<Try running your scanner while in Safe Mode (press & hold F5 or shift at Windows start-up).
If this fails, jot down the names and locations of all the files that are backdoor programs. (e.g. C:\Windows\system\quicken.exe).
Reboot. Press F8 just after the BIOS screen disappears (you can repeatedly tap F8 to make sure you get it). You'll see the Windows boot menu. Choose "safe mode command prompt only". You will be placed at the C:\> prompt.
Delete each file ("del filename") by navigating to its folder (using "cd foldername" and "cd .." to go up a level). If DOS says it can't find it or it's locked, then you will need to change the file's attributes. Just do "attrib -s -h -r filename" to remove the System, Hidden, and Read Only tags all in one shot. You should then be able to delete the file.
When are all deleted, reboot. Windows may complain that files it's supposed to run at startup are missing. Use msconfig to edit the bootup system and remove the virus files from the "start these when loading" list.
Solution 1
To remove this Trojan, most of the steps are performed in Safe mode. Please follow the instructions in each section.
NOTE: The following procedure instructs you to delete files, file entries, and registry values. In some cases, they may have already been removed by NAV, or they were never added by the Trojan. If you do not find a particular file or entry, make sure that you followed the instructions exactly. If the file or entry does not exist, then proceed to the next step or section.
Enable show all files
Follow these steps to configure Windows to show all files:
Start Windows Explorer.
Click View (Windows 95/98) or Tools (Windows Me), and click Options or Folder Options.
Click the View tab, and uncheck "Hide file extensions for known file types" if it is checked.
Click Show all files, and click OK.
Restart the computer in Safe mode
If you are running Windows 95:
Exit all programs, and then shut down the computer. If the computer will not shut down normally, then proceed to the next step.
Turn off the computer, and wait 30 seconds. You must turn off the computer to remove the virus from memory. Do not use the reset button.
Turn on the computer. When you see the "Starting Windows 95" message, press F8.
Press the number for Safe mode, and then press Enter.
If you are running Windows 98:
Click Start, and click Run.
Type msconfig and click OK. The System Configuration Utility dialog box appears.
Click the General tab, and click Advanced.
Check Enable Startup Menu, click OK, and then click OK again.
Exit all programs, and then shut down the computer. If the computer will not shut down normally, proceed to the next step.
Turn off the computer, and wait 30 seconds. You must turn off the computer to remove the virus from memory. Do not use the reset button.
Turn on the computer, and wait for the menu to appear.
Press the number for Safe mode, and then press Enter.
Find and delete files
Follow these steps to locate and delete the files that were placed on your hard disk by the Trojan:
Click Start, point to Find or Search, and then click Files or Folders.
Make sure that "Look in" is set to (C:) and that "Include subfolders" is checked.
In the Named box, type (or copy and paste) the following file names:
CAUTIONS:
The next step is to delete these files from your computer. Make sure that you delete only the files listed, and if you typed the file names, that they were typed exactly as shown. Deleting the wrong file could prevent your system from starting. (The entry mi*.zip may result in several files being found, such as Mi29.zip, or Mine.zip. All such files should be deleted.)
If you are running Windows Me, the search may find the Winmine.exe file. This is the executable for the Windows Minesweeper game, and it is not necessary to delete this file.
This search will almost certainly find several files named Readme.txt. Each will be in a different location. Make sure that you delete only the one in the C:\Windows\System folder.
Delete each file in the Results pane; click Yes to confirm each deletion.
NOTE: If you see a message saying that the file is in use when you try to delete the Msdos98.exe file, then you cannot remove it at this point. Complete as many of the Solution 1 instructions as possible, and then proceed to Solution 2. Follow the instructions in the first two sections of that solution. You only need to enter the first two commands in the section Remove infected files. When the Msdos98.exe file has been deleted, restart the computer.
Right-click the Recycle Bin icon on your desktop, and click Empty Recycle Bin.
Click New Search, and then go on to the next section.
Find and change a file
Make sure that "Look in" is set to (C:) and that "Include subfolders" is checked.
Type win.ini in the Named box, and then press Enter.
Right-click the Win.ini file in the results pane, and click Properties.
NOTE: If you find more than one Win.ini file, make all changes to the one that is located in the folder in which Windows is installed; for example, C:\Windows.
Uncheck Read-only, and then click OK.
Double-click the Win.ini file to open it in Notepad.
Locate the entry that begins with run=. It should look similar to this:
run= C:\Windows\uninstallms.exe
NOTE: There is a large space between run= and the C:\Windows\uninstallms.exe entry. If you cannot locate the C:\Windows\uninstallms.exe entry, then click the Search menu and click Find. Type uninstallms.exe and then click Find next.
