ghughes
asked on
virus attack! - need help!
I'm running Grisofts AVG antivirus and our network has been infected with the "W32/ElKern" virus. I've deleted all infected files except for 9 which I can't seem to locate. I have "show all files" turned on in the options for folders but there is a directory (and file) showing up as:
c:\WINNT\INSTALLER\{000104 09-78E1-11 D2-B60F-00 6097C998E7 }\ACCICONS .EXE
I can't seem to locate this directory in explorer and want to get to it to delete the infected files before reloading software.
Can anyone tell me how to get to this directory so I can delete these files?
c:\WINNT\INSTALLER\{000104
I can't seem to locate this directory in explorer and want to get to it to delete the infected files before reloading software.
Can anyone tell me how to get to this directory so I can delete these files?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
I had something similar. You will have to use the Emergency Repair Diskettes and scan maybe twice.
Be prepared. This scan takes a while...
Be prepared. This scan takes a while...
ASKER
jhance,
thank you. your info helped me along the most. I was able to get to the directory but the file attributes had been changed so I could not delete them. I finally figured out to remove the "read only" attributes and was able to delete the files. Thank you. I honestly can say you've saved out work network! I appreciate it. Take care.
thank you. your info helped me along the most. I was able to get to the directory but the file attributes had been changed so I could not delete them. I finally figured out to remove the "read only" attributes and was able to delete the files. Thank you. I honestly can say you've saved out work network! I appreciate it. Take care.
Glad to help....
Rerun the Virus check and see if they are still there.
Also delete all cache and temp files in IE etc.
I would also get a better virus Program ( Norton ) and have it do a proper cleanup.
You should not have to do this manually !!
I hope this helps !