10-03-2002, 06:10 PM
Hi everyone, about two days ago, my computer was on and I was away. I had left windows messenger on. But when I came back, I saw that somehow computer had imed everyone who was on my buddylist and try to send this file that I didn't even know it existed on my computer.
Finally I traced it and found where it was located. I tried deleting it but didn't work. The only thing I can do is that I can move it around from one folder to another and rename it. I am pretty sure it has to be a stupid virus but I guess since I changed the name of the file, even if it's called the original name doesn't exist so it won't recognize it. However, I tried looking at the properties and everything seems normal. But again, when I try to delete it, it says "Access is denied. Make sure the disk is not full or write-protected and that the file is not currenty in use."
Any help is greatly appreciated.
Thank you in advanced.
10-03-2002, 06:38 PM
Lets see.. suggestions.. ::
-Did you leave an 'open connect' with someone on your IM list? It's only a guess, but open connections can allow access into your pc -- I could be wrong, but if I'm not...?
-Tried shutting down and restarting your pc then going in?
-Tried using the "Add/Remove" program in Control Panel? Tho, I don't really believe that will work for a file :/
-Is it a Read-Only? Take this off and try deleting it...?
-Try deleting it from DOS?
Good luck.. never had this happen to me, I'd be interested in the end result.
10-03-2002, 07:18 PM
is it called pic(1)(2)(3)?.EXE?
if so its a harmless(or so i think), thta is run everytime windows starts up so go into the process killer (ie CTRL+ALT+DEL) and kill the program msgspread ( or sumthin like that) and then delete it that should get rid of the virus
10-03-2002, 08:59 PM
if it is pic123 then here is how to remove it...
its on the bottom of the page.
10-03-2002, 09:56 PM
Thank you so much webmarkart, whackaxe, and Revelle. All your comments have been really really helpful.
The file was read-only and I did change it and tried deleting it but didn't work. I tried changing attributes from dos and tried deleting it from there but no result.
And I am sorry, I should have mentioned earlier, it was a patch for a software that I had downloaded from a p2p application ( i m sure everyone knows which one it would be) and I don't use it at all but I was introuduced by someone and I tried it out for the first time for experiment purpose. But I guess I learned my lesson and have decided not to use it.
So I guess when I was applying the patch, it must have created that .exe file that had a mouse icon on it. and there were quite a few files. I did check earlier and made sure that they weren't in startup. And if they were then it may be the problem why I couldn't delete them but they weren't. I did check in Add-remove and thought it probably was a small application and I could get rid off from there. But nope, it wasn't there. Since I run a server and my this machine is connected to it, they both are running 24/7. So it never struck to me to turn it off and start it again.
However, that would have been the first thing I should have tried. And with surprise it did work. yet, I still don't understand why I was not able to delete it before I restarted the computer. I guess it must have something to do with memory.
But now my biggest concern is that I hope it didn't damage any of my .dll or system files. Is there anyway to find that out?
Once again, I really appreciate your quick replies and thanks to you all I got to learn something new as well as got rid off my problem. Thanks a lot.
By the way, I do have Norton Antivirus 2002 and I just did the live update couple of days ago. I don't know if having it makes a big difference or not.
10-04-2002, 12:31 PM
Read that for more. I'd do another virus update and moan to Nortons as they now about it since august last year so virus checker should have spotted it.
10-04-2002, 09:35 PM
Thank you tommysphone. The link was really helpful.
10-04-2002, 10:24 PM
so it was the worm i suggested. i thought that it had been stamped out ages ago!