Eraser Virus Hotline.
I am not an expert on Virus removal, and you should know that I ultimately formatted my hard drive to fix this, but here's what I understand:
- There is an email reproduced below that has specifics on how to deal with this virus using Dr. Solomon's virus scanner.
- The virus in the installer was the Anxiety.II.1600 virus.
- If you have to ask if you've been virused, chances are you haven't: the virus seems to quickly infect executable files on your system, and it won't be long before applications cease working and you experience unusual freezes, error messages and crashes.
- It may be possible to kill off the virus by searching for executable files that were modified since you were infected and deleting them and reinstalling them. I was told by one user that this worked.
- The latest Norton Anti-Virus seems to be quite effective against this virus (I was told by one user he was able to use the Eraser installer after cleaning it with Norton). the latest Norton AV can be found here.
- I received a suggestion that .dll checking be turned on in my virus scanner to help prevent what happened. This is a misconception: the virus was not in the Eraser bot .dll itself, it was the executable installer that was infected.
- If you find you need to reformat, you should be able to safely move data to floppy disks by booting to a command prompt.
I will add any helpful information that comes in on this subject as it arrives.
Date: Fri, 06 Feb 98 132420 GMT
From "Neil Cowie" neil.cowie@uk.drsolomon.com
Subject Anxiety Virus InformationHi,
As a Quake player myself, I was most disturbed about the infected Eraser Bot release. I have had several people contacting me about this virus and how to get rid of it. I wondered if you could post this information given below ....
The Anxiety.b virus (or AnxietyII as Norton calls it) is a Windows 95 only overwriting virus that does not try to append itself onto a file, but tries to fit itself into a usually unused space within a Windows 95 .EXE file. Unfortunately the 'b' variant is slightly longer than the original and very often overwrites parts of the .EXE, causing unreliable execution or even a system crash, this is aswell as the destructive payload of the virus!
The latest version of our scanner FindVirus detects this virus and a free trial version is available for download at
Unfortunately due to the overwriting nature of this virus no reliable repair is possible as the virus does not save that data that it has overwritten. When FindVirus is told to disinfect any files with this virus it will by default rename them to *.VXE to prevent any future execution of the virus.
If Windows or any other programs subsequentialy complain about missing files it is probably due to this renaming of infected files. If you want to delete the infected files you can set this option in FindVirus or manually search for *.VXE.