:'(My zonealarm suit has found a virus named win95.sk and there is no treatment for this.
I have read everything I could on this virus, but still have no clue as how I would clean the computer of it.
I have run other virus scans and this does not even show up on them.
Reading about this win95.sk, it makes me wonder if there is hope or should I just reformat, and if I reformat will the virus still be in my machine?
My computer is acting fine right now but I know it is there.
Any help you could give me would be greatly appreciated!
I’m bitting my fingernails…waiting for a reply.
Christi Hoehn
Their support team could not help you? As you have bought their product… :
The only way I can see avast helping you is avast Cleaner (if it works with this virus specifically, I’m not sure).
http://files.avast.com/files/eng/aswclnr.exe
Thanks for the reply… ;D
No, this new virus is very hard to detect and clean, I downloaded the avast virus cleaner, if it works I will buy stock in the company!
avast report:
avast! Virus Cleaner Tool - version 1.0.208 Unicode
Creating log file: C:\Documents and Settings\Owner\My Documents\actions\aswclnr.log
11/8/2005, 11:57:44 AM
Memory scanning started…
No virus body found in memory.
Memory scanning finished (48.6s).
Files scanning started…
C:\WINDOWS\Temp\Perflib_Perfdata_79c.dat… file could not be scanned!
C:\WINDOWS\Temp\ZLT03266.TMP… file could not be scanned!
No virus body found.
Files scanning finished (73773 files, 0 infected, 1786.3s).
Drives scanned: C:
now what do I do? ;D
christi
Which is the path and the name of the infected file?
Which is your operational system?
Hello,
And thanks for the help…grinning…
The infected file is C:/DOCUME~1/owner/LOCALS~1/temp/V…
I have two virus here: win95.sk and java.shinwow.AB, now I am not as worried about the java as I am the win95.sk. I have looked for hours for this file, done searches in my computer and came up with nothing. And both virus have failed to be deleted.
I am running windows xp.
out of all the research I have done I can not find a cure, or a way to clean this machine. I have thought about reformatting but I am worried this virus will still be on the machine if not cleaned first.
I have contacted Zone Alarms…with little to no help. Now I wish I would have saved my money…grinning…
The only programs that I have noticed this virus affecting is my other antivirus’s, but who knows when I go to reboot again that all will not be lost… :-
Thank you so much again.
Christi
The path is obviously truncated - can you find the real (whole) path? (resizing the dialog, checking a log file, or something like that)
I’d suggest not to panic… it actually may be a false alarm.
It’s a pity as we, users, pay for support after all. If they include antivirus in their program, why don’t they give you support with virus infection?
Which other antivirus? ZA antivirus?
Hello again…Thank you.
After going into the log this is the only path it gives for this file.
C:/DOCUME~1/owner/LOCALS~1/temp/V1HKFHa02672.
After doing another search I still can not find it.
I have downloaded ewido and I am running it now, It already has found 745 infected objects! WOW! I run a antitivirus everyday why does these not show up in Zonealarm or Nortons Or even Trend? And will this CLEAN win95.sk?
Thanks again for your quick responce, I will not panic untill my screen goes black…GRINNING…
Christi
Again, where?
The file in TEMP folder seems “strange” (meaning that it really doesn’t sound like anything important for the system - you could simply delete it). Are the other infected objects in Windows or System folder, for example? Is it the same virus?
Can’t you boot in SafeMode and delete that file?
SafeMode (repeatedly press F8 while booting): http://support.microsoft.com/default.aspx?scid=kb;en-us;315222
After all, why are you running Norton and avast?
You’ll crash your system for sure. Uninstall Norton quickly.
- Remove NAV through Add/Remove programs from Control Panel. Boot.
- Use Symantec removal tool (browse their site to get it, there are one for each antivirus series). Boot.
- Install avast! Boot.
- See what you get.
Not all files detected by ewido are really infected, please send the files to Quarentine and do not delete them all.
I never run any antivirus at the same time…
I have Nortons proffesional edition 2003 …Antivirus xp…and Zone alarm security suites. I run each at different times, I will find that one has picked up something another did not. And sometimes I go to trend and run that one. I only have one firewall enabled. I guess you could say I have a thing for viruses…Can’t stand them! So better to be safe than sorry…and with the people who are coming up with these viruses getting smarter and more loopholes in place with certain operating systems… A girl has to protect herself with whatever measures seem possible…running 3 antiviruses at different times…GRINNING… Ok call me a fanatic…LOL
But getting back to win95.sk. The last one did not pick it up either, found 751 but not that one so does this mean it could have been a false reading? And why is it that ONLY zone alarm picks it up? Could my zonealarm be corrupted?
I have tried starting in safe mode and I searched for two hours trying to find this file and found nothing…If I could just find it I WOULD delete it…
Thank you to all who have tried to help today…I really appriciate it.
Christi
Again, where? The file in TEMP folder seems "strange" (meaning that it really doesn't sound like anything important for the system - you could simply delete it). Are the other infected objects in Windows or System folder, for example? Is it the same virus?
Most was spyware in my registry, a couple dialers…Backdoor lixy… a few in my system 32 files (YIKES!..where is my Calgon!)…but no win95.sk, can this virus change its name or hide deep in the system?
