Hybris virus

My friend is infected with a Hybris variant, which appears to be an oldie. He has WIN 98SE, on a 533Mhz, 64 RAM, 20 GB computer. The symptom is the classic "large spiral" graphic covering the majority of his screen, which makes normal operation impossible.

I fixed it quickly several years ago and despite warnings to him and his kids, he did not regularly upgrade his virus protection system (very old), monkeyed with the settings I left to scan on start-up and continuously as his computer slowed down, nor were any of them careful it seems with what emails and attachments they opened.

I followed directions from my virus help files for this Hybris "spiral" problem to restore WSOCK32.DLL both from the C:\WINDOWS\OPTIONS\CABS directory and the WIN98SE CD-ROM, while in safe mode and in MS-DOS mode. I tried every suggested method.

Neither action has cured the problem. I use WINXP with continuous virus scrutiny and am told that XP will not allow the WSOCK32.DLL file to be altered as did 98SE.

I have also removed all unnecessary, unused or unknown software, cleaned the cache, removed all cookies and temporary internet files.

Is WSOCK32.DLL the problem or is some other file at issue? He of course cannot access the internet in safe mode and can do nothing in normal mode.

Suggestions? What can I do from my end? Is there something I can download on my computer to disk and apply to his computer on start-up?

What is my next step?

 

Welcome to MajorGeeks.com, please follow the steps below:

- Run ALL the steps in this Sticky thread READ & RUN ME FIRST Before Asking for Support

• Make sure you check version numbers and get all updates.

After doing ALL of the above you still have a problem make sure you have booted to normal mode and run the steps in the below link to properly use HijackThis:

Downloading, Installing, and Running HijackThis

Make sure you also rename HijackThis.exe as suggested in the procedures. Use analyse.exe for the new name. This is very important due to some new infections going around.

When you return to make your next post, make sure you attach the following logs and that you have run these scans in the following order too:

• CounterSpy - ONLY IF you were not able to run Windows Defender
• Bitdefender - from step 6
• Panda Scan - from step 6
• runkeys.txt - the log from GetRunKey.bat
• newfiles.txt - the log from ShowNew.bat
• HijackThis

 

Thank-you for the advice. I ended up re-visiting the win.ini file and deleting the abhorrent file next to the run= line a file that didn't seem to fit. Then I searched...laboriously...the *.exe files and found the culprit. Mocking me, it was! Deleted the bastard...it felt good. It mocked me, the bastard. This after going to the win.ini file and deleting what wasn't obviously the problem until visiting MajorGeeks. Then I re-did what I should have done in the first place re: wsock32.dll, etc. Followed directions after that and it was gold.

Bottom line:it worked.

I just didn't think it through like I normally do and should have. Anyway...didn't have to go through the normal protocol, but......my friend should really upgrade to a higher CPU with waaaaay more RAM (as I've told him over and over). His system can't handle the most basic virus protection system anymore so it is only a matter of the next surfing episode that I will have to be trying to bail him out again. He has been directed to buy up...better CPU, more RAM...and sign on to a REAL vps.