Long story short: my computer’s acting funny, I installed a copy of Norton Anti-Virus Corporate Edition 7.52 and located about nine or ten infected files.
I’m on a PIII 533 MMX etc etc.
Viruses found in my system files:
w95.hybris.gen (1 found)
w95.hybris.gen.dr (1 found)
trojan horse virus (7-8 found)
Now, the program said it was unable to (insert virus program verb here) the infected files. My first inclination is to download the newest update. However, on a 28.8k modem that’s going to take awhile and I don’t know anything about these viruses (viri? no, that looks silly) so I’m kind of paranoid about leaving my computer on more than I have to, especially since there’s no guarantee that the update will rectify anything.
So now the question: what should I do?
(Moderators: my apologies if this is on the wrong board. I’ve seen similar questions before, but if they were on the wrong board, too, please put this in the correct forum.)
The word you are looking for is either ‘cleaned’ or ‘disinfect’ (probably).
As to updating your virus definition files that is a must do. However, you still won’t be able to clean your infected files if they can’t be cleaned now.
Some viruses can be stripped from the original file they infected leaving the original file intact. Unfortunately, this can’t be done with all files. In those cases the only choice is to leave it be, delete it or quarantine it. Quarantine is a waste of time for most people and the virus should definitely be deleted from your system. If the file is something you desperately need then try and get the data out before deleting (realizing that just opening that file can cause further infection or other nastiness to your system). Usually deleting it is the way to go and hope it wasn’t something critical to your system.
As to leaving the PC on to download the latest virus definitions I wouldn’t worry too much. Clean out what Norton has already found and re-boot your PC. Download the latest virus definitions and re-scan your PC…don’t be surprised if new viruses are found. Clean whatever Norton finds, re-boot and you’re good to go.
Remember to download definition files a least once a month and scan after each download.
You might also try a different anti-virus software program. I’ve found that Norton tends to screw up the machines I run it on, whereas others like McAfree, don’t. Does that mean one’s better than the other? I dunno. YMMV.
Good point Tuckerfan but you have to be careful to enable the “Auto-Protect” feature on only one anti-virus product at a time. If you enable more than one it might be OK but it can cause problems. With what my kids download on the PCs, I get the new virus definitions at least every week.
I use Norton all the time (not the corporate version) and do updates every week, most updates aren’t more than 300 kb and on my slow assed connection (about 26.4 with average dowload rates of 2.3 kb per second) it doesn’t take that long.
Your update shouldn’t take you more than a half hour. Simply launch the update at the beginning of your lunch hour and when you come back the files should be uploaded, reboot then do a full system scan.
BTW, I have had the same problem with McAfee but not with Norton that Tucker has…I hate McAfee.
Also, go to Norton’s website and usually they have removal instructions. http://www.symantec.com
Norton also has tools to remove the viruses. You can also find them at Trend Micro (http://www.antivirus.com)
The main reason Norton can’t clean viruses is that the virus programs are running on the the computer. You can’t delete a running program. One way to get around this is to boot the computer in safe mode (press F8 when it says “Starting Windows 98” and select “Safe Mode”). Once started, run Norton and see if it cleans it then.
Hybris is extremely common. It’s also about a year old, so Norton should clean it if it isn’t running. You also may have to fix items in the registry.
The trojans are another matter. You may have to get a specific trojan cleaner, since antivirus has problems with trojans once their installed on your computer.
W95.Hybris.gen was found in wsock32.dll, right?
The “Trojan Horse” detections were in randomly named files consisting of letters, right?
W95.Hybris.gen.dr is a .EXE file with 8 random letters and the first two are the same as the last two, or it’s the file you ran in the first place to get infected, right?
You need to replace wsock32.dll with a clean copy or repair it. Norton should be able to repair it but you may have to do it from DOS.
The “Trojan Horse” detections are the virus plugins. You can just delete them.
W95.Hybris.gen.dr will be the pure virus body. You can delete that too.