I got an error message stating this and NAV 2002 states it could not repair the file, I then clicked okay. The settings weren't set to quarantine it, and also it said there was another virus called Backdoor Roxy. It's on my computer that has win 2000 pro, and I got ZoneAlarm on there and ran a scan and Norton's did not report any viruses found, hmmm. Strange thing is now I can't connect to my DSL. It says page cannot display. I don't know how to go into winipconfig in Windows 2000. Because it says winipconfig cannot be found when I type it in. So here's my question, do you think this virus messed with the connection settings, I have made sure the cable to the modem is connected and it still will not connect.

Hi soaring, looks like it has messed with your settings, this from Symantec
"When W32.Randex.D is executed, it does the following:
Attempts to authenticate to randomly generated IP addresses. The user account list for that remote machine is enumerated, using the NetUserEnum() API. The worm will try connecting as everyone in the list of users who exist on the remote machine until it successfully connects or runs out of accounts.

The worm attempts this action by using one of the following passwords:

admin
root
1
111
123
1234
123456
654321
!@#$
asdf
asdfgh
!@#$%
!@#$%^
!@#$%^&
!@#$%^&*
server
This action result in accounts being locked out due to unsuccessful log on attempts."
More info and removal instructions HERE
Good Luck.

This message has been edited. Last edited by: DorianGreyed,

Hi Redder,
Thanks for wishing me good luck, I'm going to need it. The computer is my mates, he is hooked up on a network with two other pc's of mine. I didn't download any firewall on his, or adaware on his, because it confuses him and I didn't think he could run it. Well, anyways, I did put them on there just now, along with reg clearner. I ran reg cleaner, adaware, found one bug (Alexa). I also deleted Norton's because I'm not too crazy about NAV nowadays. Always seems to give me a sense of false security, lol. I installed AVG, since I just replaced Nortons on my own PC (which I'm impressed with AVG), and did a full scan and it showed no viruses. The problem is still the internet connection, it just won't run. I was curious about the regedit, on this link you provided. I went into the regedit, which is a little bit different for win 2000 and looked for the worms they listed and didn't find it. Check here for what I'm talking about. I did see some weird stuff that my Zone Alarm was picking up trying to access the net, There are two of them that I kept on wondering what they were:
Pofatch REG_SZ nstrue.exe
Norton Antivirus REG_SZ C/WINNT/SUSTEM\fqqe.exe

But this next one is making me curious if its the culprit:
NvCpl Daemon:REG_SZ:RUNDLL31EXE NvQTwk, NvCPL Daemon initialize

Sorry to be so long winded, I'm just not very good at this regedit, and it says it's a little different when backing it up in Win 2000 before I edit it.

Any help would be greatly appreciated!

Let's set the record straight here! You keep talking about a fire wall and/or lack thereof. A firewall does not prevent a virus infection.

Qualserve, I don't think a firewall prevents viruses either. Now I'm not saying it is bad either. Are you? I did say I do have Zone Alarm on my own pc, and I have not once had any problem with viruses on my own pc. So the firewall in my opinion does help against hackers. Correct me if I'm wrong.

Hi soaring,
"But this next one is making me curious if its the culprit:
NvCpl Daemon:REG_SZ:RUNDLL31EXE NvQTwk, NvCPL Daemon initialize"
I think you can rule this one out as the culprit as it "Intializes the clock and memory settings on nVidia based graphics cards." according to Pacs-portal startup applications.
Haven`t tracked down the other two yet but will keep looking.

This message has been edited. Last edited by: DorianGreyed,

Thanks for the link Redder, I did find out about Win 2000 startup instructions on that page. It is a little more difficult for that OS, read this: Win 2000 Startup Tweak Guide

My first decision is to make a backup Emergency Repair Disk, before I do anything to the startup, but that still isn't going to get the internet back on. Are we having fun, yet? LOL

Sorry if I misread your meaning about the firewall (I should have known you were smarter than that ) Yes, by all means use a firewall to prevent hackers! Interestingly enough, mine prevented a Denial of Service type attack last night, a first for me! Thank you Sygate!

