Well, I'm a victim of blindly trusting my friends. Damnit.

Regardless, it seems that the MSN virus I obtained is not quite the same as the one in the earlier thread...it has done a few particularly malicious things, like killing Norton Antivirus.

This, of course, upsets me a bit. I DID uninstall MSN Messenger to keep my friends a bit safer, but what do I do now? I would REALLY like to have Norton back, as I have a paid subscription to it for the next year...and it would very much frustrate me to have to pay said price again.

So, how do I get rid of it?

NOTE: When I say that it "killed" Norton Antivirus, I mean that NA will not open. The shortcuts do not work, and neither do the actual .exe files in the program files directory. My computer simply does nothing when I click on them.

Well if its possible to find the name of the virus, Norton may have an Executable file that will remove it from your system..
Other than that, I would ask T-D-C ;)

Well, I have decided to try out AVG Free for now...and then, depending upon the results, I'll get back to ya'll.

<font color=skyblue>And that was the last we ever heard of Lyle the Pirate, or Ilander. </font>

ARRRRGH! I shall rise again, be sure of that, ye scurvy dog!

Anyway, AVG found one infected .dll file...that MIGHT have been it, but again, I'm not sure. This may very well continue for a while.

lol

I've been using AVG Free Edition for around 6 months now and it works very well - fantastic for the price!!!

I use Openoffice as my office suite and Zonealarm free edition for my firewall. I also use Spybot S&D to ensure a Spyware-free system.

I have never had any problems with viruses, random shutdowns or malware of any sorts using this software.

Kudos to free software!!!

Oh... sorry, can't help you. Judging from the thread title I thought you were planning to commit suicide because you had the flu. My mistake...

Well, it's not uncommon for these things to search and try and prevent virus checkers from running.

Firstly, do you have a firewall installed? If not, then get one - I would recommend Kerio, but Zone Alarm is also supposed to be excellent. That will let you know if suspicious traffic is being sent and also monitor whether processes are doing suspicious things like starting other programmes without you asking.

Secondly, I would imagine its one of two things. Firstly, there might be a process running that continually kills NAV upon startup (ctrl+alt+del is the best way to find this out) or secondly they're quite fond of mucking around with your 'services' settings. It's been a long time since i've had Norton installed, but I have a feeling if you go to Control Panel -> Administrative Tools -> Services you'll find some kind of related service there. It may have been changed to 'disable' in which case you would want to turn it back to automatic.

But your best bet is seeing what the virus AVG picked up was, looking it up and removing it. Otherwise any repairing you do may simply be undone upon the next restart.

Safe mode is your friend, as is Start->Run->msconfig under the 'startup' tag. Apart from stopping all the crap that usually runs upon Windows startup, often malicious programmes can be found there.

Also check your registry at HKEY_CURRENT_USER -> SOFTWARE -> MICROSOFT -> WINDOWS -> RUN if that doesn't work.

Another likely hiding place is Docs & Settings -> Username -> Application Data (hidden folder) - you'll often find little nasties lurking there, and, because its hidden, many users are unaware of its existence.

HTH

[ 02-03-2005, 05:08 AM: Message edited by: shamrock_uk ]

Thanks for that. It really cheered me up after a dreadful day at school. And the virus...erm...what shamrock said... :D

Delete and check for viruses in safe mode. That saves some trouble at times as well. To get there keep hitting F8 till you get a menu with options. It should be in there.

Let this be a lesson, never trust anyone.

Persoanly I make a process list and kill anything that show's up that's not on my list.

I wouldn't do it that harsh. Your friends don't want to send you the virus. The worm sends itself. In most cases I wouldn't say people intent to do this but they could watch their security a bit more. As well as you, ask what they sent you always and don't accept anything blindly even if it comes from a friend.

From my experience, Zone Alarm seems to be unable to block bad things from coming into your computer. Like Trojan Virus etc. I've found one in those of my computers some time ago. However, it seems to do a good job of preventing things from coming out of your computer.

Grab a copy of HiJack This and run it. That will identify any things that are hiding in strange places. Also, go to Trendmicro and do an online scan. The virus can't stop that from starting...

hey,

The newer versions of NAV can't be killed like that so Im guessing you have maybe NAV (or NIS) 2003 or earlier.

Here is what you can try and do.

1. Run your liveupdate to get the latest definations (click start>run, type in LUALL)

2. reboot your PC into SAFE mode

3. Open nav and run a virus scan.

If that fails use this removal tool (I'm pretty sure this is the one that is causing trouble for you)

Once it is gone reboot and try opening NAV in normal mode. if that fails Uninstall & reinstall.

Your Subscription should come back when you reinstall. if you have NAV 2003 or earlier then I would recommend that when you next come up for a renewal of your subscription that you maybe upgrade to a 2005 version (you can upgrade for a reduced price and they will ship it out to you) DO NOT get the download version get the disk as the download version is more trouble than its worth.

I have NAV 2004 right now, but that seems like a good idea, updating it to 2005.

As for W32.Bropia, I'm running the removal tool, though it SEEMS like AVG got rid of it. I also uninstalled MSN Messenger v 7.0 and am now using (ICK!) Windows Messenger...but it hasn't sent anything to my friends today...so I may be in the clear. Hard to say with a laptop that has at least 230000 files on it.

Thanks!

Quite right. Where I find a firewall useful is firstly in terms of stopping the virus from doing its work - I managed to run this particular MSN worm (wasn't really looking at the screen) and had just uninstalled my virus checker, yet Kerio caught it before it reached the second stage of propogation. I stopped it when prompted and was easily able to clean it.

A firewall is also great for catching a trojan/worm you're not aware of when it tries to connect outwards, and Kerio can catch programmes not on your whitelist when they run on startup.

Altogether a rather useful tool.

Do let us know how the situation goes Ilander...

[ 02-03-2005, 05:59 PM: Message edited by: shamrock_uk ]

Yeah the removal tools do take ages to run because they scan EVERYTHING.

If you are running windows XP you may also want to turn off you System restore, delete the prevoisu restore points and then create a new one so the virus doesn't get backed up to your system restore at any point.

2004 should have been affected by that virus and it shouldn't have been shut down. Very strange.