[Date Prev][Date Next][Subject Prev][Subject Next][
Date Index][
Subject Index]
Virus
- Subject: Virus
- From: Judith Davidsen jdavidsen@xxxxxxxx
- Date: Fri, 22 Dec 2000 00:09:49 -0500
A little while ago, out of the blue, I received the email
instructions below from McAfee for removing the w32/MTX
virus/worm. In subsequent correspondence, McAfee claims I do
not *have* the virus/worm but that I have an attachment that
contains it.
Since the only attachments I've received in the past two
weeks have been from this list (I haven't had time to open
any), I thought I should let you all know.
A scan of all my drives didn't pick up anything and I am
still waiting for McAfee to let me know if they can identify
which attachment is involved.
Meanwhile.....
Judith Davidsen
=========================================================
Judith Davidsen wrote:
>
> WHAT ATTACHMENT???????
>
> clinic_support@xxxxxxxx wrote:
> >
> > Dear jdavidsen@xxxxxxxx,
> >
> > Thank you for writing. Apparently you do not have the virus, but the
> > attachment you have does contain the MTX virus. You can give the other people
> > on your list the instructions I sent.
> > Thank you,
> >
> > Katherine G.
> > Senior Technical Support Engineer
> > McAfee.com
> >
> > --Original Message--
> >
> > I just received this message from you.
> >
> > Does this mean I have the W32/MTX Worm?????
> >
> > Please reply ASAP
> >
> > Many thanks
> >
> > Judith Davidsen
> > jdavidsen@xxxxxxxx
> >
> > clinic_support@xxxxxxxx wrote:
> > >
> > > Manual Removal of the W32/MTX Worm
> > >
> > > Boot into Safe Mode
> > >
> > > 1. Shut the computer down so the power is off.
> > > 2. Wait 20 seconds or so.
> > > 3. Turn the computer on and immediately begin pressing the F8 key on the keyboard once
> > > every second repeatedly. Do this until the Windows Startup Menu appears. If you get a
> > > keyboard error, press F1 to resume and then continue pressing the F8 key once every
> > > second.
> > > 4. Select option #3 (Safe Mode) from the Windows Startup Menu, then press the Enter key on the keyboard.
> > > 5. Windows will then boot into Safe Mode. NOTE: This may take longer than a normal boot.
> > > 6. At the end of the boot process a dialog box will appear informing you that Windows is in Safe Mode. Click OK on this dialog box.
> > > 7. Windows is now in Safe Mode.
> > >
> > > Backup the Registry
> > > IMPORTANT: Before modifying the registry on your computer be sure to back it up. This
> > > will safeguard your Windows 95 or Windows 98 installation. You can recover your Windows
> > > 95 or Windows 98 configuration by restoring the backup if something goes wrong.
> > >
> > > 1. Click on the Start button.
> > > 2. Click on Run.
> > > 3. Type in REGEDIT then click the OK button. The Registry Editor will then appear.
> > > 4. Click on the Registry pull-down menu then click on Export Registry File.
> > > 5. The Export Registry File dialog box will then appear. The top of this dialog box
> > > contains an option entitled Save In. Make sure Desktop is selected for the Save In
> > > option. If it is not, click the pull-down arrow and select Desktop from the menu.
> > > 6. In the File Name field type "Backup" (without the quotation marks).
> > > 7. In the Export Range group box make sure All is selected.
> > > 8. Click on the Save button. You have now created a backup of your registry.
> > > 9. Close the Registry Editor by clicking the X in the top right corner.
> > >
> > > NOTE: If you need to restore the registry you can double-click on the backup file you
> > > created and it will be restored. The backup file will be located on your desktop. Once
> > > you have finished these instructions and are certain everything is working properly it
> > > is important to delete the "backup" file you created. Do this by right-clicking on the
> > > Backup file on the desktop then left-clicking on Delete from the pop-up menu that
> > > appears. This will ensure that the old registry is not accidentally restored once this
> > > process is complete.
> > >
> > > Edit the Registry
> > >
> > > 1. Click START then RUN
> > > 2. Type REGEDIT and click on OK.
> > > 3. In the left panel, click the "+" to the left of HKEY_LOCAL_MACHINE
> > > 4. Click the "+" to the left of Software
> > > 5. Click on and highlight the folder Matrix, and hit the Delete key and delete it.
> > > 5. Click the "+" to the left of Microsoft
> > > 6. Click the "+" to the left of Windows
> > > 7. Click the "+" to the left of Current Version
> > > 8. Then Single click on Run, so it is highlighted.
> > > 9. Click on and highlight SystemBackup in the Name filed. The data field should say:
> > > "c:\windows\mtx_.exe"
> > > 10. Delete the entire key by pressing the DELETE key. Answer YES when asked to confirm.
> > > 11. Close out to of the Registry Editor by clicking on the X in the upper right hand corner.
> > >
> > > Change the Folder View Options
> > >
> > > 1. Double-click on the My Computer icon on the desktop.
> > > 2. Double-click on the C: drive.
> > > 3. Click on the View pull-down menu then click on Options (or Folder Options). The
> > > Folder Options dialog box will then appear.
> > > 4. Click on the View tab.
> > > 5. Select the 'Show all files' option.
> > > 6. Uncheck 'Hide file extensions for known file types'.
> > > 7. Click the Apply button followed by the OK button.
> > > 8. Close the remaining open windows until you are back on the desktop.
> > >
> > > Removing the Virus Files.
> > >
> > > 1. Click on the Start button.
> > > 2. Highlight Find then click on Files or Folders. The Find Files dialog box will then
> > > appear.
> > > 3. Make sure the C: drive is selected for the Look In option.
