One can also reset file properties in "winfile" Winfile is a most useful program that few knows exist. Click "start", "Find" Files and folders. Type in "winfile" Drag the little yellow filing cabinet onto the desktop to make a shortcut. Ken
At 02:44 PM 8/9/01 -0400, you wrote: >Go to dos and cd into the subdirectory it is in. Then type: > >attrib -r inetd.exe > >After doing that you should be able to delete the file. It simply has the read >only bit set. > >If that doesn't work then reboot the system forcing it into the dos mode only upon >bootup. Then do the above, and then delete the file before rebooting back to >windows. > >Marshall > >BROOKS BRADLEY wrote: > >> Dear Hanan, >> I received a private email from Joanne >> yesterday and attempted to open the attachement.....my internal protection >> programs intercepted the attachment, but merely said there was a corrupted file >> or program. Upon receipt of your email just a while ago, I searched my hard >> drive and found the INETD.exe virus file----but none of the others. My problem >> is that I am unable to delete the INETD.exe program ....no matter what trick I >> try. I always get the "windows is using the program" prompt when I try to >> Delete, move it to Recycle Bin, or the ADD/Remove programs utility. The virus >> must have some built-in item to foil such attempts. Do you know of any method >> whereby I can eliminate this program? I am not very virus literate---when it >> comes to eliminating their embedded programs. If you know of some maneuver >> for overcoming my problem I would be ever-so-grateful. I am at home and away >> from any help from the office personnel tonight. I can get some assistance >> tomorrow, but would certainly like to reconcile this now---if possible. >> Sincerely, Brooks. >> [email protected] wrote: >> >> > This was just posted on the beck rife list...same problem there. Directions >> > how to fix. >> > ~Hanan >> > >> > <FWD> >> > >> > I was targeted by a worm sent via an attachment from someone on a >> > >> > yahoo list I am on. The thing was very sneaky in that it quoted bits >> > >> > from one of my posts to the list, as thought this gal were replying >> > >> > to me privately. >> > >> > After that I couldn't access the list homepage, but luckily I had >> > >> > some digests to read -- and lo and behold, there were several posts >> > >> > about this very thing. And even more luckily, one of the members of >> > >> > the list is an expert in computer security, who posted a description >> > >> > and fix. I don't think I sent the worm to any of you because I >> > >> > didn't re-boot between the time I downloaded the file and the time I >> > >> > did the fix, but I post it in case any of you were hit elsewhere. >> > >> > <<Subject: The attachment is a worm. >> > >> > Win32.Badtrans.13312 >> > >> > Badtrans is a worm spreading via e-mail. The worm replies to all >> > >> > unread messages and attaches itself using one of the following 16 >> > >> > names: >> > >> > fun.pif >> > >> > Humor.TXT.pif >> > >> > docs.scr >> > >> > s3msong.MP3.pif >> > >> > Sorry_about_yesterday.DOC.pif >> > >> > Me_nude.AVI.pif >> > >> > Card.pif >> > >> > SETUP.pif >> > >> > searchURL.scr >> > >> > YOU_are_FAT!.TXT.pif >> > >> > hamster.ZIP.scr >> > >> > news_doc.scr >> > >> > New_Napster_Site.DOC.scr >> > >> > README.TXT.pif >> > >> > images.pif >> > >> > Pics.ZIP.scr >> > >> > When a user opens the attachment, the worm copies itself to the >> > >> > Windows directory as: >> > >> > inetd.exe >> > >> > and modifies the file win.ini by including the line executing that >> > >> > program. >> > >> > Additionally, the Badtrans worm, drops a backdoor trojan >> > >> > (Win32.Badtrans.21882 Trojan). The worm creates and executes a 21882- >> > >> > byte file in the Windows System directory: >> > >> > kern32.exe >> > >> > and modifies the registry in order to run it on the next reboot: >> > >> > HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\kernel32=kern32 >> > >> > .exe >> > >> > The Trojan, which is in fact a backdoor server also uses its own >> > >> > library: >> > >> > hksdll.dll (a 5632-byte file created in the same directory). >> > >> > To fix: >> > >> > First: >> > >> > search your hard drive for the files named INETD.EXE, KERN32.EXE and >> > >> > CP_23421.NLS. Delete them. >> > >> > Then: >> > >> > Run SYSEDIT by clicking START-RUN. On RUN Window type SYSEDIT then >> > >> > click OK. >> > >> > In SYSTEM CONFIGURATION EDITOR select the window C:\WINDOWS\WIN.INI >> > >> > then delete the entry "C:\WINDOWS\INETD.EXE" under RUN key. >> > >> > All done.>> >> > >> > -- >> > The silver-list is a moderated forum for discussion of colloidal silver. >> > >> > To join or quit silver-list or silver-digest send an e-mail message to: >> > [email protected] -or- [email protected] >> > with the word subscribe or unsubscribe in the SUBJECT line. >> > >> > To post, address your message to: [email protected] >> > Silver-list archive: http://escribe.com/health/thesilverlist/index.html >> > List maintainer: Mike Devour <[email protected]> > >
