win95.sk

[galooma]

all disk cleanup does is clean out your temp files, if you look at where the problem file is you will notice thats where its sitting.
the longer they sit on your system ,the more likely they have migrated onto the system files as well.
If you havent noticed any strange behaviour (popups,redirections) then a cleanup should rid you of it.
if thats the case then a format shouldnt be nessesary.

[sillydogs]

Thank You......Thank You.......You are the man. or woman....GRINNING.....politically correct......PERSON......

So glad that's over.........sheeeew.
 Has this virus win95.sk hit a lot of people?

[galooma]

No iv`e never seen it before . I guess if you were to google search for it you might find out more but if it aint broke etc
good luck and hope to see you back 

[sillydogs]

Why Thank you...she curtsy's... .... just for the record Here is some stuff I found on this virus, it originated in Russia. My question being that if its for 95/98 operating systems how could it affect my xp?
Just for future people looking about this virus:

This is a parasitic Windows virus. It spreads under Windows95/98, installs its copy into Windows memory, hooks file access functions and infects PE (Windows Portable Executable) files. The virus also affects Windows help files (.HLP) - it modifies them so that when they are activated, the virus code is dropped on disk and executed. The virus also adds its droppers to four types of archives: RAR, ZIP, ARJ and HA. The virus droppers in HLP files and archives have DOS COM file format and are executed in DOS box, but they are able to install virus code into Windows memory as well as infected Windows executables (see below).
The virus code is encrypted with polymorphic routines in both DOS droppers and Windows PE files. In case of Windows files the virus also uses "Entry Point Obscuring" (EPO) technology: the virus code does not get control immediately when an infected file is executed. The JMP_Virus instruction in most of cases is places somewhere in infected file body, not in file header and not at file startup address, and is executed only when corresponding program's branch takes control.

The virus is a "slow infector": before infecting it checks many conditions and as a result affects very few files on the computer - only just about ten EXE files in standard Windows95/98 installation. The same for HLP files and archives - very few of them may be infected. The virus also delays its infection routine for one minute before first infection, and infects HLP files and archives only in case there was no access to these files during two minutes.

The virus is very dangerous. When disk files are accessed, it checks their names and in case of several anti-virus program (ADINF, AVPI, AVP, VBA, DRWEB) the virus deletes all files in all directories on all disks from C: till Z: that the virus is able to delete, and then halts the system by the Fatal_Error_Handler VMM call.

http://www.avp.ch/avpve/newexe/win95/sk.stm

                                                                                          christi

[Boris]

Hello sillydogs. Just read some of the replys and I have to tell you this. What you have is a very nasty and dangerous virus. Win95.sk is also polymophic in that it changes it's structure in memory so the AV programs have a hard time finding it. Also it hooks various files and deletes some AV program files so they cannot detect it. To remove it try this.  Write or copy the directory where it is located. Boot in safe mode with the command prompt. Then using Dos commands such as cd documents and keep going till you get to the last directory. Dos has an eight charcter limit. If in doubt do a scroll and check the lengths of the file names. If they are long then type them as you see them. When you find win95.sk delete it. It should be no problem but it might give you a problem as it also runs in dos. Try running ONE AV program. Do not run or have installed on your system more then one as that can lead to various problems. Myself I have used AVast for awhile and have had no problems with viruses. The Zonealarm you are using does not do a very good job of removing viruses. Use Zonealarm pro and get a better antivirus program like Avast. I have tried about thirty (30) different programs and the best ones I will not list here but Avast is in the top five. If you have any questons just post on the forum.
I hope I was not to TECHY. Just trying to help. Been in computers for 25 years. Was around when McAfee started in the mid 1980's

[galooma]

Im guessing that somewhere a long time ago when your PC was running win 95/8 you had this virus and it was not completely removed in that there is / was an entry left in your temp files  that just stayed there dormant. For this to ever eventuate now suggests that when you upgraded , you installed win xp straight on top of win95/8. thereby retaining all your settings and files, temps and all.

Either way, by the description i dont think it represents a threat to your system now but you should be the ultimate judge of that. If you have unexplainable behaviour on your pc. If it starts dialling out , if you get re-directed to sites you dont want etc then i suggest you do one last thing to be sure.
http://www.kaspersky.com/remoteviruschk.html
this is kapersky`s on line scan which will be a big download on dial up but if you get through that clean then trust me they have the biggest deepest scan around and you will be clean. As you saw they were the people who reported this in the first place.

good luck