Discovered: July 6, 1999
Updated: February 13, 2007 11:59:23 AM
Also Known As: Win32.Weird, W95.Weird
Type: Virus
Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows XP
To remove this virus:
NOTE: Removal of this virus requires that you have a DOS boot disk or Windows Startup disk, and assumes that you be familiar with using basic DOS commands at the command prompt.
- Insert a clean DOS floppy disk or Windows Startup disk into the floppy disk drive, and restart the computer.
- At the prompt type the following two commands, pressing Enter after each one:
c:
cd windows
dir *.exe /a:h
All .exe files in the \Windows folder that have the hidden attribute are displayed.
NOTE: If Windows is installed in a different location, make the appropriate substitution when typing the first command.
- Look for a file with a size of 10,240 bytes. The name of the file is generated by taking the computer name on the infected system and changing some of the characters. Write down the name of this file.
- Type the following, and then press Enter after each one:
attrib <file name from step 3> -h
del <file name from step 3>
- Type the following two commands, pressing Enter after each one:
del wininit.ini
del wininit.bak
- Restart the computer.
- Start Norton AntiVirus, and run LiveUpdate.
- Run a full system scan. Attempt to repair any files that are infected with W32.Weird. If they cannot be repaired, you must delete them and restore them from a clean backup copy, or reinstall the deleted file.
NOTE: If NAV reports that it cannot delete an infected file, you must shut down the computer, turn off the power, and wait 30 seconds. Then restart the computer in Safe mode and run the scan again. All Windows 32-bit operating systems except Windows NT can be restarted in Safe mode. For instructions on how to do this, read the document How to start the computer in Safe Mode.
Writeup By: Wason Han
Technorati
Digg
Delicious
Reddit
StumbleUpon
Yahoo Buzz
Twitter
Facebook
Newsvine