Solve : PLEASE HELP VIRUS W32.WALLZ?

1.	Solve : PLEASE HELP VIRUS W32.WALLZ?
Answer» Every time I format then as soon as I connect to the internet, the virus is attached to my pc. I USE NAV with upgrade but it can't remove it I try Trend micro housecall still it can't remove I still have the virus alert from Norton C:\WIN/SYSTEM32\MOUSEHS.EXE VIRUS NAME: W32.WALLZ I try to remove it from safe mode no luck my screen keeps frozen and sometime can't turn off or restart. Does it happen to anyone?, I've checked with Microsoft support , I have modified registry according to them, but no luck Thanks try reformatting again, this time, before you connect to the internet you should install norton. also, you should put the virus fix or patch onto a cd or something and load it on before you plug into the internet. i had a similar problem last year, just a different virus. it must have been attached to my ip or something. but the above worked for me, so try it out. Quote try reformatting again, this time, before you connect to the internet you should install norton. also, you should put the virus fix or patch onto a cd or something and load it on before you plug into the internet. i had a similar problem last year, just a different virus. it must have been attached to my ip or something. but the above worked for me, so try it out. I have formated twice, and reinstall Norton then scan,also ad aware and spy bot You're right the virus is attached to RANDOM IP now how do you put the virus fix or patch into a CD??? May i suggest you disconnect fom the net.....and scan again in safe mode......and quarentine the virus in nav.....by reformatted a pc does not kill all the bugs!kopenhagen..... Several questions ...... 1.....Do you have the system restore feature turned off ? 2.....Which version of Norton are you using and is it up to date re subscription and updates ? 3.....Does Norton find the virus and indicate where it is residing ? 4......Have you made the deletions and modifications to the registry as detailed by symantec ........ http://securityresponse.symantec.com/avcenter/venc/data/w32.wallz.html Let us know dl65 Quote kopenhagen..... Several questions ...... 1.....Do you have the system restore feature turned off ? it is ON 2.....Which version of Norton are you using and is it up to date re subscription and updates ? I have NAV 2002, updates and subscription TILL 6/2006 3.....Does Norton find the virus and indicate where it is residing ? c:\MSDIRECTX.SYS C:\WIN\SYST32\MOUSEHS.EXE 4......Have you made the deletions and modifications to the registry as detailed by symantec ........ http://securityresponse.symantec.com/avcenter/venc/data/w32.wallz.html Let us know dl65 1/SYS RESTORE IS ON 2/NAV 2002, UPDATES AND SUBSCRIPTION TILL 6/06 3/ C:\MSDIRECTX.SYS C:\WIN\SYS32\MOUSEHS.EXE 4/ This is the tricky part, I have afew questions "EnableDCOM" = "Y" I DID BUT WHEN I RESTART THE PC, IT BECOMES "N" UNLESS I HAVE TO SAVE IT AND HOW? to the registry subkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole to enable DCOM. Adds the value: "restrictanonymous" = "dword:00000001" I RIGHT CLICK,MODIFY ,BUT CAN'T PUT DWORD: 00000.. to the registry subkey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa to restrict anonymous access to network shares. Creates the following file, which is not malicious: %Windir%\Debug\dcpromo.log I DID ANYWAY, I scan on live with House call trend micro,symantec, AND mc affee NOne of them can't remove this virus? ThanksRemoval Instructions 1) Disable System Restore (Windows Me/XP). 2) Update the virus definitions. 3) Run a full system scan and delete all the files detected as W32.Wallz. 4) Delete the value that was added to the registry. Have you done the first 3 things yet? You may need KillBox to delete the file. http://spywareinfo.com/~merijn/files/ Quote Removal Instructions 1) Disable System Restore (Windows Me/XP). 2) Update the virus definitions. 3) Run a full system scan and delete all the files detected as W32.Wallz. 