
[align=center]Image

~ You Are Never Given A Wish Without Being Given The Power To Make It Come True ~[/align]
PRO Level 16
User avatar
Posts: 1893
Joined: Sat Aug 17, 2002 1:05 am
Location: Great Smoky Mountains

Postby RRCinci » Thu May 22, 2003 8:08 pm

No...not at all...must be MY eyes too!!! :woot Thanks for the help.

Hope it helps...

Paul
Life is not measured by the number of breaths we take, but by the moments that take our breath away.

Women and cats will do as they please, and men and dogs should relax and get used to the idea.
-Robert A. Heinlein

longhornrulescensor444 Here

<a href='http://www.pro-networks.org/forum/viewtopic.php?t=62589' target='_blank'><img src='http://img134.imageshack.us/img134/4245/pronetkatrinahelp7gs.gif'></a>
PROfessional Member
User avatar
Posts: 1577
Joined: Fri Jul 12, 2002 5:38 pm
Location: Cincinnati, OH

Postby isaavila » Thu May 22, 2003 9:30 pm

Thank you all who have answered me so far... well, I do have an antivirus software updated, I updated it pretty much everyday!!! I will try to run it again in safemode, like Paul suggested... I also downloaded the AVG professional trial version... should I use it or stuck to NAV? NAV has already detected the infected file in a previous scan and it is in quaratine, but it is not able to repair it, at least not with windows running... (my guess); so, should I do another scan in safe mode? with NAV or AGV?

Now, is it possible (and worth it) to have two antivirus software installed and running?

Regarding using the command shell mode to try to extract and copy a good explorer.exe (the file infected) , would it work? because windows is supposed to be "sleeping" when I do it, that is why I've been told to restart the computer in MS_dos to do that... and so if windows is already open and running...

sorry for all the questions :embarrassed: , but I really want to do it right...
Thanks, abracos,

Isa
PRO New Member
Posts: 2
Joined: Thu May 22, 2003 4:08 am

Postby Yaps » Fri May 23, 2003 12:33 am

isaavila

in my opinion having the file in quarantine is better then it being infected. quarateen is a "safe" part of NAV which is ok.

your NAV was doing its job it caught the file and Quarantined it.

U can always run a scan at
http://housecall.trendmicro.com/

to recheck your computer just scan without registering.
Yaps

Return to Security & Virus

Who is online

Users browsing this forum: No registered users and 7 guests