Quarantined virus - Deltree Trojan

  User-83E74221-59BB-44B9-B3984A44B4CD68B1 11:43 16 Aug 2003

An antivirus system scan, using Norton 2002, revealed a virus in a file: C:image\tools. Norton said it couldn't repair it, so it is currently sitting in the Quarantine folder (shown as delete.bat) making me nervous. Having checked on the Symantec site, this trojan attempts to use the Deltree program to delete all the files from the C drive. Deltree Trojan usually replaces the contents of the Autoexec.bat file with the line: deltree c: /y.

My question is, is it safe to delete the quarantined file or could doing so mess up Autoexec.bat? I am not at editing Registry level. My PC seems to be working fine.

Any advice will be appreciated.

  DieSse 11:58 16 Aug 2003

Yes. it's perfectly safe to delete any files in Quarantine. It won't affect your autoexec.bat file in any way.

  pj123 11:59 16 Aug 2003

If you have a file autoexec.bat I assume you are using Win98? Find the file and rename it autoexec.old Now delete the file in the Quarantine folder and reboot. Windows doesn't actually need autoexec.bat but it will make a new one when you reboot. If anything goes wrong find the autoexec.old file and rename it autoexec.bat and reboot again.

  pj123 15:39 16 Aug 2003

What is the actual name of the virus? I have looked on the McAfee site and deltree is not listed as a virus.

  DieSse 18:06 16 Aug 2003

pj123 - thanks for your reply. Yes, I am using Win98 SE. I seem to have several Autoexec.bat files in different places:

Do you know what is the function of autoexec.bat?

Thanks all for comments so far.

  DieSse 23:09 16 Aug 2003

If your virus has been quarantined, you don't need to do anything with the autoexec.bat file. If it had been infected you would know - yur system would be useless by now.

The only autoexec.bat file which has any use is the one in the C root directory. The ones in image and recovery folders are just in copies made for various reasons - allk backups or security copies.

What autoexec.bat (and it's companion config.sys) actually do, is to run when the system starts, before windows is loaded, and set up variuos parameters for the system - they're a hangover from DOS days.

Sonce your system is working fine, and the AV has caught the virus and put it into quarantine (as it is supposed to do) - then you can just clear the virus from quarantine, as I said earlier.

  DieSse 23:11 16 Aug 2003

There is absolutely no need or no reason to do anything with your actual autoexec.bat file - indeed, if you do mess with it it is possible you may stop things working correctly (depending on what is in it).

  pj123 14:35 17 Aug 2003

Time Lord, not nicking your thread but would just like to say thanks to DieSse for the link. Strange how McAfee hasn't got this listed. Now back to Time Lord. If your computer is working OK and booting in to windows then everything DieSse says is good. Your autoexec.bat file has not been modified. If you want to look at it open notepad or wordpad and open autoexec.bat from the C:\ root. Have a look and if there is a line that says deltree c: /y type rem in front of it. Save it and close it.

Thanks DieSse and pj123 for taking the time to help me out. Have deleted the virus from Quarantine.

pj123 - re: your comment about the trojan not being mentioned on the McAfee site, I think the reason is that McAfee seems to call viruses by different names to Norton e.g. they call this latest blaster worm something else.

This thread is now locked and can not be replied to.

Elsewhere on IDG sites

The Evil Within 2 review-in-progress

Adobe shows still-in-development tools, including automatically colourising black-and-white photos

iPhone X news: Release date, price, new features & specs

Comment transformer un iPhone en borne Wi-Fi ?