Page 1 of 2 12 LastLast
Results 1 to 20 of 22

Thread: Now a Virus?????

  1. #1

    Angry Now a Virus?????

    It seems I now have a virus.
    I reformatted and restored my windows ME system the other day and spent yesterday trying to get things back in order on here. I have a firewall installed, as well as AVG virus protection.
    I downloaded calypso for my email last night and the second time mail came through AVG popped up and said one had a virus.
    There were 2 emails with files, both spam, neither opened.
    I now have 3 viruses detected and can not remove them or so says the AVG and the online scan I did.
    How in the world did it get t o be 3 viruses when only 2 emails came in, and how did I become infected if I did not even open the messages?????

    Also the virus stuff says they infected files can not be cleaned or deleted because they are currently in use.

    C:\_Restore\Temp\A0002198.cpy because it is currently in use
    all three files are similar
    how do I turn them off or get them not in use so I can delete them?
    I have tried all I can think of
    Thanks
    Louise

  2. #2
    R.I.P. 2013-11-22 blebs's Avatar
    Join Date
    Dec 2000
    Location
    North Canton, Ohio
    Posts
    12,819
    Louise what are the names of the viruses?

    Your probably going to have to disable system restore and scan again to delete the files. I think what is happening is that it's seeing the files in the restore section of the OS. Could be everything happening right now is related to them being in system restore.

  3. #3
    Dr Tweak mnosteele52's Avatar
    Join Date
    Jul 2001
    Location
    Chesapeake, VA
    Posts
    11,912
    blebbs is right Louise. Also if you find out the name of the virus you can always go to Symantec's site and they always have a free removal tool with excellent instructions on using it for any virus.


  4. #4
    R.I.P. 2013-11-22 blebs's Avatar
    Join Date
    Dec 2000
    Location
    North Canton, Ohio
    Posts
    12,819
    Grisofts answer:

    Description for disabling restore function for Windows ME

    Files placed in the _RESTORE folder are source files for the system restore function that is available in Windows Millenium operating system. Files that were healed were moved in their original INFECTED state into this folder and it is necessary to DELETE them by following these steps:

    Close all open programs. Then right-click My Computer on the Windows desktop
    Click on Properties
    Click on the Performance tab
    Click on File System
    Click on the Troubleshooting tab
    Check Disable System Restore
    Click on OK

  5. #5
    it is WORM KLEZ.H

    Will do the steps you listed blebs99
    Thanks
    Louise

  6. #6
    Dr Tweak mnosteele52's Avatar
    Join Date
    Jul 2001
    Location
    Chesapeake, VA
    Posts
    11,912
    I just removed the same virus this morning on a clients pc, you might also take a look at what Symantec says here. Listen to blebbs, he's excellent on security and virus issues.


  7. #7
    R.I.P. 2013-11-22 blebs's Avatar
    Join Date
    Dec 2000
    Location
    North Canton, Ohio
    Posts
    12,819
    If avg can't remove it after system restore is disabled, go to the link mnosteele provided and get the repair tool from symantec and run it. I don't for see you having a problem once sys restore is disabled though. Just be sure to rescan and delete anything that avg still detects.

  8. #8
    Well something seems wrong.
    I disabled system restore and rescanned
    Once with AVG, and again with Housecall
    Both show nothing infected
    How can that be? I did not delete or remove anything, simply diabled system restore. Arent those files still in my computer?
    Louise

  9. #9
    Elite Member Norm's Avatar
    Join Date
    Mar 2001
    Posts
    14,133
    Originally posted by momiam2six
    Well something seems wrong.
    I disabled system restore and rescanned
    Once with AVG, and again with Housecall
    Both show nothing infected
    How can that be? I did not delete or remove anything, simply diabled system restore. Arent those files still in my computer?
    Louise
    Disabling system restore effectively deletes the contents, other than a couple of system files.

    You are probably clean now.

    Since system restore runs in memory constantly updating your system 'backup' the virus was able to write to the _restore dir. But if AVG caught it, you are not infected so to speak. An infected file sitting on your drive is harmless, until activated (clicked), or executed by another file etc. Now that there are no infected files, you are safe from it activating again, unless of course another attachment comes in the mail.

