w32.klez.h@mm 
Author Message
 w32.klez.h@mm


having problems installing norton 2002 after removed the
virus
it gives an error
setup.exe is not a valid win32 application
thanks


Wed, 06 Oct 2004 05:12:46 GMT  
 w32.klez.h@mm

Hi,

NAV has important issues such as they have faced with Klez.E; this virus
stops NAV's functions and installations.

Symantec advices:


Norton AntiVirus. Once this worm has executed, it can be difficult and time
consuming to remove. The procedure that you must use to do this varies with
the operating system. Please read and follow all instructions for your
operating system.

Manual removal procedure for Windows 95/98/Me

Follow the instructions in the order shown. Do not skip any steps. This
procedure has been tested and will work in most cases.

NOTE: Due to the damage that can be done by this worm, and depending on how
many times the worm has executed, the process may not work in all cases. If
it does not, you may need to obtain the services of a computer consultant.

1. Download virus definitions
Download the definitions using the Intelligent Updater. Save the file to the
Windows desktop. This is a necessary first step to make sure that you have
current definitions available later in the removal process. Intelligent
Updater virus definitions are available at

http://securityresponse.symantec.com/avcenter/defs.download.html

For detailed instructions on how to download and install the Intelligent
Updater virus definitions from the Symantec Security Response Web site, read
the document How to update virus definition files using the Intelligent
Updater.

2. Restart the computer in Safe mode
    1. Shut down the computer and turn off the power. Wait thirty seconds.
Do not skip this step.
    2. Restart the computer in Safe mode. For instructions, read the
document How to restart Windows 9x or Windows Me in Safe mode.

3. Edit the registry
You must edit the key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Current
Version\Run and remove the wink???.exe value after you write down the exact
name of the wink file.

CAUTION: We strongly recommend that you back up the system registry before
you make any changes. Incorrect changes to the registry could result in
permanent data loss or corrupted files. Please make sure that you modify
only the keys that are specified. Please see the document How to back up the
Windows registry before you proceed.

  1. Click Start, and click Run. The Run dialog box appears.
  2. Type regedit and then click OK. The Registry Editor opens.
  3. Navigate to the following key:

  HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run

  4. In the right pane, look for the following values:

  Wink[random characters] %System%\Wink[random characters].exe
  WQK %System%\Wqk.exe

  5. Write down the exact file name of the Wink[random characters].exe file
  6. Delete the Wink[random characters] value and the WQK value (if it
exists).
  7. Navigate to and expand the following key:

  HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services

  8. In the left pane, under the \Services key, look for the following
subkey, and delete it, if it exists:

  \Wink[random characters]

  NOTE: This probably will not exist on Windows 95/98/Me-based computers,
but you should check for it anyway.

  9. Click Registry, and click Exit.

4. Delete the actual Wink[random characters] file
Using Windows Explorer, open the C:\Windows\System folder and locate the
Wink[random characters].exe file. (Depending on your system settings, the
.exe extension may not be displayed.)

NOTE: If you have Windows installed to a location other than C:\Windows,
make the appropriate substitution.

5. Empty the recycle bin
Right-click the Recycle bin on the Windows desktop, and click Empty Recycle
Bin.

6. Run the Intelligent Updater
Double-click the file that you downloaded in Step 1. Click Yes or OK if
prompted.

7. Restart the computer
Shut down the computer, and turn off the power. Wait 30 seconds, and then
restart it. Allow it to start normally. If any files are detected as
infected, Quarantine them. Some of the files that you may find are
Luall.exe, Rescue32.exe, and Nmain.exe.

8. Scan with Norton AntiVirus (NAV) from a command line
Because some NAV files were damaged by the worm, you must scan from a
command line.

NOTE: These instructions are only for consumer versions of NAV. The file
Navw32.exe is not part of Enterprise versions of NAV such as NAVCE

  1. Click Start, and click Run.
  2. Type--or copy and paste--the following, and then click OK:

  NAVW32.EXE /L /VISIBLE

  3. Allow the scan to run. Quarantine any additional files that are
detected.

9. Restart the computer
Allow it to start normally.

10. Reinstall NAV
  1. Reinstall NAV from the installation CD.
  2. Start NAV, and make sure that it is configured to scan all files. For
instructions on how to do this, read the document How to configure Norton
AntiVirus to scan all files.
  3. Run a full system scan. Quarantine any files that are detected as
infected.