4) Delete the value that was added to the registry. Have you done the first 3 things yet? You may need KillBox to delete the file. http://spywareinfo.com/~merijn/files/ 1/CAN'T DISABLE IT, IT'S FROZEN 2/I DID ALREADY 3/ IF I CAN DELETE , I DON'T NEED TO POST THIS THREAD I DELTE MSDIRECTX.SYS IN SAFE MODE,WHEN PC REBOOTS IT'S STILL THERE. NORTON ALERT C:\MSDIRECTX.SYS VIRUS NAME: Hacktool.Rootkit C:\WIN\SYS32\MOUSEHS.EXE VIRUS NAME: W32.WALLZ Thanks for your help Make a directory called C:\Hijack then go to http://www.hijackthis.de/index.php?langselect=english and download Hijackthis into the directory you made. Bookmark the above site for later. Start Hijack, run a scan, save the scan, go back to the bookmarked site and get your saved scan analysed. Take appropriate actions or post your scan in here (you will need a few posts to do it because of it's length)Obviously, you are installing software that brings the virus along. Quote Obviously, you are installing software that brings the virus along. you obviously don't know about Virus attacking Random IP Good luck Quote Make a directory called C:\Hijack then go to http://www.hijackthis.de/index.php?langselect=english and download Hijackthis into the directory you made. Bookmark the above site for later. Start Hijack, run a scan, save the scan, go back to the bookmarked site and get your saved scan analysed. Take appropriate actions or post your scan in here (you will need a few posts to do it because of it's length) Thanks, I have scanned it, I have located the malicious file but still can't remove it MOUSEHS.EXE Logfile of HijackThis v1.99.1 Scan saved at 3:31:07 PM, on 6/26/2005 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\NORTON~1\navapw32.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\Documents and Settings\A\Local Settings\Temp\Temporary Directory 1 for hijackthis_199.zip\HijackThis.exe C:\WINDOWS\system32\1.tmp C:\WINDOWS\System32\wmplayer.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.geocities.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.geocities.com/ F2 - REG:system.ini: UserInit=userinit.exe,xpjava.exe O2 - BHO: (no name) - {54EE0AE1-2951-AF60-CB4B-465A304E316E} - C:\WINDOWS\System32\FYI\xteivderqx.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe O4 - HKLM\..\Run: [System hoster] longwin32.exe O4 - HKLM\..\Run: [Explorer] explorer.exe O4 - HKLM\..\Run: [Services] C:\WINDOWS\system32\1.tmp O4 - HKLM\..\Run: [SECRETSERVICE] C:\WINDOWS\System32\n0m0r3\v1rg.exe O4 - HKLM\..\Run: [udtgrr] c:\windows\system32\pxhiwt.exe r O4 - HKLM\..\Run: [Anti-Virus Update Scheduler V1.39.12R] C:\WINDOWS\system32\1.tmp O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [Windows Media Player] wmplayer.exe O4 - HKLM\..\RunServices: [System hoster] longwin32.exe O4 - HKLM\..\RunServices: [Explorer] explorer.exe O4 - HKLM\..\RunServices: [Windows Media Player] wmplayer.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1119422031463 O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,4519/mcfscan.cab O23 - Service: Shaw Secure (BackWeb Plug-in - 3875767) - UNKNOWN owner - C:\PROGRA~1\SHAWSE~1\backweb\3875767\Program\SERVIC~1.EXE (file missing) O23 - Service: fsbwsys - Unknown owner - C:\Program Files\Shaw Secure\backweb\3875767\program\fsbwsys.exe (file missing) O23 - Service: Windows lsass Service (lsass) - Unknown owner - C:\WINDOWS\lsass.exe O23 - Service: Mouse Hardware Sync (mousehs) - Unknown owner - C:\WINDOWS\System32\mousehs.exe O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe delete this in hi-jack this......O2 - BHO: (no name) - {54EE0AE1-2951-AF60-CB4B-465A304E316E} - C:\WINDOWS\System32\FYI\xteivderqx.dll delete what you think should not be there.....dont worry as hij back up filesDid you get your log file analysed at the hijackthis site as I suggested? You have got a couple of nasties there. Anyway, this is just crazy, why don't you re-format, then install OS, antivirus, antispyware & a firewall before you connect to the internet and it's fixed? Quote Did you get your log file analysed at the hijackthis site as I suggested? You have got a couple of nasties there. Anyway, this is just crazy, why don't you re-format, then install OS, antivirus, antispyware & a firewall before you connect to the internet and it's fixed? I did scan and analysed etc.. HOWEVER, I just reformated for 3rd times this week now I understand 2 things 1/ my ip was attacked by a virus as soon as I connect to the internet 2/ before I connect I should ENABLE my firewall! I'm just wondering it is offered by SP2? Anyway, I just enable my firewall through network connection, so far this famous virus is not back there yet Thanks for all your help guys! keep up the work

