Here's the low down on what happened.

My moms PC has Norton Antivirus 2000 on it. She let her subscription for the updates expire almost a year ago. I told her over and over to get the subscription renewed, but she only got around to doing it today when I came over.

Once the subscription was updated, we downloaded all the past virus definitions, there were a ton of them. After they installed on her PC, the virus alert went off, catching not one, but two virus's on her machine. The first one was safely quarrentined and I thought the second one was also, but I was wrong.

I think what happened was that she downloaded something containing the virus and inadvertently put it in to her PC. Once the Norton was updated, instead of blocking the virus from entering the system, all it could do was to identify that it was already installed. I quarrentined it, but not until it apparently did it's damage.

Her PC now has no function, apparently from the virus removing the SirC32.exe. I have no idea what this is, or where it's from, but without it no applications can be opened. None. When an application is attempted a screen pops up stating that the SirC32.exe can not be found. It prompts the user to look for it on the PC, but it's not there as far as I can tell. I tried using the Win 98 disc to pull it from there to reinstall, but that didn't work either.

From the looks of things, both virus's are currently in quarrentine, so that's the good news. The bad news is that I have no idea how to get that missing file back on to her computer.....and until I do she's got the worlds most expensive paper weight sitting on her desk.

Any of you tech guys know how I can solve this problem? If I left out anything that might be important, just ask. Thanks for the help....as usual I greatly appreciate it.

P.S.- No, I don't remember the name of the virus that's involved....sorry.

And while we are on the subject Here's info on the latest. I get this one twice a day!

Hello,

This mail comes to you from the Virus Emergency Response Team
at Proland Software.

A new variant of Badtrans.A worm has been discovered in the
wild, called the Win32/Badtrans.B worm. This worm is spreading
rapidly via the Internet.

About the Win32/Badtrans.B Worm:

Win32/Badtrans.B is a worm that spreads using MS-Outlook and
Outlook Express. This worm infects Windows systems.

The worm arrives with the subject as reply to an email sent
earlier by you with a prefix 'Re:'. This worm is potential of
sending the system critical information using a trojan, dropped
by the worm itself.

You can read more about this worm at:
[URL]http://www.protectorplus.com/virus_info/worms/badtransb.htm[/URL]

Paul...

Are you sure that this tool from Symantec is for the virus my moms PC has? I'm sure you know what you're talking about, but how is that since I didn't actually name the virus involved?

Second question...
Since her machine is so screwed up, should I download the Symantec tool, burn it and then install it on to her machine? I don't think she can even get online to download it from her machine. I'm not even sure that her machine will be able to open a burned CD to install the tool.

Thanks for the speedy reply.....HUGE help.

The filename in question here (Sirc32.exe) is the dead giveaway that you have the Sircam virus. The tool that Paul suggested should take care of the problem, assuming that you can get the machine to boot.

If you have not tried yet, attempt to boot into safe mode. From there you should be able to run Fixsirc from the floppy or CD-ROM drive. If it also will not boot into safe mode, things get much more ugly. If we are dealing with Win98 or later, you may be able to use a windows boot disk to run scanreg.exe (you may have to get this from a running machine out of the C:\windows\command directory). If you are lucky, scanreg will list a registry backup for a date before the PC was infected with the SirCam virus. You can then restore that version of the registry and the machine should boot normally.

Good Luck, hopefully you will not need it...

Thanks for the help everyone.

I've downloaded the removal tool from Symantec, as well as the manual removal instructions. I have also burned the removal tool on to a disc.

With a little luck I'll be able to run the disc on her PC in safe mode and get rid of the virus.

If not, I'll try to manually remove it.

Seriously...with out the help I got here...especially from Paul, I would have had no idea how to deal with this. I've learned something tonight, and a little better prepared for this sort of thing in the future. Thanks a lot![beer]

Sorry I'm late to the party, as already noted, Paul nailed it. And SirCam is one of the nastiest little things out there.  while the news was focused on the Code Red virus this summer (which affects servers and the like...not so much home computers), SirCam was wreaking havoc.  It has it's own little email "engine" and emails your friends...it can prevent you from running any "exe" program.

The automatic removal tool is the easiest, but if SirCam has already disabled your "exe" capability, it can take quite a few fairly detailed steps to remove it.

I've helped two friends with it, one using the automatic tool, the other was already messed up quite a bit, and we did the manual fix.  Which worked great, but it was kinda tedious.

In General, you can do the following to reduce the risk of getting a virus -
1) Don't open attachments that end in .vbs, .exe, .scr.

2) Keep your virus protection program up to date.

3) Use Windows update. This will fix stuff that many viruses exploit.

4) Uninstall Outlook, or Outlook express. If you use them then download or buy another e-mail manager program.

5) Avoid Microsoft software whenever possable.

6) Don't use Windows unless you have no other choice.

7) Disable scripting in Windows. Very few programs take advantage of it and many viruses do!
Go to the "Add/Remove Programs" Control pannel, select the "Windows Setup" tab, and select "Accessories", click the "Details. . ." button, and uncheck "Windows Scripting Host". It's that simple!