igg.exe and the sabregroup

Made a dumb mistake by opening up a .doc.pif file sent to me by an outfit called sabregroup. The file init. an exe called igg.exe. The file has ******* up my norton antivirus auto start function. Whenever I start my machine norton comes up for a second in the toolbar then it shuts down. If I execute it manually it will close itself in a matter of seconds. Have found the file and deleted it but it has made some invisible imprint somewhere. Have stopped from executing in msconfig but unable to keep norton up and running.

Has anyone seen this and how do I get norton to execute the way it should. Sent a reply back to the sender of email but came back address unknown.

Any thoughts would be appreciated.

 

OS?

 

Windows 98SE. No matter how many times I find the file igg.exe and delete it it comes back. The article that I opened was labelled 1998news.doc.pif. Read to fast and thought it was a .pdf file. Always unless I know the sender I delete anything like this but this time I ******* up. Eudora 5 is my email sft. Its not in any .ini file nor part of auto or config files. When I remove it from msconfig it somehow keeps coming back when I reboot and try to open Norton 2000 antivirus.

Only thing I can find on the web when I search for igg.exe it comes back in a german or something.

Have uninstalled Norton Antivirus and reinstalled but that didnt help.

Help...

 

At a guess it was one of the Klez variants. They try to disable any AV programs as part of their normal routine.

You probably should try one or two or three of the many online AV scanners. You can find links by searching this section for online scanner*.

As to the email that did the deed, probably the apparent sender had nothing to do with it (a random name from the address book of an infected PC) and very likely the virus put an underscore in front of the email address so that a reply from you wouldn't go anywhere.

 

Yep, it was a virus the name is worm_bugbear.a

How this bug got through my virus scanner is unknown to me. The reason I was not able to erradicate through normal means is because it created 2 files in my windows directory. One called hccf.exe and fuulzll.dll. Used Housecall from the web and this is what it found. So far deleting those files from dos has not caused anything to fail. So making an assumption they are not windows files. Will have to do some searching on that to make sure.

Funny thing is I just updated my pattern file this morning so really not sure how it got through to me.

Thanks for your assistance.