    Louise, make sure you get all the secutriy patches at MS update, some of them patch holes in OE that allowed scripts to run when a mail was opened.

  10. #10
    Thanks for the explanation Norm.
    Although this has taken up sooo much time in the past couple of days it certainly has been a learning experience
    I got all the updates that were aavailable.
    These emails did not go through OE, I had installed Calyspo and they came through there.
    Not blaming it onCalypso, but deleted it and am back with OE.
    Louise

  11. #11
    Elite Member Norm's Avatar
    Join Date
    Mar 2001
    Posts
    14,133
    np, you are welcome.

    There is so much to know with computers, and more being developed constantly, viruses included. If you hang around or check daily here you will find problems others are dealing with, and hopefully stay ahead of the game.

    That's what I've been doing for a couple of years, and have learned an immense amout.

  12. #12
    R.I.P. 2013-11-22 blebs's Avatar
    Join Date
    Dec 2000
    Location
    North Canton, Ohio
    Posts
    12,819
    Even if you had OE that it came in, the same thing would happen. At least with OE, you can look at the properties of the email and usually find the original sending machine. If you knew that, you could contact that person and let them know that their computer is sending infected mail to you. It doesn't always work. Sometimes what shows as sender, is not the infected computer.

    One things for sure, if you got hit once, you'll get hit repeatedly until the offending computer is clean. Try to find out who it is if you can. I tried Calypso once but only briefly and don't remember if you can view the properties of the email like you can with OE.

    Now you know what to do the next time and yes, there will be a next time. Perhaps today yet. Perhaps tomorrow.

  13. #13
    R.I.P. 2013-11-22 blebs's Avatar
    Join Date
    Dec 2000
    Location
    North Canton, Ohio
    Posts
    12,819
    Originally posted by Norm
    np, you are welcome.

    There is so much to know with computers, and more being developed constantly, viruses included. If you hang around or check daily here you will find problems others are dealing with, and hopefully stay ahead of the game.

    That's what I've been doing for a couple of years, and have learned an immense amout.
    Liar! You invented the computer.

  14. #14
    Elite Member Norm's Avatar
    Join Date
    Mar 2001
    Posts
    14,133
    Originally posted by blebs99
    Liar! You invented the computer.
    I invented the Internet.

    Gore is the Liar !!

  15. #15
    I am back...was having problems with the computer and then through trying to figure out the problem did some virus scans. 2 came up clean, then 1 came up with JS_NOCLOSE.E
    I cleaned that but how do I know that my system is fine? I have rescanned with both virus things but what if the virus just changed names or is hiding somewhere?
    Louise

  16. #16
    Elite Member Norm's Avatar
    Join Date
    Mar 2001
    Posts
    14,133
    Originally posted by momiam2six
    I am back...was having problems with the computer and then through trying to figure out the problem did some virus scans. 2 came up clean, then 1 came up with JS_NOCLOSE.E
    I cleaned that but how do I know that my system is fine? I have rescanned with both virus things but what if the virus just changed names or is hiding somewhere?
    Louise
    You're clean, don't worry. Virus scanners don't just look for the virus name, they look into the code for 'known' issues etc.

    A tip for you "mom"....

    Go to Start>Settings>Folder Options>View tab, and make sure 'show all files' is checked and 'hide files of known extentions' is unchecked.
    Now if you get attachments named eg: Baby Picture.jpg.exe you'll be able to see the 'exe' part, and know not to open those or any file attachment that has 2 extentions. Or any with exe, bat, com, js, vbs.
    see this page as well http://antivirus.about.com/library/blext.htm


    AVG is a pretty good anti virus, but no one anti virus will catch all viruses etc. Do as you have been, online free scan every so often as well as keep AVG updated. If you want to spend some money, the very latest version Norton Anti virus (2003) is recommended as the best around. But don't run 2 at the same time. Uninstall AVG if you buy Norton.