Answer»

Every time I format then as soon as I connect to the internet, the virus is attached to my pc.

I USE NAV with upgrade but it can't remove it

I try Trend micro housecall

still it can't remove

I still have the virus alert from Norton

C:\WIN/SYSTEM32\MOUSEHS.EXE
VIRUS NAME: W32.WALLZ

I try to remove it from safe mode no luck

my screen keeps frozen and sometime can't turn off or restart.

Does it happen to anyone?, I've checked with Microsoft support , I have modified registry according to them,
but no luck

Thanks

try reformatting again, this time, before you connect to the internet you should install norton. also, you should put the virus fix or patch onto a cd or something and load it on before you plug into the internet. i had a similar problem last year, just a different virus. it must have been attached to my ip or something. but the above worked for me, so try it out. Quote

try reformatting again, this time, before you connect to the internet you should install norton. also, you should put the virus fix or patch onto a cd or something and load it on before you plug into the internet. i had a similar problem last year, just a different virus. it must have been attached to my ip or something. but the above worked for me, so try it out.

I have formated twice, and reinstall Norton then scan,also ad aware and spy bot

You're right the virus is attached to RANDOM IP
now how do you put the virus fix or patch into a CD???
May i suggest you disconnect fom the net.....and scan again in safe mode......and quarentine the virus in nav.....by reformatted a pc does not kill all the bugs!kopenhagen..... Several questions ......

1.....Do you have the system restore feature turned off ?

2.....Which version of Norton are you using and is it up to date re subscription and updates ?

3.....Does Norton find the virus and indicate where it is residing ?

4......Have you made the deletions and modifications to the registry as detailed by symantec ........ http://securityresponse.symantec.com/avcenter/venc/data/w32.wallz.html

Let us know

dl65

Quote

kopenhagen..... Several questions ......

1.....Do you have the system restore feature turned off ?
it is ON
2.....Which version of Norton are you using and is it up to date re subscription and updates ?
I have NAV 2002, updates and subscription TILL 6/2006
3.....Does Norton find the virus and indicate where it is residing ?
c:\MSDIRECTX.SYS
C:\WIN\SYST32\MOUSEHS.EXE

4......Have you made the deletions and modifications to the registry as detailed by symantec ........ http://securityresponse.symantec.com/avcenter/venc/data/w32.wallz.html

Let us know

dl65

1/SYS RESTORE IS ON

2/NAV 2002, UPDATES AND SUBSCRIPTION TILL 6/06
3/ C:\MSDIRECTX.SYS
C:\WIN\SYS32\MOUSEHS.EXE

4/ This is the tricky part, I have afew questions

"EnableDCOM" = "Y"
I DID BUT WHEN I RESTART THE PC, IT BECOMES "N" UNLESS I HAVE TO SAVE IT AND HOW?

to the registry subkey:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole

to enable DCOM.

Adds the value:

"restrictanonymous" = "dword:00000001"
I RIGHT CLICK,MODIFY ,BUT CAN'T PUT DWORD: 00000..

to the registry subkey:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa

to restrict anonymous access to network shares.

Creates the following file, which is not malicious:

%Windir%\Debug\dcpromo.log

I DID

ANYWAY, I scan on live with House call trend micro,symantec, AND mc affee
NOne of them can't remove this virus?

ThanksRemoval Instructions
1) Disable System Restore (Windows Me/XP).
2) Update the virus definitions.
3) Run a full system scan and delete all the files detected as W32.Wallz.
4) Delete the value that was added to the registry.

Have you done the first 3 things yet?
You may need KillBox to delete the file.
http://spywareinfo.com/~merijn/files/

Quote

Removal Instructions
1) Disable System Restore (Windows Me/XP).
2) Update the virus definitions.
3) Run a full system scan and delete all the files detected as W32.Wallz.
4) Delete the value that was added to the registry.

Have you done the first 3 things yet?
You may need KillBox to delete the file.
http://spywareinfo.com/~merijn/files/

1/CAN'T DISABLE IT, IT'S FROZEN
2/I DID ALREADY
3/ IF I CAN DELETE , I DON'T NEED TO POST THIS THREAD
I DELTE MSDIRECTX.SYS IN SAFE MODE,WHEN PC REBOOTS IT'S STILL THERE.

