I have a friend whose laptop was infected by a virus of which she cannot remove. I'm yet to ask her antivirus though. Based on her, it was a ".scr file extension". it was said that ALL OF HER DOCUMENT FILES WERE REPLACED BY THE .SCR FILE EXTENSION.
what is the best way of solving this problem? is it really a virus? she said that she cannot use or open her documents anymore because of what just happened.
An expert who has written 20 answers of more than 400 characters.
An expert who has answered 20 questions.
Re: virus infecting microsoft programs
Its the W32/Rungbu-A virus, it infects Microsoft Word DOC files by
copying itself to the same filename but with an .SCR extension,
appending the DOC file to the SCR copy, and then hiding the original
The W32/Rungbu-A then sets the computer not to show
hidden files (in order to hide the DOC file), to give SCR files a Word
icon (so the SCR file looks like a Word file), and to hide file
extensions (so the SCR file just displays the filename, not the SCR
extension). When the SCR file is run, the Word document is displayed as
To recover your .DOC files just follow these steps:
You have to delete all files detected as W32/Rungbu-A.
Set the following registry entries in order to show extensions and hidden files:
You must change the attributes of the original .DOC files to stop them being hidden.
My answer to your second question, is in November of 2007 the .SCR file extension started to be used to transmit
a Trojan. As a script or a screen saver this file can execute other
files which carry the Trojan. The SCR file may be embedded within a ZIP
file which could also contain a file with a double extension. Many Windows screen savers come with a .SCR extension by default.
Usually these will be found in the Windows main directory. Use caution
if you receive a screen saver file via E-mail. These files can contain
executable code and can be worms or viruses. Note: This file type can
become infected and should be carefully scanned if someone sends you a
file with this extension.
An expert who has achieved level 2 by getting 100 points
An expert that got 5 achievements.
An expert whose answer got voted for 20 times.
An expert who has answered 20 questions.
Re: virus infecting microsoft programs
It does not sound like a Virus.
Is she able to Open her docs. using another extension.
If she has a antivirus prog. update prog. Disconnect from Internet,disable System Restore,run virus scan.
Delete any viruses found.
Enable System Restore.
lets know how you went.
- If you need clarification, ask it in the comment box above.
- Better answers use proper spelling and grammar.
- Provide details, support with references or personal experience.
Tell us some more! Your answer needs to include more details to help people.You can't post answers that contain an email address.Please enter a valid email address.The email address entered is already associated to an account.Login to postPlease use English characters only.
Tip: The max point reward for answering a question is 15.
You will need to use another computer and download Kaspersky rescue disk. After downloading the disk image burn it to a cd and boot the machine with this disk. Run the rescue disk and it will detect the infected files. When the program if finished select remove all infected files and reboot your computer. You also need to either install a good antivirus program or update the one you have to protect against this type of infection. The Kaspersky rescue disk can be downloaded from their site here: https://support.kaspersky.com/viruses/rescuedisk
Shut down the computer as soon as you realize there is a problem. Pop-ups, program errors, dll errors, fake Anti-Virus scanners, and similar are signs there is a problem. Shut down the computer normally, or hold the power button in until the computer shuts off.
Power on the computer, and hit F8 before the Windows Startup screen appears. Select Safe Mode.
Login if asked to, if not select Yes to continue.
Click on the Start menu, select Run, type msconfig and press Ok, or type msconfig into the Start menu search box and press Enter.
Under the General tab, select Diagnostic Startup. Press Apply.
Under the Services tab, check the Hide All Microsoft Services box, and uncheck any services you don't recognize in the window.
Under the Startup tab, select Disable All. Press Apply and Ok.
Don't restart the computer yet.
The System Restore Utility backs up selected files automatically to the Restore folder. Quite often are infected files stored there as backup files, and many Virus Scanners are unable to delete these files. If you suspect your computer may be infected, it is recommended that you disable the System Restore Utility to remove the infected files from the Restore folder.Select your OS for directions on how to disable the System Restore Utility - XP, Vista, 7
While in Safe Mode, insert your USB thumbdrive and open it in My Computer.
Open Combofix.exe, select Ok when it asks. Let Combofix scan and remove any infections it finds. It should restart the computer when it is done. When it restarts, boot up into Windows normally.
Login if asked to, open your thumbdrive in My Computer again, and run Combofix.exe once more.
Open up SmitFraudFix.exe from your thumbdrive. Press any key to continue when asked. Type 2, and press enter. When the scan is complete, restart your computer.
If you had a fake Anti-Virus Scanner infection, open up Remove Fake Antivirus.exe from your thumbdrive. Press Start, and press Yes. When the scan and removal is Complete, restart the computer again.
Removing viruses, though technical, is yet a very simple process if all the required steps are properly followed.
The basic steps are:
Buy or download a reliable antivirus software
Install the antivirus software
Update antivirus software with the latest virus definitions
Perform a complete system scan
Install an Antivirus Program in the System
What is Antivirus program? An antivirus is a program that searches for, identifies and removes potential viruses existing in the computer system. Antivirus software: Some of the most commonly and reliable antivirus programs available in the market are -
Symantec Norton antivirus
The antivirus software should be updated regularly to retain its effectiveness.
Before installing the antivirus, close all open applications and
terminate any suspicious processes using Task Manager. Sometimes, you
may need to boot into safe mode or safe mode with command prompt to
delete suspicious programs and references to them in the Windows
Registry (run regedit from the command prompt to open the registry
editor). Search engines are
excellent tools to find out whether a certain process is harmful or not.
You can also get steps on how to remove a specific virus manually.
Removing the virus beforehand might be necessary, as some viruses
will not allow an antivirus to operate. However, if you are not
successful, you may still continue with the installation.
Scan the System to Identify and Locate the Virus
Usually, the antivirus will run automatically when the system reboots
after the installation. Therefore, it might identify the virus
automatically. Moreover, you may want to run a quick system scan to
locate the virus.
Troubleshooting the Virus Infected Areas
After the antivirus identifies the infected areas, the next step is to rectify those areas. Methods of Eliminating Viruses
Generally, the antivirus adopts one of two methods to eliminate the virus:
Removing the virus - When the
virus can be easily identified and can be removed without affecting
other files, then the antivirus removes it from the host place.
Quarantine - his is done when
the virus cannot be easily identified removed from the file and the
removal of virus means the removal of the complete file. In this method,
although the virus is not eliminated, it is rendered inactive by moving
the file into "quarantine" and renaming it.
Perform a Full System Scan
Even after the virus is removed from the system, the next step is to
scan the whole system to ensure that no infected files remain.
There are 2 solutions to this problem.
1. Formatting of your laptop. as a result of formatting your laptop, you may loose valuable informations as well as programs.
2. Downloading a Norton 360 antivirus program into your laptop. after download, you can scan and fix viruses. this will work perfectly well.
If your computer doesnt allows you to perform a download, simply download from another computer into an external device such as a USB device and transfer the Norton 360 setup flies to your laptop and run it. after installation process, scan for viruses and fix.
I hope this helps.
It might be really what it says, but chances are you have accidentally
started a "fake virus scam" malware, that acts a bit like a virus, but
with an added function of luring you into paying for some miraculous
anti-virus, that will cure your computer of the multiple "infections" it
has allegedly "discovered". Whether or not it is a real infection, the best idea is to prepare on a clean computer (at a friend for example) a startup antivirus CD,
from which you could boot your computer and run an antivirus program.
You should have an antivirus program always running on your computer. If you have one it should be able to get rid of the virus. If you don't have one or you have one but it can't get rid of the virus, try AVAST. It is free at http://www.avast.com. Once you install avast, it will want to run a sweep before your computer restarts. That is the best way to get rid of a virus, before the virus is activated.
XP Antivirus 2008 is one of the latest counterfeit antispyware that devastates the wolrd wide web. XP Antivirus 2008 usually come up after you installed a video codec that come with Trojan, malware and virus. XP Antivirus 2008 normally generates fake and misleading system popup error messages so end-users will be tricked into purchase XP Antivirus 2008.
This is one of the warnings from the net about this program.
a system restore with disks or a full reinstall may be in your future.... reboot and tap f8 and then boot to safe mode.... does that work ?
Format your disk and Reinstall operating system or find out which all are the infected registry and remove the virus registry contents manually.
or delete (hidden file) autorun.inf from all drives if it exists.