debra...
The virus you have has affected not only the two files
you named, but also two others. The BitDefender anti-
virus software site provides a page detailing the
various changes this virus makes to your computer, and
how to recover from it. Per the BitDefender site, the
virus installs the following files:
%WINDOWS%\dllreg.exe
%SYSTEM%\load32.exe
%SYSTEM%\vxdmgr32.exe
%WINDOWS%\windrv.exe
...where %WINDOWS% points to Windows folder (Win9x/Me)
or Winnt folder (Win2K/XP).
The BitDefender team has produced a free removal tool
for this virus, which is available at the bottom of the
page which details the virus:
http://www.bitdefender.com/bd/site/virusinfo.php?menu_id=1&v_id=153
Note that the virus makes changes to your registry and
copies email addresses from standard Windows address
locations, and stores them in %WINDOWS%\winload.log file.
The page doesn't detail whether this file is removed by
the tool, so you may need to search for it afterwards
in Windows Explorer and verify that it's been removed,
or remove it manually.
The virus also "searches for *.exe files belonging to
several antivirus/security products and attempts to
overwrite them with copies of the virus".
Therefore, you may need to reinstall any antivirus
program you are using. Or you may want to uninstall
it and try a different antivirus program.
I personally recommend AntiVir's free antivirus software
for personal use. It has a component, AntiVir Guard,
which detects viruses on-the-fly from websites and files
that you access:
http://www.free-av.com/
At the bottom of the BitDefender page, it is noted:
"You may also need to restore the affected files."
I searched my Windows 2000 installation, and the only
file I found, of the files named above, which seems
to be a standard Windows file is dllreg.exe. If this
file has been replaced by the virus, and subsequently
removed by the removal tool, you may need to restore
it from your Windows installation CD, or in some other
way. It's possible your version of Windows will replace
it automatically, but if this doesn't occur, just let
me know, and I'll see what I can do to assist you in
restoring it. I'll need to know what version of Windows
you are using.
Please do not rate this answer until you are satisfied that
the answer cannot be improved upon by way of a dialog
established through the "Request for Clarification" process.
A user's guide on this topic is on skermit-ga's site, here:
http://www.christopherwu.net/google_answers/answer_guide.html#how_clarify
sublime1-ga
Searches done, via Google:
Win32.Dumaru.A removal
://www.google.com/search?q=Win32.Dumaru.A+removal |
Request for Answer Clarification by
debran-ga
on
03 Jun 2004 17:07 PDT
Thank you, I was able to remove all virus'es, but program crashes and
this window keep appearing; C\Windows\System\vxdmgr 32 exe, file
missing or components. Also get a window from Microsoft saying click
debug and report error if I report and check on details they say
unuable to update Windows 98 Second Edition version. Often I cannot
connect to server or internet and still unable to activate Microsoft
Office to use my comcast e-mail.
|
Clarification of Answer by
sublime1-ga
on
03 Jun 2004 18:25 PDT
debra...
As noted on the page from the BitDefender site I cited in my
answer, the virus adds a line to win.ini which calls for the
vxdmgr32.exe file which is a disguised virus file:
"On Windows 9x/Me systems, it does the following:
- uses RegisterServiceProcess to hide its presence;
- modifies system.ini by adding the entry in the [Boot] section:
shell=explorer.exe %System%vxdmgr32.exe
- modifies win.ini by adding the following entry in the [Windows]
section:
run=C:WINDOWS\dllreg.exe"
I would have thought the virus-removal tool would have
taken care of these entries, but apparently they are still
there, and calling for the file(s) which have been removed.
So you'll need to modify these entries by hand.
Perform the following actions *exactly*:
Go to Start -> Run, and type in sysedit. Hit Enter.
Click on the X to close the Autoexec.bat sub-window.
Click on the X to close the Config.sys sub-window.
Scroll down the Win.ini window and look under the [windows]
heading for the entry:
run=C:\WINDOWS\dllreg.exe
...and simply erase the entry, being careful to erase only
that entry.
Click the X to close the win.ini window. Click 'Yes' to
save the changes.
Scroll down the remaining window, sys.ini and look for an
entry under the [boot] heading:
shell=explorer.exe %System%vxdmgr32.exe
Erase "%System%vxdmgr32.exe", or everything *but*:
shell=explorer.exe
Explorer may be capitalized...that's okay.
If you erase "shell=explorer.exe", you won't
be able to get into Windows.
Click the X to close the system.ini window.
Click 'Yes' to save the changes.
Reboot.
The annoying message should be gone.
You are unable to update via Windows Update because
Microsoft no longer supports Windows 98, so the service
is no longer available to you.
To my knowledge, the problems you're having connecting
are not related to the removal of this virus, nor is
the inability to open Microsoft Office. But do see if
there is any difference in these areas after taking the
steps above.
Let me know...
sublime1-ga
|
Request for Answer Clarification by
debran-ga
on
05 Jun 2004 18:47 PDT
Thank you, while attempting to follow your direction, I was unable to
initiate the third step. IN the Win.ini. window there is no listing
for run=C:\WINDOWS\dilreg.exe, therefore I did nothing, but I did
proceed to the next step to see if "%System%vxdmgr32.exe" is listed
(which it is).
Qustion, if I install XP would this over-ride my current problem?
debra....
|
Clarification of Answer by
sublime1-ga
on
05 Jun 2004 20:29 PDT
debra...
The dllreg entry being absent is fine - it's not specific to the
error message you're receiving. You aren't clear on whether you
removed the '%System%vxdmgr32.exe' entry. If you're thinking of
upgrading your operating system simply to avoid removing that
entry, I would encourage you to complete the removal of that
entry first, to see whether this resolves the problems you're
having.
If you 'upgrade' from Windows 98 to XP, meaning install XP
over 98 in order to keep your system settings, you will still
need to remove that entry from sys.ini, or it may be carried
over into the new installation.
If you format your hard drive and perform a fresh installation
of Windows XP, of course that entry will be erased, but so
will all your personalized system settings.
With regard to specific problems, if your connectivity problem
is due to some deficiency in your current system, caused by
the virus, then either type of installation would very likely
resolve the problem, as might a repair installation of WIN 98.
The difficulty opening MS Office will likely not be resolved
if you install XP on top of Windows 98. If you do a fresh
install, you will have to reinstall MS Office anyway, which
would probably resolve that problem even if you keep WIN 98.
sublime1-ga
|