Place the cursor after run= , and then press Shift+End to select the rest of the line. Repeat this until the entire line is selected. You may have to press Shift+End four or five times.
Press Delete.
NOTE: A new variant of this Trojan has been found that does not add the text C:\Windows\uninstallms.exe.
Underneath run= , look for an entry that begins with RUNRESTORE=. It should look similar to this:
RUNRESTORE=C:\Windows\uninstallms.exe
If you find this entry, move the cursor to the beginning of the line, press Shift+End to select the entire line, and then press Delete.
To make sure that none of these entries remains, click the Search menu and click Find. Type uninstallms.exe and then click Find next. Remove any entries that refer to this file.
Click the File menu, and click Save.
Exit Notepad.
Remove an entry from the registry
CAUTION: We strongly recommend that you back up the system registry before making any changes. Incorrect changes to the registry could result in permanent data loss or corrupted files. Please make sure you modify only the keys specified. See the document How to back up the Windows registry before proceeding.
Click Start, and click Run. The Run dialog box appears.
Type regedit and then click OK. The Registry Editor opens.
Navigate to the following key:
I dont'use quicken (or have it installed), so I've no idea what the .exe is named. I wondered about that myself, but didn't check. I will say this, again, though. Do not open _any_ attachment unless you know exactly what it is, and if it's a pif, dll, exe, bat, com, vb (and a slew of other application type files), use a -good- antivirus to scan it with -first-. Always be aware that even your best friend could be affected by a worm propogating itself without their awareness. And if you -don't- run an antivirus program and you run windows, the same goes for you. There are more ways to contract unfavorable code than just opening the wrong email attachment. And the further we advance, more 'methods' are discovered every day.
What is the opinion on all in one printer and scanners? I need a new scanner, I already have a printer. Are they worth having the all in one version's I mean?
If you already have a printer why bother? Just buy a cheap scanner. It is my experience that home users only ever use a scanner about 1% of all PC usage time. So why spend big money on one if your not gonna get the use (like a DTP, or Web Designer would?).
To answer your question though, yes they are good for many reasons. They save space, one unit only.
You get a Printer, Scanner, Photocopier, Fax (providing you have the software) and the quality and price these days is great.
Well I do have a scanner, but it won't work on my XP computer, it does work on my ME one, but it only scans once on it, then it won't work until I have closed it all down and booted up again.
It has a USB connection, it doesn't say whether it is a USB2 fast connection or not.
Who makes your scanner? You need to go to thier site and download specific XP drivers (they are so different from 98 or ME) and the scanner will work fine :o))
I am having a problem to log on to MSN explorer and MSN messenger, not just my account, all of them on this computer.. it is telling me that either they have a problem with their service or I am not connected to the net.. obviously I am conncted cos I am here!!! as for them having a problem, would they have a problem for 3 days? and i know other people have been using it ok..
Can anyone guide me in what to do.
just got this email from my ISP--thought someone else might need it!!
__________________
Dear Comcast Customer,
This is a letter from Comcast High-Speed Internet - with important
recommendations on how to protect your computer from malicious
attack.
Recently, Microsoft identified a critical flaw in its operating system that
could allow an attacker to gain remote access to users' computers. To
help protect against such attacks, Microsoft has developed a patch
and made it available.
Because your protection is of paramount importance to us, Comcast
wants to make sure all of our customers are aware of the availability of
this patch. We strongly recommend that you download the Microsoft
patch to protect your computer from malicious attack.
To access patch:
Click on the following link to the Security section of the Microsoft Web
site:
http://www.microsoft.com/security/security_bulletins/20040210
_windows.asp
Please take the time to follow the outlined steps to help ensure
your computer's safety from this latest threat and uninterrupted
Internet access.
For more information and additional security updates, please visit the
Service Center of our portal at:
http://www.comcast.net/memberservices/index.jsp
It is called AIDA32, it is a freeware program (with no "extra" junk as far as I can tell). Bascily, once installed, you can run reports and it will give you 80+ pages of information about your computer... WAY more then you will every use (or probable understand), but some information may come in handy.
I've been using the Enterprise version (also free) with great success at where I work. (Which has a lot of older and donated comptuers - so it is nice to know more about each of those.)
Oh thank you BBW, I've downloaded that it is great. I also make good use of that other programme you told us about too Spybot, I find it so useful. Any more little useful numbers you come across tip us the wink. ;0)
I guess you know peer-to-peer programs which lets you download millions of title from the net!
