I recently installed Zone Alarm on the advice from another thread and that worked pretty good for a while. Then a few days later, my computer started to run really, really slowly. I ran the Mcafee virus program and it found and deleted 4 files (which of course I didn’t write down - doh!). They were something like scr***.dll sc32**.dll wcs… oh, I can’t remember exactly, but they were something like that.
Well, now I can’t open anything from my task bar or short cuts. I get error messages when I reboot telling me that file “or one of it’s components” is missing. One example is (c:winnt\system32 dspoff.exe) but when I go look for it, it is there. Same with Zone Alarm, can’t run it because ZoneAlarm.exe is missing (allegedly). Same for Mcafee too! If I go into a file, microsoft word docs will open but I can’t open microsoft word from the task bar, shortcut or the startup menu.
I got to thinking that maybe this was a Klez virus. Don’t ask me why but I did. I followed Mcafee advice and ran a virus check from DOS and that cleaned up 3 more files but didn’t help. It also told me to start in safe mode and from the start menu, select run and type regedit = well, I do this but it tells me that it can’t find it! I tried to download a Klez cleaning file to my desktop, but I can’t even open it - it gives me the same *.exe message!
I’m running windows 2k pro (in french) and I have a full system backup but it’s from february. Given that none of my programs are working, I’m not sure if I can even run it (or backup all of my files now).
Does anybody have any ideas or a website that might be able to help? Thanks!
This happened to me with Mcafee and Klez about a year and half ago on a friends PC I was helping her with and it was a real pisser as it killed my ability to run any .exe programs necessary to clean this piece of crap out the registry. This low tech virus has inserted a statement in the registry file that prevents .exe’s from working.
The Mcafee and Scymantec websites only address the Klez scenario where the exe’s are still working and are somewhat mis-leading for your problem.
In a DOS mode bootup I temporarily renamed the files I needed to run to clean it out (ie regedit.exe) to .com instead of .exe and the Klez virus did not intercept them.
I don’t know anything about Windows 2000, so I don’t know if any of the following applies.
Here’s what I would do if I saw this in Windows 98. I would suspect that the program path had gotten messed up somehow. I would then check the PATH statement in my autoexec.bat. The PATH statement tells the system what directories to look in for programs if they’re not in the current directory. If the PATH statement is messed up, I’d fix it. If it was okay, I’d begin looking for other causes.
Another way I would check the program path would be to go into DOS and type the command “path” with no operands to show the existing path.
To run regedit under these conditions, in DOS I would first navigate to the directory containing this program, then run it from there. This should always work. If not, there is a very serious problem.
Thanks for the suggestions - I might look into getting an older version of Zone Alarm. I talked to the guys at mcafee using their online chat and they suggested that I had the sircam virus. They sent me a file and then I rebooted and downloaded another one from them - for the moment things are back to normal. But the odd thing is that the virus scan didn’t identify any viruses as found. Hmm. Anyway, I’ll just keep on going until it pops up again.
I was going to suggest the Sircam virus; it hit us pretty bad a work. Beware! It spreads itself by searching for computers on the network that have non-password protected HD root shares set up (a la Win9x) and infecting them by placing itself in the autoexec.bat and Recycle Bin. It also emails itself out with its own SMTP engine. Symantec put out a fix as well but it didn’t remove all traces of it. It (the virus) renames a critical file Rundll32.exe to Run32.exe and Symantec’s fix didn’t correct this (this is where you’re inability to run .exe’s comes from). Read this link and go over the Manual Removal steps for each computer infected. Disconnect from the network beforehand. Find all computers with HD shared and either unshare them or password protect the share.