I let my virus protection expire for awhile and re-upped a couple of days ago. A scan confirms one file which still seems to be infected and cannot be removed to the Virus Vault. This one: C:\WINDOWS\Start Menu\PROGRAMS\STARTUP\_SLIM.VBS Any suggestions as to what to do?
First thing you should do is get a better anti-virus scanner than AVG (that's what you're using, right?). Get something like Norton, Kaspersky, or Eset NOD. I found one reference to this trojan on the Internet. The guy said this script apparently mucks with your registry and network settings. Deleting/removing doesn't revert your settings completely, so I'm guessing simply telling you to delete the file from your Start Up isn't really a solution. Go to CompUSA and get Norton Antivirus and see if it can fix the problem. If it can't fix the problem, then nuke the hard drive and start your Windows experience anew. ... next time keep your av patterns updated! Damn Republicans.
Thats the Vbs Love letter virus. I had it and it's a pretty good at hiding itself from virus scanners including the one I was running which was Norton 2002. BUT YOU CAN GET IT OFF YOURSELF! If you're going to bring it to comp usa, I'll do it for 10% off their fee 1. If you don't have Norton 2002, get it on Kazaa 2. Run a complete sweep of your computer and delete all files that come up with the VBS extension (the virus can alter alot of your comp's files, like mp3's jpeg's etc, just get ride of them.) 3.Go thru ALL your windows registries and delete all occurences of the VBS extension in your computer. Sometimes the path name mutates into names like "FBI and Goverment coverups" so take a good look at wacked out names. 4.http://www.symantec.com/avcenter/venc/data/vbs.loveletter.a.html This site will go in-depth and explain everything to you about the VBS virus, its varients and how to get rid of it. Hope this helps, the varient I got was so nasty that Norton wouldn't except it to analyze. I was pissed. ______________________________________________ milo If a person requires artificial resperation, and you are of the same sex as that person, and no one of the opposite sex is around to preform the procedure, you are gay.
I don't have the same file on my system as giddyup but I do have some files with a VBS extension. There were 16 files in an old data folder which was created for files which existed prior to my upgrade to WIN XP PRO about 6 weeks ago. I had no problem with the deletion of these 16 files. I do have a question about 9 files which currently exist in the folder: C:\Windows\system32 the files have names like: eventquery pagefileconfig prnconfg prndrv prnjobs Should these files be deleted as well?? They don't appear to be menacing and I recall having a McAffee update in Nov or Dec 2001. All of the 9 files have a modify date of 8/23/2001 @ 12:00PM. This is a Thursday and I should have been at work although I can't say with certainty. The website link seems to give the impression that the problem is for e-mailed "love letter" viruses. Any further advice?
Once you get the VBS virus it multiplies and hides itself in your regisrty. Try this program> http://www.majorgeek.com/index2.html it's called Ad-aware. It will help to shave off all the crap that is placed in your comp for tracking and spying. If anyone is on the internet alot, use this program. Gator, those files sound normal but can you post the extension? Right click and look at the properties so I check them out. I had alot of spyware on my computer that hide itself under regular windows names. Vbs does usually trojans itself through email but newer versions have been said to start HTML based through your web browser.
Don't listen to the advice above that says delete everything with a VBS extension. You may render some app or process in your system useless. The VBS extension is not bad. "VBS" simply stands for "Visual Basic Script". There are several worms that were/are written using VBScript, however there are also several native Windows scripts written in this language that are harmless and are part of the OS. It'd be like deleting everything with an EXE extension simply because one of them happened to be malicious. By the way, AVG sucks. Did I mention that?
GATER, Those are examples of VBS scripts that are native to Windows and should reside in the Windows directory. Check the spelling on the these 2, though : prncnfg.vbs (you have it spelled "prnconfg") prndrvr.vbs (you have it spelled "prndrv") Just making sure those are just typos on your part. Oh, and you should try to update your virus definitions at least once a week. Once a month and Once a quarter was great in the past, but there are hundreds of new viruses and trojans introduced every month. Stay up-to-date and stay safe.
Windows script is out dated an not really used for anything anymore. That is why most computer users just disable it all together, it can only be used for bad. Delete all the Vbs extensions in your registry. That bug will spread and automatically send itself to everyone in your email addressbook--stuff like that. Death to windows script!!! Delete the VBS extensions in your registry--they are not important and can only be used for evil!! giddyup-send Dr. of Dunk an email _______________________________________________ milo If a person requires artificial resperation, and you are of the same sex as that person, and no one of the opposite sex is around to preform the procedure, you are gay.
My computer can beat up your computer!! ___________________________________________ milo If a person requires artificial resperation, and you are of the same sex as that person, and no one of the opposite sex is around to preform the procedure, you are gay.
Here's a link to see how easy it is to crack Windows Scripting> http://www.klaphek.nl/nr6/scrdec.html Here's a site that explains why it sucks for non computer nerds> http://www.nsclean.com/psc-vbs.html Here is the program to disable it. (From Symantec Security) NoScript.exe http://www.sarc.com/avcenter/venc/data/win.script.hosting.html This should help. _______________________________________________ milo If a person requires artificial resperation, and you are of the same sex as that person, and no one of the opposite sex is around to preform the procedure, you are gay.
DoD - You are correct, I "fat fingered" the spellings. Here is the correct list: eventquery pagefileconfig prncnfg prndrvr prnjobs prnmngr prnport prnqctl pubprn I will take your update advice to heart. milo - In all cases, the properties on the above files display "VBScipt Scipt File". Later when I have time, I will take a look at the recommended sites. Thank you both.
Man, I thought there was an answer somewhere up there. It's as plain as... well... plain as American. Seriously. Go read my initial response or do as milo says. Either way, the process for reverting to previous-running conditions probably won't be easy. If you want, you can email the file (or its contents) to me and I can at least try to tell you what all it's mucked up on your pc. The sad thing is that since it's in your Start Up group, it's probably done whatever it needs to do to your PC.
Your pc's been compromised. It's plain to see. I hope you get it fixed. And I mean that as an Indian and an American...
http://housecall.antivirus.com/ Go here. It is a free online virus scanner. You have to give them your email. That's all. Let it run. Hopefully it hasn't damaged too much. I am not sure this is the loveletter virus. I can not find any info on slim.vbs
