Came across a computer (not mine) that has an interesting and elusive virus. The owner had no antivirus. I remember reading about it some time ago, but can't recall the name. After hours at Symantec searching & reading, still can't come up with the name.

Here's the symptoms:
On bootup a dialog box appears saying "Not enough memory to run xxxxxxx.EXE" (substitute anything for the x's cause they're different each time), with a "OK" button.
The icons on the desktop run away from the cursor. When you try to scan using updated NAV Rescue disks, it tells you there's nothing on the second DAT disk. When you try to do an Online scan, it closes the browser and disconnects from the internet. (You can surf anywhere, but when the ActiveX controls for the scanner start to download, you're disconnected!)

Anyone know the name of this nasty little bug? Or how to get rid of it, short of reformatting?

Can't remember my nasty virus but it slowed the computer to a crawl and disabled the anti virus program. The only way I was able to get rid of the virus was to add a new hd making it the master add the os and the anti virus program and making the infected hd the slave and attack the virus through the new os. good luck.

Have you tried the mcaffe emergency Virus scan boot disk?Saved my **** more than once.It runs off one disk.Check for a updated one on website.Kinda like a windows boot disk it has its own os so it doesnt matter if dos is infected.It is a real slow scanner but effective.Sounds like you ran into a nasty one.Some kind of Worm possibley?

Also if you do this,download the file and make bootable emergency disk on a clean pc not the infected one.I do this because if the sys files where infected or deleted you will have a bad floppy disk.:) You prob. already knew that but if not I thought it worth mentioning.

Another easy solution(one I have done on laptops and notebooks)is to link through DCC-direct cable connection on the paralell ports.Make sure you have good up to date virus scanner and clean it from your pc.Set yours as Host to connection and allow no shareing on your end as to deter the virus from entering through your port.Useing a firewall like zonealarm will help in this as well.Allow shareing on other pc only and allow to share entire pc(all drives).

Thats been a reliable fall back for me when all else fails-it will even install cd windows95 upgrade onto old laptops with no cdrom.Yes I have had people buy the 95 upgrade,bring me their laptop and scratch their head when I tell them they have no cdrom.Sad world.But I always try the above mentioned method of boot disk first.Good luck!
:)

It is one of the many strains of the W32.Magistr virus.

A friend of mine got a virus and she had the latest virus protection installed on her computer .
But it wouldn't remove the virus. I deleated the virus protection on the harddrive, then installed it in my computer as a slave drive.
I had Norton Anti Virus 2002 with latest updates, Booted up and ran a scan on the entire system and it removed it without any problems.

Then I installed Norton 2002 antivirus on the drive, reinstalled.

It's been fine since.

Thanks Everyone for the input. I used Norton Rescue disk set with updated dat files from an uninfected machine. When it got to the second definition disk I got a dialog saying there was either corrupt or no files on the disk. I know better cause I ran them on another machine and they were good. I suspect the virus was causing this.

Also considered removing the drive & slaving it to another in a clean machine, but feared it might infect it.

Will check out the McAfee site. Last time I was there I was surprised to see they charge for online scans now!

Will also check out info on W32.Magistr.

It'd be so much easier if she had her OS & other software. A good formatting never hurts...

Thanks again, All.

my experience has been that mcafee and norton antiviruses are disabled, but trend works ok (for now).... sometimes housecall has failed to work (where active-X is affected, but the trial download works).... i'm sure the virus writers will get around this oversight...