Please Help Virus W32.wallz - Techist - Tech Forum

Go Back   Techist - Tech Forum > Computer Software > Microsoft Windows and Software
Click Here to Login
Closed Thread
 
Thread Tools Display Modes
 
Old 06-25-2005, 08:37 PM   #1 (permalink)
True Techie
 
Join Date: Feb 2004
Posts: 175
Default Please Help Virus W32.wallz

Every time I format then as soon as I connect to the internet, the virus is attached to my pc.

I USE NAV with upgrade but it can't remove it

I try Trend micro housecall

still it can't remove

I still have the virus alert from Norton

C:\WIN/SYSTEM32\MOUSEHS.EXE
VIRUS NAME: W32.WALLZ

I try to remove it from safe mode no luck

my screen keeps frozen and sometime can't turn off or restart.

Does it happen to anyone?, I've checked with Microsoft support , I have modified registry according to them, I realize that the virus is attached to random IP

but no luck

Thanks
__________________

kopenhagen is offline  
Old 06-25-2005, 08:54 PM   #2 (permalink)
Member (again)
 
macdude425's Avatar
 
Join Date: Jan 2005
Location: Raul's Wild Kingdom...How 'bout that, huh?
Posts: 4,202
Send a message via AIM to macdude425 Send a message via Yahoo to macdude425
Default

Have you tried this?
http://securityresponse.symantec.com...w32.wallz.html
__________________

__________________



Debian Support Forums!
macdude425 is offline  
Old 06-25-2005, 10:59 PM   #3 (permalink)
True Techie
 
Join Date: Feb 2004
Posts: 175
Default

Quote:
Originally posted by macdude425
Have you tried this?
http://securityresponse.symantec.com...w32.wallz.html
This is the tricky part, I have afew questions

"EnableDCOM" = "Y"

I DID BUT WHEN I RESTART THE PC, IT BECOMES "N" UNLESS I HAVE TO SAVE IT AND HOW?

to the registry subkey:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole

to enable DCOM.


Adds the value:

"restrictanonymous" = "dword:00000001"

I RIGHT CLICK,MODIFY ,BUT CAN'T PUT DWORD: 00000..

to the registry subkey:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\Lsa

to restrict anonymous access to network shares.


Creates the following file, which is not malicious:

%Windir%\Debug\dcpromo.log

I DID

ANYWAY, I scan on live with House call trend micro,symantec, AND mc affee
NOne of them can't remove this virus?

Thanks
kopenhagen is offline  
Old 06-25-2005, 11:05 PM   #4 (permalink)
Monster Techie
 
Join Date: May 2004
Location: /usr/root/mn/us
Posts: 1,118
Default

You're reading the part of the threat assement detailing what the virus does.

Read down lower and here's the way to fix this problem.

Quote:
The following instructions pertain to all current and recent Symantec antivirus products, including the Symantec AntiVirus and Norton AntiVirus product lines.

1. Disable System Restore (Windows Me/XP).
2. Update the virus definitions.
3. Run a full system scan and delete all the files detected as W32.Wallz.
4. Delete the value that was added to the registry.
For step 4, it means you need to delete these registry keys.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\R oot\LEGACY_WINPNP32
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\winpnp32
__________________

Its a frigging Laptop, not a Labtop!!!!
bla!! is offline  
Old 06-26-2005, 12:16 AM   #5 (permalink)
True Techie
 
Join Date: Feb 2004
Posts: 175
Default

Quote:
Originally posted by bla!!
You're reading the part of the threat assement detailing what the virus does.

Read down lower and here's the way to fix this problem.



For step 4, it means you need to delete these registry keys.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\R oot\LEGACY_WINPNP32
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\winpnp32
They are not in the registry!
kopenhagen is offline  
Old 06-26-2005, 12:27 AM   #6 (permalink)
Chillin Techie
 
Join Date: Nov 2004
Location: USA
Posts: 11,861
Default

Quote:
Originally posted by kopenhagen
They are not in the registry!
head to kaspersky lab for a removal tool

http://www.kaspersky.com/removaltools

or use powermax to wipe your hard drive clean as it must have something in your mbr to keep bringing it back.
__________________

__________________
The Ultimate Hard Drive Utility PowerMax 4.23. (It now has the ability to clean a Boot Sector virus on the quick erase option.)
The best browser Netscape 8
Have you accidently delete something? Look here (trial. the better one) and here(free)
EricB is offline  
Closed Thread

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off




Copyright 2002- Social Knowledge, LLC All Rights Reserved.

All times are GMT -5. The time now is 02:30 PM.


Powered by vBulletin® Version 3.8.8 Beta 1
Copyright ©2000 - 2017, vBulletin Solutions, Inc.