[bobseptic]

i downloaded a program patch from kazzalite, scanned it for viruses, none detected. i clicked on the downloaded file which was a patch & winjava tryed to access the internet, i clicked NO and shortly after all the icons dissapeared on my desktop. i restarted and seconds after zonealarm shut itself down and so did avg antivirus. i restarted it only to have it shut down again.

i traced the problem to startup in msconfig, i found winjava and wsock32 had been added. they are listed under common startup.

i unticked them and rebooted, all seems fine but HOW DO I REMOVE THESE ITEMS FROM STARTUP?

i looked in there location c:WINDOWS\java\apps\winjava.exe
and c:WINDOWS\java\apps\wsock32.exe but the folder is EMPTY (i have settings set to show hidden files etc in folder options)

Is this a virus/trojan?

any help appreciated folks wtf

[SCgone]

If it was wsock32.dll then it could be the Happy99 virus. That renames wsock32.dll to wsock32.ska and creates a new wsock32.dll. I would certainly download another virus scanner and run it to make sure. A virus would be capable of turning off ZA and I know one targets Norton Antivirus.

[bobseptic]

the 2 files are called wsock32.exeCommon Startup 36kb, winjava.exeCommon Startup 28kb, i found them in search and they are presently in the rcycle bin. they both had todays date stamp and relevant time.

How do i know if the proper wsock has been renamed?
it is currently in the i386 folder WSOCK32 4.61kb 18/08/2001 13.00 in capital letters whereas the virus is in lower case.

Help Please

can a virus rename a file and keep the previous date?

i did full avg search and nothing came up, avg is uptodate

HOW DO I REMOVE THESE ITEMS FROM STARTUP?

[Yappinator]

housecall

Scan without registering

and also try:

Anti-trojan



yaps