Solved

virus attack! - need help!

Posted on 2002-04-19
5
152 Views
Last Modified: 2010-04-13
I'm running Grisofts AVG antivirus and our network has been infected with the "W32/ElKern" virus.  I've deleted all infected files except for 9 which I can't seem to locate.  I have "show all files" turned on in the options for folders but there is a directory (and file) showing up as:

c:\WINNT\INSTALLER\{00010409-78E1-11D2-B60F-006097C998E7}\ACCICONS.EXE

I can't seem to locate this directory in explorer and want to get to it to delete the infected files before reloading software.  

Can anyone tell me how to get to this directory so I can delete these files?
0
Comment
Question by:ghughes
5 Comments
 
LVL 63

Expert Comment

by:SysExpert
ID: 6954495
It may be a temp dir that only exists during installs.
Rerun the Virus check and see if they are still there.

Also delete all cache and temp files in IE etc.

I would also get a better virus Program ( Norton ) and have it do a proper cleanup.

You should not have to do this manually !!

I hope this helps !


0
 
LVL 32

Accepted Solution

by:
jhance earned 250 total points
ID: 6954553
Open a CMD.EXE window and CD to C:\WINNT\INSTALLER

Then type:

DIR /A /X | MORE

See if this file shows up there.  If so, you should be able to delete it using it's SHORT FILE NAME as displayed by DIR using the /X option.
0
 
LVL 7

Expert Comment

by:jmiller47
ID: 6954648
I had something similar. You will have to use the Emergency Repair Diskettes and scan maybe twice.

Be prepared. This scan takes a while...
0
 

Author Comment

by:ghughes
ID: 6954911
jhance,

thank you.  your info helped me along the most.  I was able to get to the directory but the file attributes had been changed so I could not delete them.  I finally figured out to remove the "read only" attributes and was able to delete the files.  Thank you.  I honestly can say you've saved out work network!  I appreciate it.  Take care.
0
 
LVL 32

Expert Comment

by:jhance
ID: 6955007
Glad to help....
0

Featured Post

Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
No single Antivirus application (despite claims by manufacturers) will catch or protect you from all Virus / Malware or Spyware threats. That doesn't stop you from further protecting yourself however - and this article is to show you how.

685 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question