Warning: Function ereg() is deprecated in ..../includes/class_postbit.php(345) : eval()'d code on line 4

Warning: Function split() is deprecated in ..../includes/class_postbit.php(345) : eval()'d code on line 19

Warning: Function ereg() is deprecated in ..../includes/class_postbit.php(345) : eval()'d code on line 4

Warning: Function split() is deprecated in ..../includes/class_postbit.php(345) : eval()'d code on line 19

Warning: Function ereg() is deprecated in ..../includes/class_postbit.php(345) : eval()'d code on line 4

Warning: Function split() is deprecated in ..../includes/class_postbit.php(345) : eval()'d code on line 19

Warning: Function ereg() is deprecated in ..../includes/class_postbit.php(345) : eval()'d code on line 4

Warning: Function split() is deprecated in ..../includes/class_postbit.php(345) : eval()'d code on line 19

Warning: Function ereg() is deprecated in ..../includes/class_postbit.php(345) : eval()'d code on line 4

Warning: Function split() is deprecated in ..../includes/class_postbit.php(345) : eval()'d code on line 19

Warning: Function ereg() is deprecated in ..../includes/class_postbit.php(345) : eval()'d code on line 4

Warning: Function split() is deprecated in ..../includes/class_postbit.php(345) : eval()'d code on line 19

Warning: Function ereg() is deprecated in ..../includes/class_postbit.php(345) : eval()'d code on line 4

Warning: Function split() is deprecated in ..../includes/class_postbit.php(345) : eval()'d code on line 19

Warning: Function ereg() is deprecated in ..../includes/class_postbit.php(345) : eval()'d code on line 4

Warning: Function split() is deprecated in ..../includes/class_postbit.php(345) : eval()'d code on line 19
Virus ied.exe
Results 1 to 8 of 8

Thread: Virus ied.exe

  1. #1
    Member
    Join Date
    Jan 2005
    Location
    Wisconsin USA
    Posts
    197
    Good morning everyone. I am helping a friend try to remove a virus from his computer. He uses a dial-up connection. XP, Norton internet security 2005, spybot, adaware and msantispyware are used on this machine.
    The identitfied threat is called downloader.trojan and the infected file is identified as ied.exe. It's location is specifed as c:/ieds_7m.cab.

    So, here is what we've done. Tried to run Norton in safe mode. It froze, and appears to have disappeared. It is not in program files, no icons, a search cannot find anything. We went through and manually were able to delete the file in c:. Rebooted, file was still gone, rebooted in regular mode. Still gone. Tried to reinstall Norton, failed. No error, just won't run the disc. Auto run isn't working, tried... start, run e:, browse, setup. Won't run. The disc drive is working fine for other purposes. Checked the back of the norton disc, all looks fine, no scratches no smudges. Next step I suggested was an online Mcaffee and Norton scan. Every time the scan reaches a certain point, the scan locks and he is bumped offline. I assume that Norton won't reinstall becuase of a virus, however this .cab file was the only thing showing infection. I found some registry changes that should be made from the symantec site. Could these registry changes be why Norton won't reinstall? If anyone has had any experience with something like this, I would appreciate your suggestions. Also, I think his internet connection is always questionable. Slow, knocked off a lot. I use a cable modem and have suggested that he bring his tower over for me to try and run the scan from my connection. Sensible?
    Nobody can make you feel inferior without your permission.

    -Eleanor Roosevelt-

  2. #2
    Mentor
    Join Date
    Aug 2004
    Location
    Toronto, Canada
    Posts
    1,159
    Internet connection has nothing to do with that problem. Although I've experienced NAV refusing to reinstall, that is because the previous installation is still there, partially or in registry. One thing is to install a newer version but that may not be possible at all times. Try looking in the add/remove to see if it's there, if it is, remove it and then reinstall it.

    To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.

  3. #3
    Member
    Join Date
    Jan 2005
    Location
    Wisconsin USA
    Posts
    197
    Hey there,
    just spoke to my buddy and he said Norton is in the control panel, but every time he tries to remove it just locks up.
    Is it ok to just delete from "program files" and try to reinstall?
    He was able to run the online scan of norton and mcaffee, both are clean. He is complaining of his computer running very slow.Spybot is showing dso exploit. It seems unable to remove this, as is antispyware.
    any further suggestions?
    Nobody can make you feel inferior without your permission.

    -Eleanor Roosevelt-

  4. #4
    Associate
    Join Date
    Feb 2005
    Posts
    14
    you would need to delete the reg files that come with it otherwise it will still think it is installed
    download rescrub or regcleaner to remove the reg fiels
    but be careful

  5. #5
    Mentor
    Join Date
    Aug 2004
    Location
    Toronto, Canada
    Posts
    1,159
    like headshock said, if registry entries are still there, deleting the physical files won't do any good, only harm. Try looking up this issue on symantec's site, they will certainly have a solution to it. Of course, also post it here so we all know too.

    To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.

  6. #6
    Mentor
    Join Date
    Aug 2004
    Location
    Toronto, Canada
    Posts
    1,159
    Double post, maybe this will help
    http://www.symantec.com/techsupp/nis...005_tasks.html

    To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.

  7. #7
    Member
    Join Date
    Jan 2005
    Location
    Wisconsin USA
    Posts
    197
    Ok -- I got it installed again. Here is what I did.
    In the registry key.....

    HKEY_LOCAL_MACHINE\SOFTWARE\Symantec

    In the left pane, right-click Symantec, and click Rename.
    Type the following, and then press Enter to save the change:

    Symantecold

    There was another key symantec suggested changing but the key was not present on my buddies computer.

    Went to add/remove, where we were still unable to remove the rest of the program. We received an error similar to " we can't do that...."

    The fix I found on symantec's site was the following....

    Start, Run.... type msconfig. Under the general tab, select SELECTIVE STARTUP with Load system services checked and Use original boot.ini selected. Restart.

    Put in the cd and it autoran. Symantec has info on what to do if autorun isn't working.... but we didn't need it. Restarted in normal startup and away we went!

    Thanks for all the help!

    Nobody can make you feel inferior without your permission.

    -Eleanor Roosevelt-

  8. #8
    Mentor
    Join Date
    Aug 2004
    Location
    Toronto, Canada
    Posts
    1,159
    That's the right way, glad you got it fixed.

    To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.

Similar Threads

  1. uh oh! gotta virus!
    By capybara in forum Linux - Software, Applications & Programming
    Replies: 9
    Last Post: 09-06-2005, 07:29 PM
  2. help with new virus??
    By in forum Windows - General Topics
    Replies: 4
    Last Post: 09-17-2003, 02:22 AM
  3. virus forum??
    By in forum Windows - General Topics
    Replies: 28
    Last Post: 09-01-2003, 09:04 PM
  4. Virus?
    By mugs in forum Linux - Software, Applications & Programming
    Replies: 4
    Last Post: 09-24-2002, 10:26 AM
  5. Virus or Not?
    By Rastar in forum Linux - Software, Applications & Programming
    Replies: 4
    Last Post: 02-25-2002, 08:17 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •