RE: [WinMac] SirCam virus

From: Jim Walsh (jwalsh[at]tuspm.temple.edu)
Date: Tue Jul 31 2001 - 10:22:25 PDT

Next message: Tim Scoff: "Re: [WinMac] SirCam virus"

Previous message: Robert Runte: "Re: [WinMac] Program size"
In reply to: Donovan, Harold: "[WinMac] SirCam virus"
Next in thread: Tim Scoff: "Re: [WinMac] SirCam virus"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Harold,

One of our networked computers got caught by SirCam as well. Its Norton
Anti-Virus file was not up to date. When I did install the updated DAT file,
I had a strange problem. NAV detected the virus and offered a DOS window
that included the choice to delete the virus file. I believe it was
SirC32.exe. I elected to do that. After that, I couldn't run any EXE files.

A little investigation showed that SirCam had modified the registry so that
all EXE files mapped to SirC32.exe. So, attempting to start an EXE brought
up a window saying that it couldn't find SirC32.exe.

One solution was to go to another Win98 machine, run RegEdit, and export the
key that specified the mapping from EXE to SirC32.exe. Then, import it on
the problem machine.

But, before I was able to execute that solution, it occurred to me to just
restore the registry from my backup tape from my backup server across the
network. That was a much simpler solution that solved my problem.

Still, maybe the Norton utility FixSirc.com, available free from their web
site will work as well.

Good luck,
Jim Walsh
TUSPM Gait Study Center

-----Original Message-----
From: Donovan, Harold [mailto:donovan.harold[at]nbpub.com]
Sent: Tuesday, July 31, 2001 8:36 AM
To: 'winmac@iffy.com'
Subject: [WinMac] SirCam virus

We got caught by the SirCam virus yesterday, before we got the right .dat
file loaded on some of our NT workstations (and 1 95 box). The results were
that no executable will run. Does anybody know of a repair procedure, other
than a format and restore that will work on these machines? Mcafee will
detect it but is unable to clean it. We deleted the files but the machines
are still quite useless at the present time. Any assistance would be
greatly appreciated.

Harold Donovan
IS Analyst
N.B.Publishing
Saint John
New Brunswick
E2L 3V8

*** Windows-MacintoshOS Cooperation List ***
FAQ: http://www.darryl.com/winmacfaq/
Archive: http://www.darryl.com/winmac/

To unsubscribe, send mail to winmac-unsubscribe@iffy.com

*** Windows-MacintoshOS Cooperation List ***
FAQ: http://www.darryl.com/winmacfaq/
Archive: http://www.darryl.com/winmac/

To unsubscribe, send mail to winmac-unsubscribe@iffy.com

Next message: Tim Scoff: "Re: [WinMac] SirCam virus"
Previous message: Robert Runte: "Re: [WinMac] Program size"
In reply to: Donovan, Harold: "[WinMac] SirCam virus"
Next in thread: Tim Scoff: "Re: [WinMac] SirCam virus"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b29 : Tue Jul 31 2001 - 10:24:11 PDT