Solved

virus attack! - need help!

Posted on 2002-04-19
5
153 Views
Last Modified: 2010-04-13
I'm running Grisofts AVG antivirus and our network has been infected with the "W32/ElKern" virus.  I've deleted all infected files except for 9 which I can't seem to locate.  I have "show all files" turned on in the options for folders but there is a directory (and file) showing up as:

c:\WINNT\INSTALLER\{00010409-78E1-11D2-B60F-006097C998E7}\ACCICONS.EXE

I can't seem to locate this directory in explorer and want to get to it to delete the infected files before reloading software.  

Can anyone tell me how to get to this directory so I can delete these files?
0
Comment
Question by:ghughes
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 
LVL 63

Expert Comment

by:SysExpert
ID: 6954495
It may be a temp dir that only exists during installs.
Rerun the Virus check and see if they are still there.

Also delete all cache and temp files in IE etc.

I would also get a better virus Program ( Norton ) and have it do a proper cleanup.

You should not have to do this manually !!

I hope this helps !


0
 
LVL 32

Accepted Solution

by:
jhance earned 250 total points
ID: 6954553
Open a CMD.EXE window and CD to C:\WINNT\INSTALLER

Then type:

DIR /A /X | MORE

See if this file shows up there.  If so, you should be able to delete it using it's SHORT FILE NAME as displayed by DIR using the /X option.
0
 
LVL 7

Expert Comment

by:jmiller47
ID: 6954648
I had something similar. You will have to use the Emergency Repair Diskettes and scan maybe twice.

Be prepared. This scan takes a while...
0
 

Author Comment

by:ghughes
ID: 6954911
jhance,

thank you.  your info helped me along the most.  I was able to get to the directory but the file attributes had been changed so I could not delete them.  I finally figured out to remove the "read only" attributes and was able to delete the files.  Thank you.  I honestly can say you've saved out work network!  I appreciate it.  Take care.
0
 
LVL 32

Expert Comment

by:jhance
ID: 6955007
Glad to help....
0

Featured Post

Announcing the Most Valuable Experts of 2016

MVEs are more concerned with the satisfaction of those they help than with the considerable points they can earn. They are the types of people you feel privileged to call colleagues. Join us in honoring this amazing group of Experts.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Sapphire RAGE 128 Pro 32M - Windows 2000 Driver 2 933
Update a root certificate 8 707
OLD CPUs 12 132
Windows 2000 48-bit LBA 13 80
NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
Dramatic changes are revolutionizing how we build and use technology. Every company is automating, digitizing, and modernizing operations. We need a better, more connected way to work together as teams so we can harness the insights from our system…

710 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question