PLEASE! PLEASE! PLEASE!

Tell me how in the bloody “”" I can get these three files off of my bloody computer!!

C:\Documents and Settings\a\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst\Personal Folders\Top of Personal Folders\Inbox\hello\message.zip\message.bat

C:\Documents and Settings\a\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst\Personal Folders\Top of Personal Folders\Inbox\hello\message.zip

C:\Documents and Settings\a\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst\Personal Folders\Top of Personal Folders\Inbox\Status\document.pif

I cannot delete them through avast. I cannot find them through the normal XP search function. I accessed them through a series of folders and got something about something isn’t packed and this that and the other when I was running the avast scan on just the Microsoft folder. And then the folder before that, ah Local Settings or application data – I can’t remember now.

Now is this computer mine or is it Mr. Gates’!!??

I want the bloody things off my computer so this Win32:I HATE YOU worm I wrote about in another thread will get out of my life.

So short of setting this computer on file how can I get those three stubborn pieces of garbage out of my system – the OS system and my own?

Thank you.

Can you not find the files in Outlooks folders?
Personal Folders\Top of Personal Folders\Inbox\hello, etc. and then delete them manually in Outlook, then clear the delete email folders and compress folders.

Provided you don’t open any attachments listed in your post above you should be OK, not to mention avast should alarm and stop them. They all appear to be in your Inbox, so you may have to check each one slow but safe enough.

Your Inbox shouldn’t be used for general email storage, more like a pending tray until you check them and then file them in a more appropriate folder. The Inbox is the most likely to be corrupted/deleted on a crash, so should this happen you loose very little only the emails you haven’t read, actioned and moved to another folder.

There is no need to swear that won’t help to get rid of them as frustrating as it may be.

Thank you for the reponse, David. Actually this trouble first reared its ugly head about 24 hours ago and I thought it was licked. Then about 12 hours ago it seems the nasty little worm was sent again or twice or more. I emptied all email in the inbox from the last 48 hours, so that should have gone with it, but it seems it didn’t. I pull in a lot of email from DoD and got behind checking, sorting, etc. But those wromey things did not come in from a government computer. I know where they came in from and there’s hell to pay over there, but right now I just want to be rid of this problem.

My aplogies about using the “b----y”, but to a colonist 8, 9, or more times removed it no longer feels like swearing. It’s the f---- one that we think of as profanity.

Anyway, what gives with these batch files that they can hide like that and not be hunted down and tossed with yesterday’s garbage. Or that PIF file. It just irritates me to no end to think that some vermin some where was able to create this problem and ole` Mr. Gates didn’t supply an easy way out, short of my dumping the whole Outlook file.

I don’t know how they got there or how old they are. Have you confirmed that your emails are being scanned?

How did you detect them or was it suspicion with the .pif/.bat extensions in the attachments, etc?

You shouldn’t have to dump the whole .pst file if you do as I suggest, you will have to find the offending files in the inbox (guessing from the path that you showed), avast may well alarm when you either select (and check properties for any attachments) or open the email (but don’t open the attachments). Then delete the individual email in the normal way in Outlook and clear the deleted emails folder as I mentioned. That should rid you of the infected emails manually without losing the .pst file.

avast gave me alerts on two counts when this latest “happening” took place after yesterday morning’s (my time). I started a thread on that. Title is the worm’s name – Win32:Lovegate-E1-ASP[Wrm]. And I thought I had that problem licked. Maybe I did.

As I said the drama started over again about 17 or 18 hours after the first.

Now here is an interesting new development. The symantec W32.HLLW.Lovgate Removal Tool, which polonus was kind enough to provide the link for about 24 or so hours ago, indicates I ain’t got no Lovey-Dovey Worms. Sorry, no W32.Lovgate.anything worm.

avast is finding it, but symantec isn’t. Fun! Fun! Fun! Sometimes I hate this computer. Just like sometimes I hate my car. Or my baseball bat when I can’t hit a homerun.

Oh well, what next? Back to the drawing board.

hi ManyQs,

All is well that ends well. Use this trick, described here:
http://windows.about.com/od/tipsarchive/l/bltip601.htm,
and let us see if we can get a smile upon your face again,

greets,

polonus

I’ll give that a try, polonus, and I appreciate the help, but I must warn you that I have a real big smile on my face – as I plan the method of destruction of this hunk of plastic and silicon. A BIG smile!!

Okay, maybe you will save the “life” of this soon to be extinct piece of …

I’ll stop! Holiday cheers to all ya’ll!!

