VIRUS:WIN32/Funlove,comment on fait????????

VIRUS:WIN32/Funlove,comment on fait???????? - Windows & Software

Marsh Posté le 10-06-2001 à 12:31:23    

J'ai choppé ce virus...merde :fou: ...qqn connait?????
On fait coment pour s'en débarrasser,ca fait quoi???
qqn l'a déja eut?????????


---------------
SmocKe a flower and fucK a ducK
Reply

Marsh Posté le 10-06-2001 à 12:31:23   

Reply

Marsh Posté le 10-06-2001 à 14:01:33    

Si tu est sous Win 98 tu vas sous dos  
Tu vas sur c:\ et tu tapes scanreg /restore  
Tu mets une date avant le virus
Tu reboot  
Et a mon avis c' est bon

Reply

Marsh Posté le 10-06-2001 à 14:03:39    

It is not a dangerous memory resident parasitic Win32 virus. It affects PE EXE files on local and network drives. Because of its network spreading ability the virus can infect the local network from one infected workstation, in case the network access permissions allow writing for this user.  
The virus contains the text strings:  
 
 ~Fun Loving Criminal~
 
When an infected file is run, the virus creates the FLCSS.EXE file in the Windows system directory, writes its "pure" code to there and runs this file. This virus "dropper" (FLCSS.EXE file) has Win32 PE format and is executed by the virus as a hidden Windows application (under Win9x) or as a service (under WinNT), and the infection routine takes control.  
In case an error occurred while creating the dropper file (when the virus is run from infected file) the virus runs the infection routine from its instance in the infected host file. The file searching and infection process is run in background as a "thread", and as a result the host program is executed with no "visible" delays.  
 
The infection routine scans all local drives from C: till Z:, then looks for network resources, scans subdirectory trees there and infects PE files that have .OCX, .SCR or .EXE name extension. While infecting a file the virus writes its code to the end of the file to last file section and patches its entry routine with "JumpVirus" instruction. The virus checks file names and does not infect the files: ALER*, AMON*, _AVP*, AVP3*, AVPM*, F-PR*, NAVW*, SCAN*, SMSS*, DDHE*, DPLA*, MPLA*.  
 
The virus is related to the "Bolzano" virus family and patches the NTLDR and WINNT\System32\ntoskrnl.exe files in similar way the "Bolzano" virus does. The patched files should be restored from a backup.

Reply

Marsh Posté le 10-06-2001 à 17:16:49    

salut  
tu vas sur le site de symantec, tu dl le fixfunlove.exe et tu le lances depuis une disquette bootable.
Si tu es en ntfs il te faut un prog permettant la lecture ecriture sur tes partoches

Reply

Marsh Posté le 10-06-2001 à 17:17:28    

Reply

Marsh Posté le 10-06-2001 à 23:51:21    

Merci tout l'monde!!!!!!!!!!!!!!!!
Voila lé mort ce virus de merde!!!!!! :D  
Ya pas a dire le site www.symantes.fr est vraiment bien et m'a aidé,sur les autres j'ai rien trouvé...mais bon j'avais peut etre mal cherché........
Juste une question,quand j'avais le virus,alors que je le savais pas encore,j'ai gravé qqs logiciels de mon Pcnotament des fichiers div-X présents sur mon disK dur,est ce que je risque qq chose si je les lit...genre d'etre reontaminé???????


---------------
SmocKe a flower and fucK a ducK
Reply

Sujets relatifs:

Leave a Replay

Make sure you enter the(*)required information where indicate.HTML code is not allowed