Solved

virus attack! - need help!

Posted on 2002-04-19
5
147 Views
Last Modified: 2010-04-13
I'm running Grisofts AVG antivirus and our network has been infected with the "W32/ElKern" virus.  I've deleted all infected files except for 9 which I can't seem to locate.  I have "show all files" turned on in the options for folders but there is a directory (and file) showing up as:

c:\WINNT\INSTALLER\{00010409-78E1-11D2-B60F-006097C998E7}\ACCICONS.EXE

I can't seem to locate this directory in explorer and want to get to it to delete the infected files before reloading software.  

Can anyone tell me how to get to this directory so I can delete these files?
0
Comment
Question by:ghughes
5 Comments
 
LVL 63

Expert Comment

by:SysExpert
ID: 6954495
It may be a temp dir that only exists during installs.
Rerun the Virus check and see if they are still there.

Also delete all cache and temp files in IE etc.

I would also get a better virus Program ( Norton ) and have it do a proper cleanup.

You should not have to do this manually !!

I hope this helps !


0
 
LVL 32

Accepted Solution

by:
jhance earned 250 total points
ID: 6954553
Open a CMD.EXE window and CD to C:\WINNT\INSTALLER

Then type:

DIR /A /X | MORE

See if this file shows up there.  If so, you should be able to delete it using it's SHORT FILE NAME as displayed by DIR using the /X option.
0
 
LVL 7

Expert Comment

by:jmiller47
ID: 6954648
I had something similar. You will have to use the Emergency Repair Diskettes and scan maybe twice.

Be prepared. This scan takes a while...
0
 

Author Comment

by:ghughes
ID: 6954911
jhance,

thank you.  your info helped me along the most.  I was able to get to the directory but the file attributes had been changed so I could not delete them.  I finally figured out to remove the "read only" attributes and was able to delete the files.  Thank you.  I honestly can say you've saved out work network!  I appreciate it.  Take care.
0
 
LVL 32

Expert Comment

by:jhance
ID: 6955007
Glad to help....
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
Facing problems with you memory card? Cannot access your memory card? All stored data, images, videos are lost? If these are your questions...than this small article might help you out in retrieving your lost or inaccessible data.
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…
Many functions in Excel can make decisions. The most simple of these is the IF function: it returns a value depending on whether a condition you describe is true or false. Once you get the hang of using the IF function, you will find it easier to us…

910 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now