I got hit with a Virus. I need help

[BrettB]

I got hit with a trojan horse virus that currupted my C:\WINDOWS\RUNDLLS.EXE. The Virus was called BackDoor-GK.svr. To get rid of the virus i had to delete the windows file adn i was wondering where I could get another file to replace it? Thanks for your help.

[Bjackso]

Off your windows install CD?

Also please note that backdoors have many variants. Id be curious if that was the only file it infected. After being infected by a trojen I would reccomend a system wipe/re-install... oh the joy the joy of it all.

Never open untrusted files !

[BrettB]

I would do it off of my windows cd buit i can't find it. Having a backdoor on my system dosent bother me all that much but now i am afraid to close down windows because i fear that it may not reboot.

[bhce]

Okay.... so do you at least have the cab files from the OS?? Either on the hdd or the orignal CD.... You need to use EXTRACT to get the needed file out of the cab file. Since if looks like you have at least a second computer, the current PKZIp for windows (shareware) will also decompress cab files. It will even show you the contents of the cab if you need to search it out...
Don't know how to use EXTRACT??? Go to Microsoft's Knowledgebase and seach for it.... Can't hold your hand all the way...

[BrettB]

What .cab file might the RUNDLLS.EXE be found in?

[BrettB]

Thanks for all of your help you guys/gals. I have fixed the problem or so i think. If not i will be back but till then thanks again.

ShadeInTheDark

[Sowulo]

Originally posted by ShadeInTheDark:
Thanks for all of your help you guys/gals. I have fixed the problem or so i think. If not i will be back but till then thanks again.

ShadeInTheDark

It could be very helpful to others if you would post your solution......

[BrettB]

I went through all of the cab files and i reinstalled the Rundlls.exe file that was currupted then i used the Ms config to turn off soem programs running in the back ground and my computer is now running great!

[Joker1]

if you have win98 you can also use the system file checker to restore infected, corrupted or missing files.

[ooosey]

I am infected with q virus which infects my windows files and gives it a .vir ending. what virus is this and how do I clear it.

[sennister]

The best cure for a virus short of buying a new HDD is Fdisk.exe. Not too many viruses can survive that. Store all Operating Systems and Programs one drive and get another for all your data. (A small 5-10GB is cheap now and it will hold alot of data.) That way you can get back up and running in no time flat. I have had a few viruses in my career and I just run Fdisk and then re-ghost.... problem solved. If you have a lot of data files you worry about periodically burn them to CD.

[Chapin]

Warning,
If Just save your files to another HDD, then when you ghost the image onto the new HDD then you might be copying the virus as well. If you really need to wipe your drive then is best to lose all your data and not to copy any thing, that should teach you a lesson to install antivirus software and keep your DAT files UP TO DATE.

[sennister]

oops I missed that point. I use Norton AV 2000 and check weekly for new updates. I also check daily on windrivers to see the latest Anti-virus update section. That way I know if something is out between my weekly updates.

[FooL]

Norton and Mcafee both have excellent sites that aid you in manual removal of virii. My suggestion is to take a little bit of time and LEARN about your virus. Read up on and it figure out EXACTLY what it is doing to your system. Only once you understand your virus will you be able to feel safe about your system once you've cleaned it.

Also *note*: If the virus is bad enough to cause a complete system re-load and you do the f-disk thing. Do this command as well-->

fdisk /mbr

/*This command fdisks your Master Boot Record*/ It's a nasty place a virus can hang out and resurface after a perfectly good fdisk/format/clean install.

[cabal]

If you can't find help at the microsoft site for extracting the cab file or getting rid of the virus, Symantec should have help on their site.