Okay, polonus, let me go check out your latest Xmas gift. Be back in a bit!! Thank you…

Well, polonus, I guess I’ve been carrying on so badly that you must think I can’t get this machine to work – and I ain’t really going to send this hunk of plastic and silicon to cyber heaven anytime soon. But even though I’m running reasonably well and also able to boot up with no problem it’s just that I’m nervous about that worm on those three files and especially peeved that I can’t delete, or even find those files I indicated above. I’m reasonably sure that if I just don’t use the Outlook account for now the worm will probably remain dormant, yes? But I do find it strange that symantec can’t recognize it, but avast does. I also just wish it won’t be so difficult to dump those files. I know in the end I’ll figure this all out, like when Halley’s comet comes back around, but I get irritated by my ignorance sometimes – no, many times. I’ll keep poking around and eventually figure this all out. In the meantime I should be alright if I don’t use the Outlook account yes? And do a scan every day or so to make sure that worm hasn’t crawled into another file, right. I mean, those files are .pst files, yes? That worm can’t do much from there if it don’t see no land line or optic cable in front of its wormey little eyes to scoot away, right?

Appreciate the help there, DavidR and polonus. I best get out and go for a walk and look at some real worms up on the hill on my right.

And I wasn’t jokin` before about having a safe holiday, folks! I mean it. The holidays are when people let their guard down. Be smart to be safe, okay?

Maybe yes, maybe not.
If you run avast at boot time and other good antispyware, I’ll be more confident.
I’ll be quite calm if the files are ‘dormant’ into Chest (Quarentine) and not outside 8)

Not one antivirus is perfect. I have a lot of samples that Norton does not caught and avast does :wink:
(the contrary is true too)

If you let the resident protection working you don’t have to scan on-demand every day… you’re not paranoid ;D

:slight_smile: For difficult to remove files, you may want to consider
installing “Unlocker” from :
http://ccollomb.free.fr/unlocker !?

I hope you didn’t take my follow-up post the wrong way, polonus. I misunderstood the info on the page of that link you provided. That is until I ran into something on another site which explained the procedure in a clearer way. So I tried that, but it didn’t help.

Let me get into specifics here. There are three files as you can see above that have the virus in them, according to avast. I used Microsoft Windows Malicious Software Removal Tool (KB890830), but it also indicated I had no viruses or worms, etc. But avast is alerting on those three files, so I just wish to remove them completely from my computer. There is no doubt that something is very wrong with what was sent.

The files were being imported from a SquirrelMail account and as that account is on another computer I went over and looked in there and found two that I guess were actually blocked. Either that or the same person resent them. Anyway, they are definitely weird. I copied them, to include the full headers and deleted them.

As for my own computer I tried to access the Outlook .pst folder, but when I tried to open it I got what looks like a Microsoft Word document, only flat grey. After about 30 seconds to a minute a “File Conversion-Outlook” window shows asking me to select the encoding that makes the document readable, and that’s as far as I can get. Nothing I do makes the document readable. It looks like some script from 2001-A Space Odyssey. Like something HAL wrote. If I could read that Outlook .pst file I could just delete the three suspect messages. As I indicated in a post above I thought I had deleted all messages from the suspect time period and 48 hours earlier. But somehow the virus or viruses didn’t get dumped at the same time.

I haven’t opened the Outlook mail account since then because the definitions I’m reading about this virus is it attaches itself to incoming mail. That’s why I’m trying to dump it by going through the My Computer>Local Disk(C:)>Documents and Settings>a>Local Settings>Application Data>Microsoft and then to that Outlook folder. As I wrote above, at the Outlook folder everything goes wrong.

So, does this explanation help anybody understand? In a nutshell; How do I open that Outlook folder without opening the Outlook mail program? At least I think that’s the key question.

Sure do appreciate the help so far and any more that may come this way, and I apologize for my stubbornness.

Hi ManyQs,

Lets deal with this thing in a good sequence here. You have established an informed decision about what e-mail virus caused this. Go to the net with google or in a virus encyclopedia, and look up the technical info (detailed) about this virus, what it does and how to clean it. You have to know which files to delete (and whether the system restores them immediately, because of the settings of XP, then it could be something in the registry has to be altered, because there something is bringing this crap back. All this info is given in removal instructions of this particular virus. There are a few things you can do, you can analyze with toolbarcop or you could run aimfix, and run aimfix again in safe mode or pressing the F4 intermittently.
My asserted guess is it is restored by the system or the registry, as a last resort
you could try this see here: http://forum.avast.com/index.php?topic=18078.0

greets,

polonus

I appreciate you hanging with me on this, polonus.

I’ve used avast to scan the Outlook folder itself three or four times over the past 12 hours and it’s still in those smae three files I listed above. I did a full scan of the computer about six hours ago and it was still in those three files. It’s no place else.

