16 total posts
Re: Help with cleaning NYB virus
I use Windows XP Pro as my OS. Are the methods for the virus removal that apply to Win 98 also the same for Win XP? Thank you.
Re: Help with cleaning NYB virus
I am NOT sure of that one - I also saw Windows NT/2000 but NO XP - I'll send Grif an e-mail - he is our "McAfee Expert" - to have a look at this thread. Hang in there
Re: Help with cleaning NYB virus
Go to Control panel, click on system, then click on performance, then click on file system, then trouble shooting, when that comes up click on disable system restore,click ok and apply. System will restart.Do all again then uncheck system restore. ok, and apply.System will restart.then run virus scan should be okay. You can do this also for trojans as it removes them from disk drive.
ylselo, Try This...
There are a couple of ways to go about this and you may need to use them all. Try them in the order I give them below. Preparation for the various scans is the key.:
First, if you haven't already, you'll need to create a McAfee bootscan floppy with bootscan.exe on it. If you don't have one, you can create one on a CLEAN computer using the instructions at the link below:
How do I Use bootscan.exe?
If you don't have a Win98/ME computer around to create the Win98/ME boot floppy, you'll also need an emergency boot floppy for Windows XP. Here's how to make one on an XP machine EXCEPT that you'll need to make the floppy on a CLEAN machine. If you happen to have a Win98 boot floppy, that will work fine for these purposes.:
Simply insert a blank floppy, right-click the A(Floppy) Drive and select "Format" and check the box: "Create an MS-DOS startup disk". AFter the floppy is created, be sure to "write protect" it by moving the little slider at the bottom of the disk so both holes are open and can be looked through.
This allows you to boot into a DOS prompt.
Next....Shut down the computer. Place the boot floppy into the floppy drive, then start the computer. It should load to the "A:\>" prompt. Remove the boot floppy, then place the McAfee bootscan floppy in the floppy drive. Now....still at the "A:\>" prompt..Type
BOOTSCAN C: /boot /clean
at the flashing cursor, then press the "Enter" key. (When typing the comman, make sure to leave a single space between The scan should occur and clean the boot sector of the virus.
This procedure will clean an NTFS Master Boot Record and allow Windows XP to successfully reboot from the hard disk drive. After running the procedure above, reboot the computer into "Safe Mode", then run a full system scan to remove any infected files on the hard drive that remain.
The procedures immediately above follow the instructions in the McAfee article below:
Next, If the above procedure didn't scan the boot sector and files correctly and fix the problem, then follow the procedures below:(These are McAfee's instructions for a DOS scan):
1. You can get to a command prompt in Windows XP by going into Safe Mode with Command Prompt.
2. If the computer is on: select Start | Shutdown | Restart.
3. If the computer is off, turn it on.
4. When you see the opening splash screen, hold down F8 on the top row of the keyboard or hold down the CTRL key. NOTE: On some computers if you press F8 too soon you'll get a keyboard error if this happens hit the F1 key to continue.
5. The Windows 2000 (or XP) Advanced Options Menu will come up. Choose Safe Mode with Command Prompt.
1. Type CD\
2. Press the Enter key
3. At the C:\ prompt, type CD SCAN
4. Press the Enter key.
5. At the C:\SCAN prompt, type SCAN /ADL /CLEAN /ALL /REPORT REPORT.TXT
6. Press the Enter key.
Note: The scanner will look at all files on all local drives and attempt to clean the files. An activity report called REPORT.TXT will also be created in the C:\SCAN directory. To view the report in DOS, type REPORT.TXT and press Enter.
7. Once the scan finishes, exit DOS and restart the computer.
Hope this helps.
Re: ylselo, Try This...
Thanks. I am going to try that tomorrow when I have access to a clean pc. Thank you
(NT) Good Luck and Let Us Know How It Goes
Re: (NT) Good Luck and Let Us Know How It Goes
2 bad news. First, I created the dos boot disk. But, when I tried to boot, I got the message: 'wrong disk'. So I rebooted in safe mode with command prompt; and I typed at the A prompt bootscan c:\boot /clean. And I got 'an application has attempted to directly access the hard disk, which cannot be supported; two options:close and ignore'. I opted for ignore. And it found no infection. There was also something about cmd.exe 16 bit.
Ylselo, Try This Next...
Instead of dealing with the McAfee bootscan disk, try using the F-Prot for DOS antivirus scanner. You'll still need to have a Windows XP boot floppy as described earlier, but after putting the Windows XP (or 98) boot floppy in the floppy drive, restart the computer to the A:\> prompt, then place the F-Prot floppy disk in the drive per the instructions below. (Once again, you'll need to create the F-Prot floppies while on a clean computer.)
Here is a link to F-Prot for DOS, which can be downloaded and then placed on three floppies, (while on a "clean" computer) from which you can scan and clean out the infected computer while in DOS. You'll want to boot up to DOS using a standard boot floppy, but then place the F-Prot program floppies in the drive. Here is the link and instructions on how to use the program:
F-Prot For DOS Main Page
F-Prot Download Site Click on the link, then scroll to the middle section of the page and download the "F-Prot Antivirus for DOS" file to your desktop. (You'll need an UNzipper program, like WinZip, etc. to open the file.) Then go back to the link above and download the newest virus signatures that are lower down on the page (both files) and replace the older ones that are currently in the download.
Instructions on how to create the floppy disks and run the program from DOS:
How can I run F-Prot? for Dos from floppy disks?
As before, this DOS program won't be able to access the entire NTFS file system, but it should be able to access the boot sector and clean it correctly. In addition to performing the above steps, and when there is a stubborn "memory resident" virus, I occasionally will unplug the computer tower and remove the CMOS battery for about 30 minutes. Replace the CMOS battery and the BIOS settings will be placed to their default. If it comes to this, you may prefer to have a qualified technician reformat and reinstall everything.
Hope this helps.
Re: Ylselo, Try This Next...
I tried everything that you advised but to no avail. I was trying to avoid having to reformat my hard drive. I guess now that I have very few options left. I want to thank you, guys, for the support that you've provided me.
Ylselo, What Happens When You Run F-Prot?
Although reformatting may be required, let's get some more information here....Are you able to boot using the Windows bootfloppy, then, at the A:\> prompt, can you start F-Prot? Does it indicated that the bootsector has been scanned and cleaned?
I'm just trying to find specific information....Where EXACTLY is McAfee detecting the virus? Is it finding the infection in the bootsector, or somewhere else? A particular file maybe and if so, where is the file located?
Apparently you're still up and running, so maybe you have more time to give removal a chance. It's your choice.
Hope this helps and let us know.
Re: Ylselo, What Happens When You Run F-Prot?
Sorry Guys, I was away for three weeks. Yes the virus is in the boot sector. Now, I am in the process of reformatting my hd. So far, it's been two hours and counting. For the life of me, I cannot seem to find the proper way of reformatting the hd. By the way, my pc is running XP Pro.
Fprot DOS Instructions
I am stuck with the NYB virus on a WIN XP pro/DOS dual boot machine. I have tried a dozen anti-virus programs to no avail.
I am looking at your thread and the link to creating the F-Prot diskette is no longer active. Do you recall how to create the F-Prot DOS diskette?
Suggest You Start a New Thread
of your own for this problem. Not surprised that link dead after 5 years. Starting your own will catch those eyes who'd otherwise by-pass such an old post.
In new thread, include link to your post here and please tells exactly WHICH A/Vs & versions you've already tried (& IF regular mode or in Safe Mode) to avoid repeats in advice. Thanks!