Solved

virus attack! - need help!

Posted on 2002-04-19
5
154 Views
Last Modified: 2010-04-13
I'm running Grisofts AVG antivirus and our network has been infected with the "W32/ElKern" virus.  I've deleted all infected files except for 9 which I can't seem to locate.  I have "show all files" turned on in the options for folders but there is a directory (and file) showing up as:

c:\WINNT\INSTALLER\{00010409-78E1-11D2-B60F-006097C998E7}\ACCICONS.EXE

I can't seem to locate this directory in explorer and want to get to it to delete the infected files before reloading software.  

Can anyone tell me how to get to this directory so I can delete these files?
0
Comment
Question by:ghughes
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 
LVL 63

Expert Comment

by:SysExpert
ID: 6954495
It may be a temp dir that only exists during installs.
Rerun the Virus check and see if they are still there.

Also delete all cache and temp files in IE etc.

I would also get a better virus Program ( Norton ) and have it do a proper cleanup.

You should not have to do this manually !!

I hope this helps !


0
 
LVL 32

Accepted Solution

by:
jhance earned 250 total points
ID: 6954553
Open a CMD.EXE window and CD to C:\WINNT\INSTALLER

Then type:

DIR /A /X | MORE

See if this file shows up there.  If so, you should be able to delete it using it's SHORT FILE NAME as displayed by DIR using the /X option.
0
 
LVL 7

Expert Comment

by:jmiller47
ID: 6954648
I had something similar. You will have to use the Emergency Repair Diskettes and scan maybe twice.

Be prepared. This scan takes a while...
0
 

Author Comment

by:ghughes
ID: 6954911
jhance,

thank you.  your info helped me along the most.  I was able to get to the directory but the file attributes had been changed so I could not delete them.  I finally figured out to remove the "read only" attributes and was able to delete the files.  Thank you.  I honestly can say you've saved out work network!  I appreciate it.  Take care.
0
 
LVL 32

Expert Comment

by:jhance
ID: 6955007
Glad to help....
0

Featured Post

Get 15 Days FREE Full-Featured Trial

Benefit from a mission critical IT monitoring with Monitis Premium or get it FREE for your entry level monitoring needs.
-Over 200,000 users
-More than 300,000 websites monitored
-Used in 197 countries
-Recommended by 98% of users

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
There are times when I have encountered the need to decompress a response from a PHP request. This is how it's done, but you must have control of the request and you can set the Accept-Encoding header.
NetCrunch network monitor is a highly extensive platform for network monitoring and alert generation. In this video you'll see a live demo of NetCrunch with most notable features explained in a walk-through manner. You'll also get to know the philos…
Add bar graphs to Access queries using Unicode block characters. Graphs appear on every record in the color you want. Give life to numbers. Hopes this gives you ideas on visualizing your data in new ways ~ Create a calculated field in a query: …

615 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question