  17. #17
    R.I.P. 2016-11-23 Croc's Avatar
    Join Date
    Jan 2001
    Location
    Up top East side Downunder
    Posts
    7,819

    Re: Now a Virus?????

    Originally posted by momiam2six


    Also the virus stuff says they infected files can not be cleaned or deleted because they are currently in use.

    C:\_Restore\Temp\A0002198.cpy because it is currently in use
    all three files are similar
    how do I turn them off or get them not in use so I can delete them?
    I have tried all I can think of
    Thanks
    Louise
    Hey Louise,
    Please, anyone correct me if this is wrong but I think your AV scanner found and fixed this at the time it first arrived.
    What was found and has caused concern is the .cpy files that System Restore had kept as part of it's function. These are copies of the originals therefore they were active. System Restore will not let you delete them because it considers them important and the only way to remove them is to do what was suggested.

    As Norm has said, if you do opt for Norton, don't actively run two AV programs. At best you should have one as the active program and use the second one as a manual scanner for when you do your hygiene routine, making sure to turn it off once you have finished.

    You may also want to read the info about JS_NOCLOSE.E here just to settle your nervousness a bit.

    When you think about it, AVG has done a great job for you so far.
    But then, I am a believer in AVG and use it and online scanners only.
    Hope this helps.

    Croc.

    Offtopic but had to after seeing the new Norm for the first time.
    Norm, your recent expedition to the outside world has really toned and sharpened your features.
    Must say, you do look well my friend.

    Croc.
    Croc.
    It will be long, it will be hard and there will be no withdrawal.
    Winston Churchill
    Remember: Wherever you go in life, you take yourself with you.

  18. #18
    Hi Croc,

    My AVG caught the virus but reported it could not clean or delete it because it was in use. So I turned off the restore thing and when I rescanned it came up clean. Did not clean or delete anything. In the log thing in AVG it still shows in red the name and that it was not cleaned...but like I said every scan turns up nothing.
    I turned on system restore again to see if it would show up again and it doesn't
    I have also scanned with an online scanner that shows my system is clean.
    I read the info on the JS_NOCLOSE.E Thank you it was very informative.

    I think i know where it came from though...I was doing a search for lyrics yesterday and one of the search results was this....

    http://www.letssingit.com/cgi-exe/am.cgi


    Please do not click on it
    I did not notice this until last night when I was showing hubby some song lyrics, and when I clicked on this link in my history tab the page just sorta hung, thats when I noticed the exe in the url.

    Not going with any other scanner than AVG I do like it. I also installed sygate firewall and it is so much simpler than mcafee!
    Thanks for all the input
    Louise

  19. #19
    R.I.P. 2016-11-23 Croc's Avatar
    Join Date
    Jan 2001
    Location
    Up top East side Downunder
    Posts
    7,819

    Smile

    AVG was right. The file couldn't be deleted because the file was in use .............by System Restore.
    There are 2 alternatives now.
    You could try and delete the file in the Virus Vault now. You should find it will go this time.
    Or,
    because the filename has been altered by AVG when the file was put into the vault, it's of no real risk to just leave it there. The Vault has a small cache so the file will drop off as you get more files in it. First in = first out.

    Have fun.

    Croc.
    Croc.
    It will be long, it will be hard and there will be no withdrawal.
    Winston Churchill
    Remember: Wherever you go in life, you take yourself with you.

  20. #20
    I just know the computer police will be at my door in a few minutes.
    "Ma'am Step Away From The Computer"

    I hang my head in shame...I have really done something wrong now.
    I pray you guys have enough petience to deal with me.
    I am on the kids computer because mine will not work

    I did a search on the computer for anything that has the worm klez thing and the noclose in it.
    It came up with 5 files.
    I deleted them all
    I do not remember their names
    I reboted
    Windows starts up butthen says
    SMC has caused an error in TSE.DLL
    My desktop loads a few things, I have no access to the internet although my cable modem light shows that i am connected. My start menu will not work
    I restarted in safe mode and it brings up the help screen but is like non functional
    I am running windows ME
    I can't believe I did whatever it is that I did
    I feel like a kid who should not be allowed to touch the computer unless i ask permission first
    Louise

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •