i try use norton anti virus to remove it,but it fails. i say access to the file is denied, fail to repair, delete or quarantine the file. pls help!!
2006-11-11 16:26:45 · 9 answers · asked by Lee C 1 in Computers & Internet ➔ Security
Try to delete the file manually and also install a good antivirus program (Norton is a piece of crap). Here you have some good and free antivirus programs:
http://askcomputerexpert.ws43.com/download/
2006-11-13 03:24:53 · answer #1 · answered by Anonymous · 0⤊ 0⤋
do yourself a favour. get rid of norton, goto www.download.com, search AVG antivirus, download the full program for free, do another virus scan with that program, then your sorted. BTW, you might as well delete that file anyway coz its not needed by windows. SORTED!!!
2006-11-11 16:42:14 · answer #2 · answered by djmonsta200883 2 · 0⤊ 1⤋
Something has the file open. Boot into safe mode and delete it.
2006-11-11 16:38:58 · answer #3 · answered by Computer Guy 7 · 1⤊ 0⤋
In my opinion Ccleaner is the number one tool for cleaning your pc. I've been using it for more then a year now and it works very well. You can grab your free copy here http://bit.ly/UrAy7M
2014-08-31 04:35:08 · answer #4 · answered by Anonymous · 0⤊ 0⤋
The following instructions pertain to all current and recent Symantec antivirus products, including the Symantec AntiVirus and Norton AntiVirus product lines.
Disable System Restore (Windows Me/XP).
Update the virus definitions.
Restart the computer in Safe mode.
Run a full system scan and delete all the files detected as Infostealer.Lineage.
Reverse the changes made to the registry.
For specific details on each of these steps, read the following instructions.
1. To disable System Restore (Windows Me/XP)
If you are running Windows Me or Windows XP, we recommend that you temporarily turn off System Restore. Windows Me/XP uses this feature, which is enabled by default, to restore the files on your computer in case they become damaged. If a virus, worm, or Trojan infects a computer, System Restore may back up the virus, worm, or Trojan on the computer.
Windows prevents outside programs, including antivirus programs, from modifying System Restore. Therefore, antivirus programs or tools cannot remove threats in the System Restore folder. As a result, System Restore has the potential of restoring an infected file on your computer, even after you have cleaned the infected files from all the other locations.
Also, a virus scan may detect a threat in the System Restore folder even though you have removed the threat.
For instructions on how to turn off System Restore, read your Windows documentation, or one of the following articles:
"How to disable or enable Windows Me System Restore"
"How to turn off or turn on Windows XP System Restore"
Note: When you are completely finished with the removal procedure and are satisfied that the threat has been removed, re-enable System Restore by following the instructions in the aforementioned documents.
For additional information, and an alternative to disabling Windows Me System Restore, see the Microsoft Knowledge Base article, "Antivirus Tools Cannot Clean Infected Files in the _Restore Folder," Article ID: Q263455.
2. To update the virus definitions
Symantec Security Response fully tests all the virus definitions for quality assurance before they are posted to our servers. There are two ways to obtain the most recent virus definitions:
Running LiveUpdate, which is the easiest way to obtain virus definitions: These virus definitions are posted to the LiveUpdate servers once each week (usually on Wednesdays), unless there is a major virus outbreak. To determine whether definitions for this threat are available by LiveUpdate, refer to the Virus Definitions (LiveUpdate).
Downloading the definitions using the Intelligent Updater: The Intelligent Updater virus definitions are posted daily. You should download the definitions from the Symantec Security Response Web site and manually install them. To determine whether definitions for this threat are available by the Intelligent Updater, refer to the Virus Definitions (Intelligent Updater).
The Intelligent Updater virus definitions are available: Read "How to update virus definition files using the Intelligent Updater" for detailed instructions.
3. To restart the computer in Safe mode
Windows 95/98/Me/NT/2000/XP
Shut down the computer and turn off the power. Wait for at least 30 seconds, and then restart the computer in Safe mode. For instructions, read the document, "How to start the computer in Safe Mode."
4. To scan for and delete the infected files
Start your Symantec antivirus program and make sure that it is configured to scan all the files.
For Norton AntiVirus consumer products: Read the document, "How to configure Norton AntiVirus to scan all files."
For Symantec AntiVirus Enterprise products: Read the document, "How to verify that a Symantec Corporate antivirus product is set to scan all files."
Run a full system scan.
If any files are detected as infected with Infostealer.Lineage, click Delete.
If you are still in Safe mode, restart the computer in Normal mode before proceeding to the next section.
5. To reverse the changes made to the registry
Important: Symantec strongly recommends that you back up the registry before making any changes to it. Incorrect changes to the registry can result in permanent data loss or corrupted files. Modify the specified subkeys only. Read the document, "How to make a backup of the Windows registry," for instructions.
Click Start > Run.
Type regedit
Then click OK.
Navigate to the key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
In the right pane, delete the value:
"[Random Name]" = "%ProgramFiles%\rundll32.exe"
"[Random Name]" = "%ProgramFiles%\explorer.exe"
"[Random Name]" = "%ProgramFiles%\Internat.exe"
"[Random Name]" = "%windir%\rundll32.exe"
"[Random Name]" = "%windir%\Internat.exe"
Exit the Registry Editor.
2006-11-11 16:40:52 · answer #5 · answered by Jack1234 2 · 0⤊ 0⤋
Delete the file. You can't use it anyway.
2006-11-11 16:36:39 · answer #6 · answered by Beatmaster 4 · 0⤊ 0⤋
"Computer Help"
For your questions about hardware, software, internet, general or for downloads
http://computerhelp-downloads.blogspot.com
You can get AVG, ZoneAlarm and many reputed antivirus and antiSpyware
firewall software....can purchase or for free... visit.....
http://computerhelp-downloads.blogspot.com
2006-11-11 18:26:08 · answer #7 · answered by Anonymous · 0⤊ 0⤋
free removal and scan from Microsoft
http://safety.live.com/site/en-us/default.htm?s_cid=sah
2006-11-11 16:52:15 · answer #8 · answered by RDRAM 3 · 0⤊ 0⤋
Here is the removal method.
Home & Home Office
Small & Mid-Sized Business
Enterprise
Locate A Partnerpopup
Become A Partner
Log In To PartnerNet
Corporate Profile
Management Team
Investor Relations
News & Media
Careers
* Andean Region - Spanish
* Asia Pacific - English
* Australia & New Zealand
* Austria
* Belgium - Dutch
* Brazil
* Canada - English
* Canada - French
* Central America & Caribbean - Spanish
* China - Simplified Chinese
* Czech Republic
* Denmark
* Finland
* France
* Germany
* Greece
* Hong Kong - English
* Hungary
* India - English
* Indonesia - English
* Israel
* Italy
* Japan
* Korea
* Luxembourg - French
* Malaysia - English
* Mexico
* Middle East - English
* The Netherlands
* Norway
* Philippines - English
* Poland
* Russia
* Singapore - English
* South Africa - English
* Southern Latin America - Spanish
* Spain
* Sri Lanka - English
* Sweden
* Switzerland - German
* Taiwan - Traditional Chinese
* Thailand - English
* Turkey
* United Kingdom & Ireland
* United States
* Vietnam - English
WelcomeEnterpriseSmall BusinessHome & Home OfficePartnersAbout Symantec
Infostealer.Lineage
Category 1
Discovered on: January 11, 2005
Last Updated on: March 21, 2005 11:10:55 AM
Infostealer.Lineage is a Trojan horse that attempts to steal the password to the "Lineage" online game and send it to the creator of the Trojan.
Type: Trojan Horse
Infection Length: 230,400 bytes
Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP
protection
# Virus Definitions (LiveUpdate™ Weekly)
January 12, 2005
# Virus Definitions (Intelligent Updater)
January 12, 2005
threat assessment
Wild
* Number of infections: 0 - 49
* Number of sites: 0 - 2
* Geographical distribution: Low
* Threat containment: Easy
* Removal: Moderate
Threat Metrics
Low Low Low
Wild:
Low
Damage:
Low
Distribution:
Low
Damage
* Payload Trigger: n/a
* Payload: n/a
o Large scale e-mailing: n/a
o Deletes files: n/a
o Modifies files: n/a
o Degrades performance: n/a
o Causes system instability: n/a
o Releases confidential info: Steals passwords to the "Lineage" online game.
o Compromises security settings: n/a
Distribution
* Subject of email: n/a
* Name of attachment: n/a
* Size of attachment: n/a
* Time stamp of attachment: n/a
* Ports: n/a
* Shared drives: n/a
* Target of infection: n/a
technical details
When Infostealer.Lineage is executed, it performs the following actions:
1. Copies itself as one of the following:
* %ProgramFiles%\rundll32.exe
* %ProgramFiles%\explorer.exe
* %ProgramFiles%\Internat.exe
* %Windir%\rundll32.exe
* %Windir%\Internat.exe
Notes:
* %Windir% is a variable that refers to the Windows installation folder. By default, this is C:\Windows (Windows 95/98/Me/XP)or
C:\Winnt (Windows NT/2000).
* %System% is a variable that refers to the System folder. By default this is C:\Windows\System (Windows 95/98/Me), C:\Winnt\System32 (Windows NT/2000), or C:\Windows\System32 (Windows XP)
* %ProgramFiles% is a variable that refers to the program files folder. By default, this is C:\Program Files.
* The genuine Microsoft "rundll32.exe" exists in %system%.
* The genuine Microsoft "Internat.exe" exists in %system%.
* The genuine Microsoft "explorer.exe" exists in %windir%.
2. Adds one of the following values:
"[Random Name]" = "%ProgramFiles%\rundll32.exe"
"[Random Name]" = "%ProgramFiles%\explorer.exe"
"[Random Name]" = "%ProgramFiles%\Internat.exe"
"[Random Name]" = "%windir%\rundll32.exe"
"[Random Name]" = "%windir%\Internat.exe"
to the registry key:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
so that the Trojan runs every time Windows starts.
3. Creates the following file:
* %system%\htdll.dll
4. Emails the gathered Lineage passwords to addresses at the following domains:
* pchome.com.tw
* tom.com
* 163.com
recommendations
Symantec Security Response encourages all users and administrators to adhere to the following basic security "best practices":
* Turn off and remove unneeded services. By default, many operating systems install auxiliary services that are not critical, such as an FTP server, telnet, and a Web server. These services are avenues of attack. If they are removed, blended threats have less avenues of attack and you have fewer services to maintain through patch updates.
* If a blended threat exploits one or more network services, disable, or block access to, those services until a patch is applied.
* Always keep your patch levels up-to-date, especially on computers that host public services and are accessible through the firewall, such as HTTP, FTP, mail, and DNS services (for example, all Windows-based computers should have the current Service Pack installed.). Additionally, please apply any security updates that are mentioned in this writeup, in trusted Security Bulletins, or on vendor Web sites.
* Enforce a password policy. Complex passwords make it difficult to crack password files on compromised computers. This helps to prevent or limit damage when a computer is compromised.
* Configure your email server to block or remove email that contains file attachments that are commonly used to spread viruses, such as .vbs, .bat, .exe, .pif and .scr files.
* Isolate infected computers quickly to prevent further compromising your organization. Perform a forensic analysis and restore the computers using trusted media.
* Train employees not to open attachments unless they are expecting them. Also, do not execute software that is downloaded from the Internet unless it has been scanned for viruses. Simply visiting a compromised Web site can cause infection if certain browser vulnerabilities are not patched.
removal instructions
The following instructions pertain to all current and recent Symantec antivirus products, including the Symantec AntiVirus and Norton AntiVirus product lines.
1. Disable System Restore (Windows Me/XP).
2. Update the virus definitions.
3. Restart the computer in Safe mode.
4. Run a full system scan and delete all the files detected as Infostealer.Lineage.
5. Reverse the changes made to the registry.
For specific details on each of these steps, read the following instructions.
