Go to dos and cd into the subdirectory it is in. Then type: attrib -r inetd.exe
After doing that you should be able to delete the file. It simply has the read only bit set. If that doesn't work then reboot the system forcing it into the dos mode only upon bootup. Then do the above, and then delete the file before rebooting back to windows. Marshall BROOKS BRADLEY wrote: > Dear Hanan, > I received a private email from Joanne > yesterday and attempted to open the attachement.....my internal protection > programs intercepted the attachment, but merely said there was a corrupted > file > or program. Upon receipt of your email just a while ago, I searched my hard > drive and found the INETD.exe virus file----but none of the others. My > problem > is that I am unable to delete the INETD.exe program ....no matter what trick I > try. I always get the "windows is using the program" prompt when I try to > Delete, move it to Recycle Bin, or the ADD/Remove programs utility. The virus > must have some built-in item to foil such attempts. Do you know of any method > whereby I can eliminate this program? I am not very virus literate---when it > comes to eliminating their embedded programs. If you know of some maneuver > for overcoming my problem I would be ever-so-grateful. I am at home and away > from any help from the office personnel tonight. I can get some assistance > tomorrow, but would certainly like to reconcile this now---if possible. > Sincerely, Brooks. > [email protected] wrote: > > > This was just posted on the beck rife list...same problem there. Directions > > how to fix. > > ~Hanan > > > > <FWD> > > > > I was targeted by a worm sent via an attachment from someone on a > > > > yahoo list I am on. The thing was very sneaky in that it quoted bits > > > > from one of my posts to the list, as thought this gal were replying > > > > to me privately. > > > > After that I couldn't access the list homepage, but luckily I had > > > > some digests to read -- and lo and behold, there were several posts > > > > about this very thing. And even more luckily, one of the members of > > > > the list is an expert in computer security, who posted a description > > > > and fix. I don't think I sent the worm to any of you because I > > > > didn't re-boot between the time I downloaded the file and the time I > > > > did the fix, but I post it in case any of you were hit elsewhere. > > > > <<Subject: The attachment is a worm. > > > > Win32.Badtrans.13312 > > > > Badtrans is a worm spreading via e-mail. The worm replies to all > > > > unread messages and attaches itself using one of the following 16 > > > > names: > > > > fun.pif > > > > Humor.TXT.pif > > > > docs.scr > > > > s3msong.MP3.pif > > > > Sorry_about_yesterday.DOC.pif > > > > Me_nude.AVI.pif > > > > Card.pif > > > > SETUP.pif > > > > searchURL.scr > > > > YOU_are_FAT!.TXT.pif > > > > hamster.ZIP.scr > > > > news_doc.scr > > > > New_Napster_Site.DOC.scr > > > > README.TXT.pif > > > > images.pif > > > > Pics.ZIP.scr > > > > When a user opens the attachment, the worm copies itself to the > > > > Windows directory as: > > > > inetd.exe > > > > and modifies the file win.ini by including the line executing that > > > > program. > > > > Additionally, the Badtrans worm, drops a backdoor trojan > > > > (Win32.Badtrans.21882 Trojan). The worm creates and executes a 21882- > > > > byte file in the Windows System directory: > > > > kern32.exe > > > > and modifies the registry in order to run it on the next reboot: > > > > HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\kernel32=kern32 > > > > .exe > > > > The Trojan, which is in fact a backdoor server also uses its own > > > > library: > > > > hksdll.dll (a 5632-byte file created in the same directory). > > > > To fix: > > > > First: > > > > search your hard drive for the files named INETD.EXE, KERN32.EXE and > > > > CP_23421.NLS. Delete them. > > > > Then: > > > > Run SYSEDIT by clicking START-RUN. On RUN Window type SYSEDIT then > > > > click OK. > > > > In SYSTEM CONFIGURATION EDITOR select the window C:\WINDOWS\WIN.INI > > > > then delete the entry "C:\WINDOWS\INETD.EXE" under RUN key. > > > > All done.>> > > > > -- > > The silver-list is a moderated forum for discussion of colloidal silver. > > > > To join or quit silver-list or silver-digest send an e-mail message to: > > [email protected] -or- [email protected] > > with the word subscribe or unsubscribe in the SUBJECT line. > > > > To post, address your message to: [email protected] > > Silver-list archive: http://escribe.com/health/thesilverlist/index.html > > List maintainer: Mike Devour <[email protected]>
