Hacktool.Flooder

Start/Settings/Control Panel/Users and Passwords will show you users on the system. You should have Administrator Guest Your Account and another for other users. I doubt if they would set up a user account since your account is probably an admin one anyway. The same goes for permissions. Logged in as a local admin, you can access any file on the system. Mostly the article is talking about removing from a network.

Deleting the file may be a problem. Usually you would have to boot into safe mode. Sometimes I have even had to open a Command Prompt and change the attributes of the file using the Attrib command and then delete them. Can be a pain.

Thanks Mairving. That helped a lot. I am still reading up on this and will post if I have any more specific questions.

Sonia

I have no idea where it came from extrmbob.

I remembered also, that about an hour before the virus alert came up, I was booted offline and was unable to connect for about 10 minutes. Could this have been a DOS attack ya think?

Quote: The only info I found was that it has to be removed in safe mode and you have to remove users it created as mairving stated.

Yes I read that too after I rebooted and ran Nortons which quarantined nineteen .exe files and one .dll file.

All were in C\Documents and Settings\Folder (with my name)\Local Settings\ (i couldn't tell what folder after that viewing it on my anitvirus screen) and the other two were in C\WINNT\System32. I deleted them from quarantine.

I looked at my users like Mairving said and there was is an Administrator, Guest and then Me. That is three. I don't know if the Guest was there before. I tried to delete the Guest but it wouldn't let me so I added a password to it out of despiration.??? No one uses my computer except for me so I had all of the passwords disabled.

I am afraid to start deleting stuff because I don't really know what I am doing when it comes to that. Afraid I will mess up more than fix ya know. But, I would like to know for sure if it is gone and I have a sneeky feeling it isn't. If removing them in safe mode is the only way, then they are still there.

Don't worry too much about the users thing. The guest account and the administrator account are default accounts and can't be deleted. I would suspect that if it found the virus in your Doc&Settings folder then, it would be in your browser cache. Dump that and run the virus scan again as well.

I am not ignoring you guys. I have locked myself out of my computer. Lost my windows 2000 password.
I am on my old backup puter now. !@#$%

Anyway, before I did the dastardly deed above, I didn't find the stuff in question in win.ini

As for file sharing - no shared files.

Did I visit any sites that loaded any unusual scripts? -- can't think of anything off hand but it is possible is guess.

I tried to install the patch and it told me that I needed one of the versions of the service pack. So i installed it. When i rebooted, that is when I discovered that I didn't know my windows password.

Guess this thread will be on hold until I can get back in. Geeze, what next? I don't drink but I think I need a beer right now.

Whew!! Made it back in.

I am going to have to reinstall the service pack now that I am back. After I do that all that is left is to check the registry right?. Is that something that you could walk me through or should I get someone beside me that knows what they are doing for that?

No IIS on this box. Good thing huh? LOL

I think I may have found something.

One of the files that I found when the virus (or whatever it is) got on my computer was named "iffzjw.exe" and was in c:\winnt\system32.

If I go to c:\winnt\system32 through "My Computer", I do not see the file there anymore. But, I am looking at System Information under Accessories/Tools in the Start Up Programs folder and I see it there. This is what needs to be removed isn't it?

Make sure that you are setup to view hidden files. When you are in My Computer, click Tools/Folder Options/View Tab/Show Hidden Files and Folders. Open up your registry: Start/Run/regedt32. Go to HKEY_Local_Machine, expand Software/Microsoft/Windows/Current Version/. Click on the Run Key. This will show programs that run on startup. If you see that program there, delete it. Look also on the RunOnce and RunOnceEx keys.

Oh my! :eek: Yes, it is there and now it is deleted. Being in registry is like worse than going to the dentist.

Thanks for the help mairving and extrmbob! Both of you are geniuses in my book. *hugs*

Whenever I had virus in my PC I rather formated HDD.
If you have regularly backup this is not a problem