virscan

Hello all,
I found this in c/ today and didn't know what it was. When i openned the zip
there were many many files in it i clicked on one that said "set up info" Notepad came up and the first thing i saw was this:
õ O$ No additional information. This virus infects the master boot record and boot record of floppy disks. Bootup from infected floppies often causes system hangs Lenart This virus contains the text, "I am Li Xibin!". Bootup from infected floppies often causes system hangs This is dropped by the "Backdoor.Poly" or "Backdoor.SubSeven". You must delete this file. This is a trojan horse program and not a virus. This program can be used to allow unauthorized access to your computer. You must delete this file. This is a backdoor type trojan program which can be used to allow unauthorized access to your computer. This backdoor trojan loads by adding to the line shell=explorer.exe in the SYSTEM.INI file. To clean, replace that line and delete the corresponding file from the C:\WINDOWS directory. This virus does little but replicate. Note that Boot-437 does not infect the MBR of the hard drive; it infects only the Boot Sector. This is a Internet worm that uses .bat files to search through a range of IP addresses of known ISPs to find an accessible computer. If an accessible computer shares its C drive, it copies its files onto the other computer. DIR.Byway Byway creates a file called CHKLIST.MS in the root directory. DO NOT delete this file, as you will lose original file data! OZ, Die Hard.II, Die-Hard.4000.d Infected programs have the word "OZ" near the end of the file. Creeping Death Changes directory entries to point to itself. Using the "CHKDSK /F" command will destroy all program file linkage. To repair infected systems, you must use the DOS version of NAV. CMOS Killer This family of viruses attempts to modify CMOS information. EXE files are overwritten by virus code turning them into droppers. On the 18th of any month, the virus plays a clicking sound whenever a key is pressed. The virus contains the text: "The FORM-Virus sends greetings to everyone who's reading this text. FORM doesn't destroy data! Don't panic!"

If anyone could please tell me how to proceed it would be greatly appreciated
The file does not want to let me delete.
It also has a lot of nero files in it and i unistalled nero about six months ago.
Thanks for any help,
Dan

 

Hi Halo,
I have never heard of virscan i was in c/ looking for a scanner that i downloaded from M/G to show my memory usage. Thats when i found VIRSCAN ZIP FOLDER and opened it. I tried to follow delete instructions but it did not work. I have AVG free, Spybot and ad-aware. Also i have RemoveIT pro XT2 I have ran all and come up clean.
This am when i booted the puter removeit pro xt2 encountered a problem and had to close yahoo mess. could not sign in i lost my active desktop(recovery would not fix) and i had a window pop up saying "run time error 216 at 00017d57 there were 5 or 6 of them.
I went to msconfig and disabled all in an attempt to get things running. I got my desktop back but i had xt pro disabled and it loaded anyway??
I will begin the proses you told me to this evening i sure am glad your here to help!!
Thanks,
Dan

 

Hi Halo,
Move on boot worked to get rid of the file. Thanks it was great and easy.
I have followed all the suggested steps in read & run me here are the results:
nothing bad found in add remove programs
In safe mode
ran cccleaner
Spybot----clean
Defender--clean
MS.M.S.R. Tool--clean (All in safe mode)
Had to reboot in normal mode i could not get on line
I have the sun java 5.0 update8
Bitfinder could not update and scan failed "in normal boot"
Panda scan found (please see attached)
runkey (please see attached)
newfile (please see attached)

Things seem to bne running ok now should i still run HJT ?
Do i need to toggle system restore?
Thank you for the help and a great learning experience!

HAIL HALO & THE MAJOR GEEKS,
Dan

 

Hi Chaslang,
Thanks alot for the feed back!! I updated firefox and java this am.
When i rebooted RemoveIT xt2 pro popped up and told me it found a virus.
I have done nothing except those two downloads since the cleaning yesterday.
8:40:35 AM: Infected file (Sys32.zport4as) C:\WINDOWS\system32\zport4as.dll
8:40:35 AM: 1 Dangerous files has been found on your computer.
Click on "Fix" button to fix selected tasks.

Any Ideas what it could be?? I am not sure if i should (fix) because of all the extra programs i downloaded for the cleaning yesterday.
Thanks for all the help,
Dan

 

Hi Chaslang,
I would like to thank you and all the MAJORGEEKS for taking the time and effort to help all the computer dummy's like myself ! It is a great community service all of you are doing. It's wonderful to know that we have somewhere to go for straight forward ( SAFE ) help that doesn't cost a fortune or even a penny.
Your guidance and efforts are greatly appreciated,
Dan