Also the Squirrel Mail account had a new message dated May 11, 1998 that had the same characteristics as the previous ones.

Return-Path: <brXXXvasc.com.vn>
Delivered-To: mXXXXXX.com
Received: (qmail 8203 invoked from network); 17 Dec 2005 09:02:54 -0000
Received: from unknown (HELO vasc.com.vn) (222.XXX.XX.54)
by host-XX-XXX-XXX-XX.XXXost.net with SMTP; 17 Dec 2005 09:02:54 -0000
From: brXXXvasc.com.vn
To: mXXXXXX.com
Subject: Server Report
Date: Mon, 11 May 1998 22:28:28 +0700
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary=“----=_NextPart_000_0003_B4E198A5.B6BAD3C9”
X-Priority: 3
X-MSMail-Priority: Normal

Now I’m leaving in the offender’s email address and IP address because there is absolutely no doubt of the intention here – maliciousness. I assure you that the authorities are going to be contacted about this, but that probably won’t stop this. The previous ones came from a Middle East country. edit:Okay, I took out the name and part of the IP address.

Anyway, the worm hasn’t gone anywhere else in my system. At least avast doesn’t indicate it has. That’s why I just want to delete those three files.

I’ve read a number of tech reports on this thing and I’ve used two tools to remove it, one from symantec, the other from microsoft, and they don’t even indicate it’s there. So far only avast.

I’m believing avast, so what I need to know is how to get that Outlook file in a readable form when that Word document shows and I’ll be fine. Well, I’m guessing I’ll be fine.

Are you familiar with that “File Conversion-Outlook” window, polonus?

Now I'm leaving in the offender's email address and IP address because there is absolutely no doubt of the intention here -- maliciousness. I assure you that the authorities are going to be contacted about this, but that probably won't stop this. The previous ones came from a Middle East country. edit:Okay, I took out the name and part of the IP address.
From addresses are so easilly forged as to make the assumption that this email came from this person (assuming that it is a good email address) could be mistaken, and plastering their email address on a public forum could well open them up to spamming and worse.

So unless you are 100% sure of your facts, don’t disclose email addresses.

The IP address you have in there ‘222.XXX.XX.54’ isn’t a valid IP (unless contrary to your comments you have edited it) as the second and third groups should be in the range of 0-255. So there is no way to confirm the IP even matches the .com.vn (Vietnam) email address.

I put a little edit line in there covering that, DavidR. Yes, I had second thoughts and made a few changes, but that was just before the latest one which has a completely different email address but the exact same IP. An IP, by the way, which is on a blacklist. The site associated with the email address to which these are coming is clearly under a kind of attack. That is 5 or 7 in the last 72 hours. I’m the Forum Admin on that site, hence the reason I’m the target, I suppose. It’s a very small forum, but it is U.S. veterans and these days there are some who are enraged at the U.S. powers that be and apparently think that lashing out at the U.S. veteran is somehow right, or helps matters. I don’t know. The last one contained a .zip file attachment. Same thing, May 11,1998; no subject line on the latest one. It’s pretty disgusting if you ask me. I was a Forum Admin on a site with over 35,000 members from all over the world and had to get involved in all kinds of disputes between members and never once received this kind of abuse from anyone. I guess these days tempers run high for particular reasons and vets are a scapegoat.

Anyway, enough of that. DavidR, do you have the Harry Potter magic key for my “Windows Conversion-Outlook” box? If I get that I can go in there and literally manually delete the file that the avast folks say is the root of all my troubles and then move on my merry way.

Ah ha!! Use of “merry” reminds me I haven’t repeated my greetings in a bit …HAPPY HOLIDAYS TO ALL OF YOU!! …EVEN YOU BAD GUYS

You don’t need any magic conversion tool, just use Outlook as I suggested in my first post.

Can you not find the files in Outlooks email folders, Hello and Status?
Personal Folders\Top of Personal Folders\Inbox\hello, etc. and then delete them manually in Outlook, then clear the delete email folders and compress folders. I assume you have a folder called ‘hello’ look for files with attachments with those names, using file properties.
\Personal Folders\Top of Personal Folders\Inbox\Status\ I assume you have a folder called ‘Status’ look for files with attachment with that name, using file properties.

Provided you don’t open any attachments listed in your post above you should be OK, not to mention avast should alarm and stop them. They all appear to be in your Inbox, so you may have to check each one slow but safe enough.

ManyQs,

If you just want to manually delete files you could try Eraser. This will often let you see hidden files and securely remove them from your drive. Its available for download from many freeware sites.

Just be carefull because files removed with Eraser cannot be recovered.

And I thank you for your military service. I, for one, appreciate your efforts.

mauserme