|
Note:
This message was posted to the old
"wwwboard"-based forum; for the current forum,
go here.
I keep these old messages here mostly because people keep finding them in Web searches, and I hate broken links. Most of those searches are about the FunLove virus, or the "Elf Bowl" game. These old postings should not be considered authoritative on those subjects! For information on FunLove, I suggest anti-virus Web sites, like this and this. If you're wondering if the Elf Bowl game is a virus, try here or here. For Elf Bowl and related games, try a Google search, or perhaps some possibly related website like this or this. |
In Reply to: Re: funlove virus posted by rafa on November 11, 2000 at 00:14:43:
The only effective FIX I have found for win98 (similar in NT) is:
FIRST AND FOREMOST!!! UNPLUG THE NIC!! FLCSS will infect other computers on the network and make it IMPOSSIBLE in that circumstance to get rid of it effectively. If you are in this position, SHUT DOWN ALL THE COMPUTERS and DISCONNECT THE ETHERNET CABLES!! Then fdisk/mbr, Debug,Fdisk,Format, and reinstall them all. It sucks but that's why IT guys make mad cash.
Now, next, for home users, unplug the NIC and then use a tool like enumeration X to kill the flcss.exe hidden process. THEN, you can delete the FLCSS.EXE in c:\windows\system. Next, you need to scan the computer for flcss.* and delete anything you find. THEN, you need to run your antivirus. Now, here, you run into a problem. On my test system, the antivirus programs seem to become infected themselves, and are unable to clean themselves, and in the process of scanning, you reinfect your other files. Nasty, but effective. I HIGHLY recommend uninstalling the antivirus program, then DELETING anything left in c:\program files\Symantec, program files\Norton or anything similar. NEXT, reinstall the antivirus, and download the latest updates. I KNOW you had to put the Ethernet cable back in to do that, cable modem folks. So unplug it again. NOW, you can scan the whole hard drive. Hell, do it in safe mode to be paranoid. Now, you found a BUNCH of stuff and the cleaning of each file was successful I hope. Then, you can go to windowsupdate.com and download all the critical updates. (I saw you plug in that cable modem!)
Funlove exploits a security hole in windows to gain easy access to your system. There ARE updates, but until you get them, you can EASILY be reinfected. Norton and McAffee can't safe you, and neither can Guarddog.
AFTER ALL THE ABOVE HAS BEEN DONE, you will let the computer reboot when windows update wants it to. If Windows update does NOT ask for a reboot after installing the updates, close all running programs and restart manually, with NO cable plugged in! You can STILL be reinfected until the updates from MicroSlop are in place. After the reboot, here is the MOST important step. Plug your ethernet cable in, and reboot again, and while that is chugging away, THROW AWAY ALL YOUR FLOPPY DISKETTES!!
Most people reinfect themselves with viruses they complain they 'can't get rid of.' It is INCREDIBLY likely that there is some form of the virus on at LEAST one of those disks, so you should toss them all. Noone keeps anything TRULY important on floppies anyway, right??
Also, any cd-rw's that were burned while the computer was in a KNOWN infected period should be used on a computer of a person you don't like. If they start complaining of lockups, then throw that thing away. (You could find the virus on their system by going to Start, clicking Find, and typing flcss.exe in the named box, and PLEASE make sure it is Looking in: c:\. I hate having to remind people their Windows directory is not on a: or their cd-rw.
Anonymous Dell Technician