NORTON ALERT

C:\MSDIRECTX.SYS VIRUS NAME: Hacktool.Rootkit
C:\WIN\SYS32\MOUSEHS.EXE VIRUS NAME: W32.WALLZ

Thanks for your help

Make a directory called C:\Hijack then go to
http://www.hijackthis.de/index.php?langselect=english
and download Hijackthis into the directory you made.
Bookmark the above site for later.
Start Hijack, run a scan, save the scan, go back to the bookmarked site and get your saved scan analysed.
Take appropriate actions or post your scan in here (you will need a few posts to do it because of it's length)Obviously, you are installing software that brings the virus along. Quote

Obviously, you are installing software that brings the virus along.

you obviously don't know about Virus attacking Random IP
Good luck Quote

Make a directory called C:\Hijack then go to
http://www.hijackthis.de/index.php?langselect=english
and download Hijackthis into the directory you made.
Bookmark the above site for later.
Start Hijack, run a scan, save the scan, go back to the bookmarked site and get your saved scan analysed.
Take appropriate actions or post your scan in here (you will need a few posts to do it because of it's length)

Thanks, I have scanned it, I have located the malicious file but still can't remove it MOUSEHS.EXE

Logfile of HijackThis v1.99.1
Scan saved at 3:31:07 PM, on 6/26/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Documents and Settings\A\Local Settings\Temp\Temporary Directory 1 for hijackthis_199.zip\HijackThis.exe
C:\WINDOWS\system32\1.tmp
C:\WINDOWS\System32\wmplayer.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.geocities.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.geocities.com/
F2 - REG:system.ini: UserInit=userinit.exe,xpjava.exe
O2 - BHO: (no name) - {54EE0AE1-2951-AF60-CB4B-465A304E316E} - C:\WINDOWS\System32\FYI\xteivderqx.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [System hoster] longwin32.exe
O4 - HKLM\..\Run: [Explorer] explorer.exe
O4 - HKLM\..\Run: [Services] C:\WINDOWS\system32\1.tmp
O4 - HKLM\..\Run: [SECRETSERVICE] C:\WINDOWS\System32\n0m0r3\v1rg.exe
O4 - HKLM\..\Run: [udtgrr] c:\windows\system32\pxhiwt.exe r
O4 - HKLM\..\Run: [Anti-Virus Update Scheduler V1.39.12R] C:\WINDOWS\system32\1.tmp
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Windows Media Player] wmplayer.exe
O4 - HKLM\..\RunServices: [System hoster] longwin32.exe
O4 - HKLM\..\RunServices: [Explorer] explorer.exe
O4 - HKLM\..\RunServices: [Windows Media Player] wmplayer.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1119422031463
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,4519/mcfscan.cab
O23 - Service: Shaw Secure (BackWeb Plug-in - 3875767) - UNKNOWN owner - C:\PROGRA~1\SHAWSE~1\backweb\3875767\Program\SERVIC~1.EXE (file missing)
O23 - Service: fsbwsys - Unknown owner - C:\Program Files\Shaw Secure\backweb\3875767\program\fsbwsys.exe (file missing)
O23 - Service: Windows lsass Service (lsass) - Unknown owner - C:\WINDOWS\lsass.exe
O23 - Service: Mouse Hardware Sync (mousehs) - Unknown owner - C:\WINDOWS\System32\mousehs.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe

delete this in hi-jack this......O2 - BHO: (no name) - {54EE0AE1-2951-AF60-CB4B-465A304E316E} - C:\WINDOWS\System32\FYI\xteivderqx.dll
delete what you think should not be there.....dont worry as hij back up filesDid you get your log file analysed at the hijackthis site as I suggested?
You have got a couple of nasties there.

Anyway, this is just crazy, why don't you re-format, then install OS, antivirus, antispyware & a firewall before you connect to the internet and it's fixed? Quote

Did you get your log file analysed at the hijackthis site as I suggested?
You have got a couple of nasties there.

Anyway, this is just crazy, why don't you re-format, then install OS, antivirus, antispyware & a firewall before you connect to the internet and it's fixed?

I did scan and analysed etc..

HOWEVER, I just reformated for 3rd times this week

now I understand 2 things

1/ my ip was attacked by a virus as soon as I connect to the internet
2/ before I connect I should ENABLE my firewall! I'm just wondering it is offered by SP2?

Anyway, I just enable my firewall through network connection, so far this famous virus is not back there yet

Thanks for all your help guys!

keep up the work

Solve : PLEASE HELP VIRUS W32.WALLZ?

Discussion

No Comment Found

Related InterviewSolutions

Reply to Comment