1. To disable System Restore (Windows Me/XP)
If you are running Windows Me or Windows XP, we recommend that you temporarily turn off System Restore. Windows Me/XP uses this feature, which is enabled by default, to restore the files on your computer in case they become damaged. If a virus, worm, or Trojan infects a computer, System Restore may back up the virus, worm, or Trojan on the computer.
Windows prevents outside programs, including antivirus programs, from modifying System Restore. Therefore, antivirus programs or tools cannot remove threats in the System Restore folder. As a result, System Restore has the potential of restoring an infected file on your computer, even after you have cleaned the infected files from all the other locations.
Also, a virus scan may detect a threat in the System Restore folder even though you have removed the threat.
For instructions on how to turn off System Restore, read your Windows documentation, or one of the following articles:
* "How to disable or enable Windows Me System Restore"
* "How to turn off or turn on Windows XP System Restore"
Note: When you are completely finished with the removal procedure and are satisfied that the threat has been removed, re-enable System Restore by following the instructions in the aforementioned documents.
For additional information, and an alternative to disabling Windows Me System Restore, see the Microsoft Knowledge Base article, "Antivirus Tools Cannot Clean Infected Files in the _Restore Folder," Article ID: Q263455.
2. To update the virus definitions
Symantec Security Response fully tests all the virus definitions for quality assurance before they are posted to our servers. There are two ways to obtain the most recent virus definitions:
* Running LiveUpdate, which is the easiest way to obtain virus definitions: These virus definitions are posted to the LiveUpdate servers once each week (usually on Wednesdays), unless there is a major virus outbreak. To determine whether definitions for this threat are available by LiveUpdate, refer to the Virus Definitions (LiveUpdate).
* Downloading the definitions using the Intelligent Updater: The Intelligent Updater virus definitions are posted daily. You should download the definitions from the Symantec Security Response Web site and manually install them. To determine whether definitions for this threat are available by the Intelligent Updater, refer to the Virus Definitions (Intelligent Updater).
The Intelligent Updater virus definitions are available: Read "How to update virus definition files using the Intelligent Updater" for detailed instructions.
3. To restart the computer in Safe mode
Windows 95/98/Me/NT/2000/XP
Shut down the computer and turn off the power. Wait for at least 30 seconds, and then restart the computer in Safe mode. For instructions, read the document, "How to start the computer in Safe Mode."
4. To scan for and delete the infected files
1. Start your Symantec antivirus program and make sure that it is configured to scan all the files.
* For Norton AntiVirus consumer products: Read the document, "How to configure Norton AntiVirus to scan all files."
* For Symantec AntiVirus Enterprise products: Read the document, "How to verify that a Symantec Corporate antivirus product is set to scan all files."
2. Run a full system scan.
3. If any files are detected as infected with Infostealer.Lineage, click Delete.
4. If you are still in Safe mode, restart the computer in Normal mode before proceeding to the next section.
5. To reverse the changes made to the registry
Important: Symantec strongly recommends that you back up the registry before making any changes to it. Incorrect changes to the registry can result in permanent data loss or corrupted files. Modify the specified subkeys only. Read the document, "How to make a backup of the Windows registry," for instructions.
1. Click Start > Run.
2. Type regedit
Then click OK.
3. Navigate to the key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
4. In the right pane, delete the value:
"[Random Name]" = "%ProgramFiles%\rundll32.exe"
"[Random Name]" = "%ProgramFiles%\explorer.exe"
"[Random Name]" = "%ProgramFiles%\Internat.exe"
"[Random Name]" = "%windir%\rundll32.exe"
"[Random Name]" = "%windir%\Internat.exe"
5. Exit the Registry Editor.
Write-up by: John Park
Site Index · Legal Notices · Privacy Policy · Site Feedback · Contact Us · Global Sites · License Agreements
©1995 - 2006 Symantec Corporation
2006-11-11 17:27:08 · answer #9 · answered by doc 3 · 0⤊ 0⤋