VideoHelp Forum




+ Reply to Thread
Results 1 to 3 of 3
  1. 22nd Dec 2001 17:06 #1
    sean madison
    sean madison is offline
    Member
    Join Date
    Mar 2001
    Location
    VcdHelp
    Search Comp PM
    Send a message via AIM to sean madison
    I'M GLAD U ARE READING THIS BECAUSE IF U HAVE GONE TO MY WEBSITE, U MAY HAVE BEEN EFFECTED WITH A VIRUS BY ACCIDENT

    DO NOT WORRY, I HAVE BEEN ABLE TO FIX IT EVEN THOUGH NORTON ANTIVIRUS 2002 DOESNT EVEN KNOW!! (damn, i'm good)

    OK let me tell u about this virus, and how to telll if u are infected by it.

    This virus is called the W32 Stator@mm virus
    What it does is it will not allow u to run your -
    msconfig.exe or regedit.exe file
    Also, once infected, it will make ALL exe files decoded and reconfigured and adds an mIRC trojan on your pc.

    This is what i mean(i'm getting right to where u tell if u have it, just hold on)

    each exe file(only affects exe) u open after infection, it will turn that file to 61 kb and make an exact duplicate of the filename but change it to vxd.
    What i mean is like notepad.exe
    Lets say its 100 kb
    It will now be-
    notepad.exe- 61 kb
    notepad.vxd- 100 KB

    You can actually run the vxd and it opens notepad or u can run the exe and it also does it too.

    The trojan part of it-
    This only affects mIRC users.
    Have u ever heard of the program Winipcfg?
    Well if u havent here is what it is- it shows what ur ip address is, your dns server, and your gateway.

    Once this virus is installed(invisibly), it will make a new winipcfg that is larger than the one in your windows\sysm dir. DELETE THIS AT ONCE!!!!! (if u have 2, that is. If u do have 2 of em, delete the larger one, if u only have one, u may or may not be infected)


    Now to tell if u are infected-

    Run a program then go into my compuer and see if that prog u ran is 61 kb with a vxd file next to it. If there isnt, then u are fine, but if there is, here is how to fix it-

    First- go to windows dir and rename regedit.exe to regedit.vxd then double click after renaming.
    Now, search for this phrase-

    loadpe

    It will bring up the first thing with a set on the left row with the aplhabet going in order for a bit.
    On the far left, it shows the dir in the registry it is located in. DELETE THE WHOLE DIRECTORY!!!

    Next, go to find next and search again.
    This time it will bring up it being listed in exefile\windows\shell\command(or somethin like that)
    Anyways, once it brings that up, on the big window part, it says this-

    Default c:\windows\system\loadpe.com %1 %* or somethin like that.
    Double clikc the value and when the window pops up, delete the whole value and hit ok
    Now there should be no value listed other than- ""

    Now export registry to windows dir in case it happens again.

    Now one last thing-
    Go to your windows\system dir and DELETE the loadpe.com file

    Scan your WHOLE windows dir for viruses and your registry too.

    If u get an error message next time u reboot saying cannot find loadpe.com, go back into registry and import your registry file, then close regedit.
    Thats it

    Sorry bout this for everyone who has gone to my site. I apologize VERY DEEPLY

    The only way you COULD have gotten this though is by downloading a program off of my web site and as a matter of fact, I do not think any of the exe files on my website are linked on my pc so everyone should be fine.
    Oh and also, if anyone saved the bmp files from the vid pics section, you could have also gotten it that way too.

    Just make sure and check.
    Have a happy christmas and i will chat with yall later.







    ShiZZZoN PzN

    Everyday is another payday and I am one step closer to becoming the one.
    Quote Quote  
  2. 22nd Dec 2001 20:13 #2
    bilbogod
    bilbogod is offline
    Member
    Join Date
    Oct 2001
    Search Comp PM
    <TABLE BORDER=0 ALIGN=CENTER WIDTH=85%><TR><TD><font size=-1>Quote:</font><HR size=1 color=black></TD></TR><TR><TD><FONT SIZE=-1><BLOCKQUOTE>Oh and also, if anyone saved the bmp files from the vid pics section, you could have also gotten it that way too.

    Just make sure and check.
    Have a happy christmas and i will chat with yall later.</BLOCKQUOTE></FONT></TD></TR><TR><TD><HR size=1 color=black></TD></TR></TABLE>

    LOL Your website was down last time I went on it (yesterday). Is everything, safe ,o.k, up and running now?
    What about any othr virus checkers, will they pick up on this. Norton doesn't seem to find everything.. Someone recommended a program called FPROT, don't know what its like though

    Quote Quote  
  3. 22nd Dec 2001 23:18 #3
    next
    next is offline
    Member
    Join Date
    Jun 2001
    Search PM
    Haven't been to the site but for those that prefer english the symantic site may be of some help. It's here:

    http://www.symantec.com/avcenter/venc/data/w32.stator@mm.html

    <font size=-1>[ This Message was edited by: next on 2001-12-23 06:19:09 ]</font>
    Quote Quote  



Similar Threads

« Previous Thread | Next Thread »
Visit our sponsor! Try DVDFab and backup Blu-rays!