If you like spyware, slow pc, popups and more wonderful annoyances, just download kazaa. You will then be able to download the whole internet for free :-)
If you prefer downloading from a website, just type something like "MP3" in your search engine...
Be sure you know how to survive delicacies like Dialers, Virus, Spywares !
Legally, the disk industry, which is losing a lot of money because of internet, is very agressive against people putting some music on their website. You can even go to jail ! This is certainly not what you are looking for.
It will take at least a few more years until you can all your music directly downloaded to your PC for a reasonable price. Sorry!
PS: one last word : do NOT believe that you are anonymous when you use kazaa. You are identified by your IP and therefore by your Internet Provider!
If you are going to use a peer-to-peer, I use Kazaa Lite which includes no spyware. (I was looking for it recently and could not find it, so I'm not sure if it is still out there somewhere or not.) But it works with the Kazaa "network".
Tip - Don't share - so far they have only went after users who also share their downloaded music with others. (NOTE: Other users don't like this, and some will not share with you if you also don't share)
One thing I download are live concerts and other acoustical song - songs that usually CAN NOT be found on a CD at any local music store. (My own rules is if I can go to the store and buy it, I should not download it.) Many artist are OK with people trading "live" non-album music.
I know all about that stuff. When i first had broadband a few years ago Napster was up & running. It's still there now, but you have to pay for everything.
Got HotBar? Want shot of it? Or indeed any other annoyance that seems to appear each time you boot or start email / web??
Download and install Spyhunter. It will identify Trojans, Spyware, Addware etc and tell ya how to remove it (sometimes will even give you the opportunity to tick a box and BANG! Its gone.
*edited* email me for a link (email is on my website)
This one is 6.4mb in size. Although is much better and allows full access to the removal functions. It also disables 80% of web pop-ups when left running while surfing.
I dont think spyhunter is pirated soft ware kitti :) if you do a search on the reliable google it appears to be a free download, so Aragon has not done that as such, or even at all.(or is it a 30 day free trial) I must admit i didnt look.
all he did really was to make it easier for you to down load this ??freebie?? by placing it on his site. It could save you searching and trying to find which is the best site to download from.
I might be wrong here and if so I will stand corrected :)
And i agreet with Lythande...fpt has nothing to do with spyware or the remove of.
ftp = file transfer protocol from memory and is used in the construction of web pages :)
File transfer protocol, yes (part of the tcp/ip suite). Web-page constructor, no. Though it is often used to -upload- 'pages' (or files), so I suppose you could say it aids in the construction of sites. It's simply a means of (gasp!) transfering files from one machine to another. :)
Bernice, yes, there's nothing wrong with the spyhunter link. But the second, now edited/removed link definitely wasn't freeware :)
And yes, ftp has nothing to do with spyware removal. I just got confused, the removed filename just sounded like a ftp client (BulletproofFTP) to me. I still think SmartFTP is a excellent choice :)
Its a nerds paradise i fink (explains why im going lol). It all about wireless networks etc, and also has some very impressive displays and trials. Like hackers vs security experts etc
Well that sounds very interesting indeed Angora honey, wish I could get there, save me a seat in case I can eh???? hehehheheheheeh right next to you of course.
Oooh.. sounds like so much fun... could be my chance to be that quiet little fly-on-wall and watch fishy and rek in live action, throwing around their b---- erm.. *blushes* nevermind 'notherstory.. Except that now I think they're both certified security experts and as to hacking, the less said, the better.
I've had a friend say they just recieved theirs, so I just ordered mine. I know it is free in the US, but they also list other countries - so if you live outside of the US and use Windows - you might want to check it out also. :-)
Not sure how good the CD is, but I'll take anything free from Microsoft! :-)
Google to offer free e-mail - and to show that it is serious in a bid to challenge yahoo and such, e-mail accounts will have 1GB Storage! (1000 MB) - (I think Yahoo is up to 250MB free?)
It is still in beta mode, but will hopefully start soon. (And if you want that cool "name" before it is taken - sign up early.) BUT AGAIN, Still in beta mode so you can't sign up yet. They have been testing it for about a year now, and will be released to the public soon.
Also no pop ups or banners - but what they are going to do is "dissect the topics being discussed in the e-mails and then deliver text-based ads related to the subjects".
(esconder) Pode usar algum HTML simples nas suas mensagens ou, se tiver uma inscrição paga, também pode usar o Editor de Texto Avançado. (pauloaguia) (mostrar todas as dicas)