I need a help for a Badtrans virus on my Windows ME!

Question

We are fairly certain on our Windows ME version that a BadTrans virus is there. I have looked on your site as to this problem and clicked on McAfee for help. It seems as though they want us to subscribe for a fee in order to get help. Is this the only way? What do you suggest?

Thanks

Sandi Nelson

Answer

This question was answered on December 5, 2001. Much of the information contained herein may have changed since posting.

Hello,

No, there is a free help What you may have seen was their on-line services options they were offering

By the way, which site did you check out?

I made a visit to the following site and didn't get that impression at all (Perhaps, you went to a different site).

Go to: http://www.mcafee.com/anti-virus/virus/badtrans/default.asp?cid=2607 It will say, "W32/[email protected] Help Center"

There, in "Detection and Removal" box, select "Windows ME" on the bottom I could take you to the "Windows ME" site directly but, thought it will be a good idea for you to read that page too.

However, the following step-by-step instructions are from that site:

Windows ME users:

Change the Folder View Options

1 Double-click on the My Computer icon on the desktop

2 Double-click on the C: drive

3 Click on the Tools pull-down menu and then click on Folder Options The Folder Options dialog box will then appear

4 Click on the View tab

5 Select the 'Show hidden files and folders' option

6 Uncheck 'Hide file extensions for known file types'

7 Click the Apply button followed by the OK button

8 Close the remaining open windows until you are back on the desktop

Backup the Registry

1 Click on the Start button

2 Click on Run

3 Type in REGEDIT then click the OK button The Registry Editor will then appear

4 Click on the Registry pull-down menu then click on Export Registry File

5 The Export Registry File dialog box will then appear The top of this dialog box contains an option entitled Save In Make sure Desktop is selected for the Save In option If it is not, click the pull-down arrow and select Desktop from the menu

6 In the File Name field type "Backup" (without the quotation marks)

7 In the Export Range group box make sure All is selected

8 Click on the Save button You have now created a backup of your registry

9 Close the Registry Editor by clicking the X in the top right corner

NOTE: If you need to restore the registry you can double-click on the backup file you created and it will be restored The backup file will be located on your desktop Once you have finished these instructions and are certain everything is working properly it is important to delete the "backup" file you created Do this by right-clicking on the Backup file on the desktop then left-clicking on Delete from the pop-up menu that appears This will ensure that the old registry is not accidentally restored once this process is complete.

Edit the Registry

1 Click on the Start button

2 Click on Run

3 Type in REGEDIT then click the OK button The Registry Editor will then appear

4 On the left side of the screen double-click on HKEY_LOCAL_MACHINE

5 Double-click on Software

6 Double-click on Microsoft

7 Double-click on Windows

8 Double-click on CurrentVersion

9 Single-click on the RunOnce folder so it is highlighted You will notice the right-side of the screen has a Name column and a Data column

10 On the right side of the screen, single-click on the word "Kernel32" under the Name column so it is highlighted

11 Press the Delete key on the keyboard to remove the highlighted Windows entry

12 Close the Registry Editor by clicking the X in the top right corner

Editing the WIN.INI

1 Click on the Start button

2 Click on Run

3 Type in WIN.INI and then click the OK button

4 The C:\WINDOWS\WIN.INI window will appear

5 Scroll all the way over to the right in this window and next to RUN= there will be this reference: c:\windows\inetd.exe Remove this reference If you do not see the reference it may be off the screen Remember to scroll all the way over to the right

6 Click on the X in the top right corner to close the WIN.INI window You will be asked if you wish to save changes Answer Yes

Delete the Virus Files

1 Click on the Start button

2 Highlight Search and then click on For Files or Folders The Search for Files or Folders dialog box will then appear

3 Make sure the Look in field shows the C: drive so the entire C: drive will be searched

4 Type INETD.EXE in the Search for Files or Folders Named field and click the Search Now button

5 Windows will then search for the file When the file is found, it will be displayed on the the right-hand side of the dialog box

6 Once Windows has finished searching, right-click on the small icon to the left of the file's name A pop-up menu will appear

7 Left-click on Delete If you receive a prompt, answer Yes to have the file deleted

8 Repeat steps 4 - 7 for the for the following file names:

KERN32.EXE

HKSDLL.DLL

HKK32.EXE

CP_23421.NLS

9 Close the Search for Files or Folders dialog box by clicking on the X in the top right corner

10 Empty your recycle bin by right-clicking on the Recycle Bin icon on the desktop and left-clicking on Empty Recycle Bin

11 Restart the computer

The Trojan has now been removed

Good luck and thank you for writing!

Need Help with this Issue?

We help people with technology! It's what we do.
Schedule an Appointment with a location for help!

Author

Posted by Phoenixaz of Chandler-Gilbert Community College on December 5, 2001