1. /
  2. Security Response/
  3. Fix W32.Funlove.4099 Tool (Cleanflc.exe)

Fix W32.Funlove.4099 Tool (Cleanflc.exe)

Updated:
March 20, 2001 12:00:00 AM
Type:
Removal Information
Description
The removal tool, Cleanflc.exe, is designed to safely disable the W32.Funlove.4099 (Funlove) service under Windows NT. The tool also restores the Ntoskrnl.exe and Ntldr.exe files that are modified by the virus.

Cleanflc.exe must be run from a write-protected floppy disk, and it must be run with administrator rights.

Cleanflc.exe does the following:
Disables the FLC (viral) service.
Deletes the Flcss.exe file that the virus drops.
Restores Ntoskrnl.exe and Ntldr.exe. (W32.Funlove.4099 modifies these files to gain administrator rights to the system.)
Inoculates the system to prevent W32.Funlove.4099 reinfection after restarting the computer. (You must restart the system to complete the repair.)

How to use
To use the Cleanflc.exe file, follow these steps:
Download the tool to a virus-free computer from this location.
Save the Cleanflc.exe file to a floppy disk, and then write-protect the floppy disk to prevent it from becoming infected with FunLove.
Insert the floppy disk into the floppy disk drive of the infected computer.
Using Windows Explorer, browse to the floppy disk, and then double-click Cleanflc.exe.
Allow the tool to run, and then remove the floppy disk from the drive.
Restart the computer, and run a full system scan. Make sure that you have the most recent virus definitions, and that Norton AntiVirus is set to scan all files. Allow Norton AntiVirus to repair any infected files that are found.

NOTE (for advanced users): You can also run Cleanflc.exe from a command line in the Run dialog box. You can use the following command-line arguments:

Cleanflc.exe [boot drive:] [/?] [/s]

The arguments will perform the following tasks:
[boot drive:] This is optional; otherwise, drive C is assumed to be the boot drive.
/? Displays the help dialog.
/s Performs all actions silently.

Summary

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
Internet Security Threat Report, Volume 17
Symantec DeepSight Screensaver