Norton doesn’t co-exist well especially with other AVs and it doesn’t matter if it isn’t running, simply being installed is often enough to cause a conflict as it embeds itself deeply into the registry Legacy Keys which even when uninstalled often cause problems.
avast when it finds evidence of NAV it won’t fully install to avoid conflict.
So the advice by Tech is very valid.
Whilst browsing or collecting email, etc. if you get infected then the malware by default inherits the same permissions that you have for your user account. So if the user account has administrator rights, the malware has administrator rights and can reap havoc. With limited rights the malware can’t put files in the system folders, create registry entries, etc. This greatly reduces the potential harm that can be done by an undetected or first day virus, etc.
Check out the link to DropMyRights (in my signature below) - Browsing the Web and Reading E-mail Safely as an Administrator.
your solution could be as simple as running this utility
Start/all programs/ Accessories/system tools/disk cleanup
Thanks everyone ;D
I have learned allot today as far as having too many antiviruses on the computer at once. I did unistall Nortons and Antivirus xp…Goodbye old friends… :
Tech, I have already been to that site and no win95.sk, but thanks for the link and all the help. I am still baffled as to how to clean this win95.sk…but will not panic until my putter dies…than I will be cussing ya ll Out! JK…
Can you explain to me what running the disk cleanup does for win95.sk? I’m a bit slow today because all these new terms clogging my brain, But what does disk space have to do with a virus?
And I ask this question again…(Go ahead and smack me) But If I have to reformat will this virus still be in the machine and cause problems at a different time since it was not removed? Or does reformatting remove everything including nasty hidden viruses?
Christi
all disk cleanup does is clean out your temp files, if you look at where the problem file is you will notice thats where its sitting.
the longer they sit on your system ,the more likely they have migrated onto the system files as well.
If you havent noticed any strange behaviour (popups,redirections) then a cleanup should rid you of it.
if thats the case then a format shouldnt be nessesary.
Thank You…Thank You…You are the man. ;D or woman…GRINNING…politically correct…PERSON… :-\
http://www.inportant.info/FunnyPart-com-too_much_caffeine.jpg
So glad that’s over…sheeeew.
Has this virus win95.sk hit a lot of people?
No iv`e never seen it before . I guess if you were to google search for it you might find out more but if it aint broke etc
good luck and hope to see you back
Why Thank you…she curtsy’s… ::)… just for the record Here is some stuff I found on this virus, it originated in Russia. My question being that if its for 95/98 operating systems how could it affect my xp?
Just for future people looking about this virus:
This is a parasitic Windows virus. It spreads under Windows95/98, installs its copy into Windows memory, hooks file access functions and infects PE (Windows Portable Executable) files. The virus also affects Windows help files (.HLP) - it modifies them so that when they are activated, the virus code is dropped on disk and executed. The virus also adds its droppers to four types of archives: RAR, ZIP, ARJ and HA. The virus droppers in HLP files and archives have DOS COM file format and are executed in DOS box, but they are able to install virus code into Windows memory as well as infected Windows executables (see below).
The virus code is encrypted with polymorphic routines in both DOS droppers and Windows PE files. In case of Windows files the virus also uses “Entry Point Obscuring” (EPO) technology: the virus code does not get control immediately when an infected file is executed. The JMP_Virus instruction in most of cases is places somewhere in infected file body, not in file header and not at file startup address, and is executed only when corresponding program’s branch takes control.
The virus is a “slow infector”: before infecting it checks many conditions and as a result affects very few files on the computer - only just about ten EXE files in standard Windows95/98 installation. The same for HLP files and archives - very few of them may be infected. The virus also delays its infection routine for one minute before first infection, and infects HLP files and archives only in case there was no access to these files during two minutes.
The virus is very dangerous. When disk files are accessed, it checks their names and in case of several anti-virus program (ADINF, AVPI, AVP, VBA, DRWEB) the virus deletes all files in all directories on all disks from C: till Z: that the virus is able to delete, and then halts the system by the Fatal_Error_Handler VMM call.
http://www.avp.ch/avpve/newexe/win95/sk.stm
christi ???
Hello sillydogs. Just read some of the replys and I have to tell you this. What you have is a very nasty and dangerous virus. Win95.sk is also polymophic in that it changes it’s structure in memory so the AV programs have a hard time finding it. Also it hooks various files and deletes some AV program files so they cannot detect it. To remove it try this. Write or copy the directory where it is located. Boot in safe mode with the command prompt. Then using Dos commands such as cd documents and keep going till you get to the last directory. Dos has an eight charcter limit. If in doubt do a scroll and check the lengths of the file names. If they are long then type them as you see them. When you find win95.sk delete it. It should be no problem but it might give you a problem as it also runs in dos. Try running ONE AV program. Do not run or have installed on your system more then one as that can lead to various problems. Myself I have used AVast for awhile and have had no problems with viruses. The Zonealarm you are using does not do a very good job of removing viruses. Use Zonealarm pro and get a better antivirus program like Avast. I have tried about thirty (30) different programs and the best ones I will not list here but Avast is in the top five. If you have any questons just post on the forum.
I hope I was not to TECHY. Just trying to help. Been in computers for 25 years. Was around when McAfee started in the mid 1980’s