> > > 4. In the Named field type in IE_PACK.EXE then click the Find Now button.
> > > 5. The computer will then search for this file. When the file is found the file's name
> > > will be displayed towards the bottom of the dialog box.
> > > 6. Once the file is found right-click on the small icon that appears to the left of the
> > > file's name. A pop-up menu will appear.
> > > 7. Left-click on Delete to remove this file.
> > > 8. Repeat steps 4 - 7 for the for the following file:
> > > MTX_.EXE
> > > WIN32.DLL
> > > WSOCK32.MTX
> > > 9. Once all three files have been deleted close the Find Files dialog box by clicking
> > > the X in the top right corner.
> > > 10. Empty your recycle bin by right-clicking on the Recycle Bin icon on the desktop and
> > > left-clicking on Empty Recycle Bin.
> > > 11. Restart the computer.
> > >
> > > Restoring the Wsock32.dll file
> > >
> > > 1. Click Start, the click on Run.
> > > 2. Type in SFC in the Run line, and click on OK. The System File checker box will appear.
> > > 3. Click on "Extract One File From Installation Disk," then type Wsock32.dll in the
> > > open field below.
> > > 4. Put in your Windows 98 CD.
> > > 5. Click on the Start button, and it will bring up an Extract file window.
> > > 6. In the "Restore From" field, type in "C:\Windows\Options\Cabs" (with out the
> > > quotation marks).
> > > 7. In the "Save file in" field, type in "C:\Windows\System" (with out the quotation
> > > marks) , and then click on OK.
> > > 8. It will prompt you to create a back up file. Make note of where it puts the backup,
> > > incase you need to restore that file.
> > > 9. It will then extracted the file, and once it is done, it will prompt you to restart
> > > your computer.
> > > 10. You will now have a clean Wsock32.dll back on your system.
> > >
> > > NOTE: Only if you get the error that the file was not found, will you need a Windows 98
> > > CD to proceed with the following steps. If you don't have a Windows 98 CD, then you
> > > will need to follow the instructions for Recovering the Wsock32.dll from a clean
> > > computer.
> > > 1. Put in your Windows 98 CD.
> > > 2. In the "Restore From" field, type in "C:\Win98" (with out the quotation marks).
> > > 3. In the "Save file in" field, type in "C:\Windows\System" (with out the quotation
> > > marks
> > > 4. Now click the OK button.
> > > 5. It will prompt you to create a back up file. Make note of where it puts the backup,
> > > incase you need to restore that file.
> > > 6. It will then extracted the file, and once it is done, it will prompt you to restart
> > > your computer.
> > > 7. You will now have a clean Wsock32.dll back on your system.
> > >
> > > Recover WSOCK32.DLL file from a clean computer
> > > Only follow the next 2 sections if you got an error while trying to restore the
> > > wsock32.dll file.
> > >
> > > On the Clean Computer
> > > Copying the Wsock32.dll file from a clean computer.
> > >
> > > 1. From a clean computer, with the same Operating System (i.e. Windows 98) copy the
> > > file C:\WINDOWS\SYSTEM\WSOCK32.DLL to a floppy disk.
> > > 2. To do this go to clean computer Insert a Floppy
> > > 3. Double click on My Computer then C: then Windows then System.
> > > 4. Find the wsock32.dll file in this directory (hint the files are in alphabetical
> > > order the file should be near the bottom)
> > > 5. When you locate the File wsock32.dll, right click on it and choose send to then
> > > choose 3 1/2 Floppy from the menu.
> > >
> > > On the infected computer
> > > Boot to Safe Mode Command Prompt Only and copy the file
> > >
> > > 1. Turn the computer off. Wait a few seconds.
> > > 2. Turn on the computer. Immediately after you turn the computer on, press the F8 key
> > > repeatedly until you see the Microsoft Startup Menu.
> > > 3. Using the arrow keys, select "Safe Mode Command Prompt Only", and press ENTER.
> > > 4. You will come to a black screen where you will see a C:\>
> > > 5. Insert the floppy, with the file, into the infected computer.
> > > 7. Type in COPY A:\WSOCK32.DLL C:\Windows\system and press enter.
> > > 8. Press Ctrl+ Alt+Delete now to restart your computer.
> > >
> > > Scan Your Computer
> > >
> > > 1. Connect to the Internet.
> > > 2. Go to http://www.mcafee.com
> > > 3. Enter your password and email address, and click the Login button.
> > > 4. Click on the "Online Applications" link. A new page will then load.
> > > 5. Click on the "McAfee.com Clinic" link. A new page will then load.
> > > 6. Under the VirusScan Online section click on the "Scan" link. A new page will then
> > > load.
> > > 7. Click on the Run button located towards the bottom of the page.
> > > 8. If you are using this service for the first time you will then see a page with a
> > > "Start Download" link. Click on the "Start Download" link to download the necessary
> > > components.
> > > 9. Once the download is complete click on the "Click here to use McAfee VirusScan
> > > Online" link.
> > > 10. The VirusScan Online screen will then appear. In the Scan In box select the drive
> > > you would like to scan (C: drive, etc). Then click the Scan button located in the lower
> > > right corner.
> > > 11. The program will then scan the selected drive for viruses. If a virus is found a
> > > notification will appear in the Scan Results box.
> > >
> > > You will want to Clean or delete any file that is infected with the W32/MTX worm virus.
> > >
> > > NOTE: If you still have trouble with your computer after following these steps it is due
> > > to the damage done by the virus.
> > > What you will need to do if still experiencing problems is call your computer
> > > manufacturer and tell them the virus is GONE but has done damage to system files.
> > > At that point you will need to decide with them whether to restore altered files
> > > or reformat the system.