Well, be it right or be it wrong, my usual method of attack is to boot in
Safe Mode, disable most everything in msconfig, delete all the temp
directories (as you said), and then reboot into normal mode. Then,
offline, I install AdAware, Spybot, and lastly the Antivirus (which
requires a reboot. As soon as it reboots I check Task Manager to see if
anything is running that looks suspicious. If it is, I kill it and go
back to msconfig and check if anything has added itself back in. Then I
go online (T1 thru a router... I always put a network card in if there
isn't already one) and update the definitions on all three. On this
particular occassion Norton nailed the W32.Beagle.AV@mm on reboot.
Ordinarily, after updating the definitions, I go back into Safe Mode and
do a full scan with all three apps. This particular time, since it had
already nailed the obvious one, I just ran them in Normal Mode. Norton
found nothing else of any consequence.
Sometimes I'll map the drive on my shop computer and scan it from there.
I've had computers that tried to infect my shop computer that way, but my
antivirus has always intervened.
And the FIRST thing I usually do is mirror the hard drive off onto a
spare, so in case things go bad wrong, I haven't lost any data.
I don't hang around the antivirus newsgroups, although I'm a regular in
alt.privacy.spyware (under a different handle). I probably *should* get
myself a boot floppy to scan with. I imagine that will cost me some bucks
but it'd probably pay in the long run.
But my whole post was just a tidbit about the huge number of files this
guy had on his computer. Hell, I *already* had it fixed!
I've already had 67 years of ass-chewings, so I don't lose much sleep
over them anymore, and sometimes I even learn something from them... :-)

"David H. Lipman" wrote in
:

You stated...

"I have a Compaq 5050 (333Mhz) with Windows 98 that was brought in
because their internet provider was about to suspend them for sending
out virus email."

You make it sound like you are a service center. Well if you are one,
you did this all wrong ! You should have booted from a DOS Disk and
scanned the computer using a Command Line Scanner such as McAfee's
SCAN.EXE or F-Prot's DOS scanner and cleaned the system You should
have then gone into Windows and dumped the TEMP directory and IE cache
and then set the IE cache to a logical and proper size like 10MB.
Then you should have scanned the system using Adaware SE and other
legitimate anti malware software. At the completion is when you
should have installed the AV application.

I suggest you start spending time in the following News groups...

microsoft.public.scripting.virus.discussion
microsoft.public.security.virus
alt.comp.virus
alt.comp.anti-virus

Dave



"Menno Hershberger" wrote in message
...
| I have a Compaq 5050 (333Mhz) with Windows 98 that was brought in
| because their internet provider was about to suspend them for sending
| out virus email. It had no antivirus app installed. I installed
| Norton and it found the Beagle.whatever right away and got rid of it.
| That popped up before I even started a full system scan. So I started
| the scan at about 10:30 last night. At 3 AM this morning it was up to
| 1,900,000 some files and still going strong. When I got up this
| morning it had finished at 2,966,416 files (no virus found). I
| discovered that they had copied the entire Britannica Complete Home
| Library to it. And it still requires the CD to run it! An 8 gig drive
| but still has 3 gigs free.
| I have 3 120-gig drives on my computer (dual boot 98 and XP) and I
| don't
| think I've got NEAR that many files!
|
| --
| -- Puritanism: the haunting fear that someone somewhere may be
| happy. --






--
-- Puritanism: the haunting fear that someone somewhere may be happy. --