Please Help Virus W32.wallz

[kopenhagen]

Every time I format then as soon as I connect to the internet, the virus is attached to my pc.

I USE NAV with upgrade but it can't remove it

I try Trend micro housecall

still it can't remove

I still have the virus alert from Norton

C:\WIN/SYSTEM32\MOUSEHS.EXE
VIRUS NAME: W32.WALLZ

I try to remove it from safe mode no luck

my screen keeps frozen and sometime can't turn off or restart.

Does it happen to anyone?, I've checked with Microsoft support , I have modified registry according to them, I realize that the virus is attached to random IP

but no luck

Thanks

 

[macdude425]

Have you tried this?
http://securityresponse.symantec.com/avcenter/venc/data/w32.wallz.html

 

[kopenhagen]

Have you tried this?
http://securityresponse.symantec.com/avcenter/venc/data/w32.wallz.html

This is the tricky part, I have afew questions

"EnableDCOM" = "Y"

I DID BUT WHEN I RESTART THE PC, IT BECOMES "N" UNLESS I HAVE TO SAVE IT AND HOW?

to the registry subkey:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole

to enable DCOM.


Adds the value:

"restrictanonymous" = "dword:00000001"

I RIGHT CLICK,MODIFY ,BUT CAN'T PUT DWORD: 00000..

to the registry subkey:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa

to restrict anonymous access to network shares.


Creates the following file, which is not malicious:

%Windir%\Debug\dcpromo.log

I DID

ANYWAY, I scan on live with House call trend micro,symantec, AND mc affee
NOne of them can't remove this virus?

Thanks

 

[bla!!]

You're reading the part of the threat assement detailing what the virus does.

Read down lower and here's the way to fix this problem.

The following instructions pertain to all current and recent Symantec antivirus products, including the Symantec AntiVirus and Norton AntiVirus product lines.

1. Disable System Restore (Windows Me/XP).
2. Update the virus definitions.
3. Run a full system scan and delete all the files detected as W32.Wallz.
4. Delete the value that was added to the registry.

For step 4, it means you need to delete these registry keys.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINPNP32
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\winpnp32

 

[kopenhagen]

You're reading the part of the threat assement detailing what the virus does.

Read down lower and here's the way to fix this problem.



For step 4, it means you need to delete these registry keys.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINPNP32
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\winpnp32

They are not in the registry!

 

[EricB]

They are not in the registry!

head to kaspersky lab for a removal tool

http://www.kaspersky.com/removaltools

or use powermax to wipe your hard drive clean as it must have something in your mbr to keep bringing it back.