Virus Brasil nº8:(Rev.txt):20/02/2001 << Back To Virus Brasil nº 8
Rev. "F" 02/01/2001 "Hybris.B" Removal Instructions Courtesy of the alt.comp.virus newsgroup participants. (These "anti-malware" pages are the result of a continuing cooperative effort.) New Removal Helper Utility! NOTE: This program only edits the WIN.INI and erases the file with the hidden attribute; it is only a tool and does not implement the full instructions detailed below. *Win-edit.zip *Contains three files: 1. Read This Before Using!! 2. WIN-EDIT.EXE 3. PREP.BAT - Notes The following instructions apply to default Win 9X Setups: - Begin Manual Removal Instructions - From a power-off condition, boot into command line mode (DOS) by holding down the F8 key as the PC boots up, to get to the selection. At the C:\ prompt, type from the keyboard: Type del c:\windows\system\wsock32.dll Type edit c:\windows\win.ini (You will be editing the Windows Initialization file.) Note the name of the eight character .exe file appearing after the line containing load= which has random characters. (We'll call it xxxxxxxx.exe) here for example. You need to remove only xxxxxxxx.exe from the line. Now Exit from the DOS Editor. Type attrib -R -H c:\windows\system\xxxxxxxx.exe Type del c:\windows\system\xxxxxxxx.exe Press Ctrl-Alt-Del and proceed to reboot (restart) to Windows. --- Restore WSOCK32.DLL --- Win 98: Run the System File Checker - Start, Run Type sfc Press Enter Choose "Extract one file..." Type c:\windows\system\wsock32.dll Click Start, and where it says "Restore from" choose the location of your Win98 cd (Precopy1.cab) or cab files on your hard-drive. Where it says "Save file in" Type c:\windows\system Press Enter. Once it's done, you'll need to reboot to complete the installation. Step-by-step WSOCK32.DLL restore procedure with pictures (Win98 only!): Restoring Winsock With Win98's System File Checker Win95: Reboot into Dos (**see alternate option details below). Type extract /a win95_10.cab wsock32.dll /l c:\windows\system Note that the above may vary depending on the version of W95 you have. For example: Win95_11.cab on the Windows 95 CD-ROM Win95_18.cab on the Windows 95 OSR2 CD-ROM Win95_12.cab on the Windows 95 DMF disks Win95_19.cab on the Windows 95 non-DMF disks Helpful file restoration information (from the MS "knowledge" base): How to Extract Original Compressed Windows Files **alternate option details Click the START MENU|SHUT DOWN Select: RESTART IN MS-DOS MODE Type: EXTRACT /A C:\WINDOWS\OPTIONS\CABS\WIN95_11.CAB WSOCK32.DLL /L C:\WINDOWS\SYSTEM or... Insert your Windows95 CD-ROM and type: EXTRACT /A D:\WIN95\WIN95_11.CAB WSOCK32.DLL /L C:\WINDOWS\SYSTEM The "D:" assumes your CD-ROM drive is "D:". Reboot. Note: You may need Windows install CD or diskettes for some Windows 95 PCs. Finally, scan/clean using a updated antivirus scanner. Windows Millennium users please note: If you can't clean or delete infected files from the _Restore\Temp or _Restore\Archive folders... read this. - End Removal Instructions - Some of you may now be wondering... "How can I possibly keep my computer safe from further harm?" Answer: Click Here for Some Tips!