This message was posted to the old
"wwwboard"-based forum; for the current forum,
I keep these old messages here mostly because people keep finding them in Web searches, and I hate broken links. Most of those searches are about the FunLove virus, or the "Elf Bowl" game. These old postings should not be considered authoritative on those subjects!
For information on FunLove, I suggest anti-virus Web sites, like this and this. If you're wondering if the Elf Bowl game is a virus, try here or here. For Elf Bowl and related games, try a Google search, or perhaps some possibly related website like this or this.
In Reply to: Re: funlove virus posted by rafa on November 11, 2000 at 00:14:43:
The only effective FIX I have found for win98 (similar in NT) is:
FIRST AND FOREMOST!!! UNPLUG THE NIC!! FLCSS will infect other computers on the network and make it IMPOSSIBLE in that circumstance to get rid of it effectively. If you are in this position, SHUT DOWN ALL THE COMPUTERS and DISCONNECT THE ETHERNET CABLES!! Then fdisk/mbr, Debug,Fdisk,Format, and reinstall them all. It sucks but that's why IT guys make mad cash.
Now, next, for home users, unplug the NIC and then use a tool like enumeration X to kill the flcss.exe hidden process. THEN, you can delete the FLCSS.EXE in c:\windows\system. Next, you need to scan the computer for flcss.* and delete anything you find. THEN, you need to run your antivirus. Now, here, you run into a problem. On my test system, the antivirus programs seem to become infected themselves, and are unable to clean themselves, and in the process of scanning, you reinfect your other files. Nasty, but effective. I HIGHLY recommend uninstalling the antivirus program, then DELETING anything left in c:\program files\Symantec, program files\Norton or anything similar. NEXT, reinstall the antivirus, and download the latest updates. I KNOW you had to put the Ethernet cable back in to do that, cable modem folks. So unplug it again. NOW, you can scan the whole hard drive. Hell, do it in safe mode to be paranoid. Now, you found a BUNCH of stuff and the cleaning of each file was successful I hope. Then, you can go to windowsupdate.com and download all the critical updates. (I saw you plug in that cable modem!)
Funlove exploits a security hole in windows to gain easy access to your system. There ARE updates, but until you get them, you can EASILY be reinfected. Norton and McAffee can't safe you, and neither can Guarddog.
AFTER ALL THE ABOVE HAS BEEN DONE, you will let the computer reboot when windows update wants it to. If Windows update does NOT ask for a reboot after installing the updates, close all running programs and