No success as of yet, I think the many attempts to access the internet have probably done the damage. I was able to figure the command out for the regedit, its: regedt32.exe so I went into run and typed in that command, and it worked. Now how to go in the releasing the ip address. Does anyone know the command for winipconfig on the OS Win 2000?
I am also wondering how to clean Norton's completely off of there, since it's obviously in the registry. Can't I do a system restore on Win 2000?
I know it sounds like I'm going in circles on this, and believe me I'm not any expert on these issues, just enough to get me in trouble. I was just hoping there was a simple way to unlock the internet server problem. And also, I do think that if there are 2 antivirus programs on a computer, that it creates a problem. Am I wrong? Why doesn't Symantec have a patch for this certain virus, is it just not worthy or that much of a threat?

soaring,
When you removed Norton's, did you use its own uninstall utility, or did you go thru add/remove programs to do it? If you used its own utility, you may still have to go into your "C" drive, to your "Program Files", and remove the folder "Symantec" then the folder "Live Update" , to get rid of all of Norton's stuff on there.
Yes, having two anti-virus systems on one pc does cause problems, if you dont like Norton's then AVG will be just fine. As far as Norton's having a patch for that certain virus, they may have been still working on it at the time you went there to get it.Were the virus definitions up to date when you scanned with Norton's? If they were more than a week out of date, it might not have picked it up, (happened to me once). Unfortunately, I dont know anything about Win2000, other than the very basics that nearly all Windows versions share. I will check into it though, and see what I can find and post back shortly, if possible.

chris

soaring,
For more info on the Winipconfig command, see this webpage. Look near the bottom of the page for the info. It says:

WINIPCFG.EXE is a GUI application in Windows 9x/Me that lets you check the status of your network connections. Because Windows XP was designed for networking from the ground up, however, and supports far more network connections, something a little more elegant was required.

So Windows XP has two replacements for WINIPCFG.EXE. The first is ipconfig.exe, a command line application that supplies the same information, via text interface. The second is a much more elegant (GUI) interface that is individual to each network connection: Just right-click (or double-click) each network connectoid to make configuration changes and check their status.

For XP: Open a Command Prompt window and enter IPCONFIG /ALL

The Windows 2000 version of WINIPCFG (WNTIPCFG.EXE) can be downloaded here.

Or...

Lists the IP Address(es) for your computer

This VB Script will determine the IP Address(es) available on your computer and display them, along with the hostname associated with that IP Address. Download the Find IP.vbs file and save it to your hard drive (you may want to right click and use Save Target As). Double-click the Find IP.vbs file. A dialog will open listing the available IP Address(es) and the corresponding hostname.


I hope something here helps.

chris

chris, Thanks for filling me in on the nortons. Yep, I removed through the add/remove program. I then did a search for NAV, nothing showed up, and did a symantec search which showed the Symantec liveupdate folder which I removed. But in reference to the updates, they did it automatically. The reason I didn't like Norton's is when you do a system restore Norton's did not work correctly, no matter whether you disabled it or not, I have found either way it still put this big red X on the icon in the taskbar and was a very big hassle to get working right again.
Now that I have put AVG on there, I just did a complete scan and no known viruses were found. But it hasn't been updated due to connection problem with the internet. I guess he will just have to live without going onto the net for awhile. I asked him if he learned a lesson on this, and he said "Yes". When it says do you want to download, you better make sure it is not harmful to your computer.
I really get angry when someone creates these viruses, worms, and trojan horses. They should pay for their evilness. The misery they put innocent victims is pure hell. Do they get a kick out of playing the demon? Ok, I'll get off my soapbox, just venting due to this being a real pain in the you know what.

Soaringhorse

[This message was edited by soaringhorse on 11-08-03 at 04:50 PM.]