Manual removal procedure for Windows 2000/XP

1. Download virus definitions
Download the definitions using the Intelligent Updater. Save the file to the
Windows desktop. This is a necessary first step to make sure that you have
current definitions available later in the removal process. Intelligent
Updater virus definitions are available at

http://securityresponse.symantec.com/avcenter/defs.download.html

For detailed instructions on how to download and install the Intelligent
Updater virus definitions from the Symantec Security Response Web site, read
the document How to update virus definition files using the Intelligent
Updater.

2. Restart the computer in Safe mode
    1. Shut down the computer and turn off the power. Wait thirty seconds.
Do not skip this step.
    2. You must do this as the first step. All Windows 32-bit operating
systems except Windows NT can be restarted in Safe mode. Read the document
for your operating system.
      a.. How to start Windows XP in Safe mode
      b.. How to start Windows 2000 in Safe mode
3. Edit the registry
You must edit the key HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services
and remove the wink[random characters].exe subkey after you write down the
exact name of the wink file.

CAUTION: We strongly recommend that you back up the system registry before
you make any changes. Incorrect changes to the registry could result in
permanent data loss or corrupted files. Please make sure that you modify
only the keys that are specified. Please see the document How to back up the
Windows registry before you proceed.

  1. Click Start, and click Run. The Run dialog box appears.
  2. Type regedit and then click OK. The Registry Editor opens.
  3. Navigate to the following key:

  HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services

  4. In the left pane, under the \Services key, look for the following
subkey:

  \Wink[random characters]

  5. Write down the exact file name of the Wink[random characters].exe file
  6. Delete the Wink[random characters] subkey.
  7. Navigate to the following key:

  HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run

  8. In the right pane, look for the following values, and delete them if
they exist:

  Wink[random characters] %System%\Wink[random characters].exe
  WQK %System%\Wqk.exe

  NOTE: They probably will not exist on Windows 2000/XP-based computers, but
you should check for them anyway.

  9. Click Registry, and click Exit.

4. Configure Windows to show all files
Do not skip this step.
  1. Start Windows Explorer.
  2. Click the Tools menu, and click "Folder options."
  3. Click the View tab.
  4. Uncheck "Hide file extensions for known file types."
  5. Uncheck "Hide protected operating system files," and under the "Hidden
files" folder, click "Show hidden files and folders."
  6. Click Apply, and then click OK.

5. Delete the actual Wink[random characters] file
Using Windows Explorer, open the C:\Winnt\System folder and locate the
Wink[random characters].exe file. (Depending on your system settings, the
.exe extension may not be displayed.)

NOTE: If you have Windows installed to a location other than C:\Windows,
make the appropriate substitution.

5. Empty the recycle bin
Right-click the Recycle bin on the Windows desktop, and click Empty Recycle
Bin.

6. Run the Intelligent Updater
Double-click the file that you downloaded in Step 1. Click Yes or OK if you
are prompted.

7. Reinstall NAV
  1. Reinstall NAV from the installation CD.
  2. Start Norton AntiVirus (NAV), and make sure that NAV is configured to
scan all files. For instructions on how to do this, read the document How to
configure Norton AntiVirus to scan all files.
  3. Run a full system scan. Quarantine any files that are detected as
infected.

8. Restart the computer and scan again
Shut down the computer, and turn off the power. Wait 30 seconds and then
restart it.

CAUTION: This step is very important. Reinfection will occur if this is not
followed.

Allow it to start normally. If any files are detected as infected,
quarantine them. Some of the files that you may find are Luall.exe,
Rescue32.exe, and Nmain.exe.


Quote:

> having problems installing norton 2002 after removed the
> virus
> it gives an error
> setup.exe is not a valid win32 application
> thanks



Wed, 06 Oct 2004 06:12:09 GMT  
 
 [ 2 post ] 

 Relevant Pages 

1. W32.Klez.H@mm

2. Malicious email with W32.Klez.H@.mm attachment

3. W32.Klez.E@mm

4. How to prevent Virus W32.klez.gen@mm

5. w32.klez.gen@mm

6. W32/Klez.h@MM virus

7. W32.Klez.gen@mm -- NOW MISSING .DLL FILES??

8. W32.Klez.E@mm infected files

9. w32.Klez.gen@mm

10. Virus W32.Klez.H@mm. question !!

11. W32.Nimda.A@mm and W32.Nimda.enc

12. W32/Klez-H

 

 
Powered by phpBB® Forum Software