Worm/Virus Help!! - Techist - Tech Forum

Go Back   Techist - Tech Forum > Computer Software > Microsoft Windows and Software
Click Here to Login
Closed Thread
 
Thread Tools Display Modes
 
Old 08-20-2005, 09:23 AM   #1 (permalink)
True Techie
 
Join Date: Jun 2005
Posts: 157
Default Worm/Virus Help!!

I cant seem to find the folder in which this worm is in. Vet found it but wont delete it, and yes I have set vet to delete infected files. Please help.
Attached Files
File Type: zip untitled3.zip (59.8 KB, 6 views)
__________________

__________________
The Rig: Specs
e8500 @ 4.1Ghz, 4Gb OCZ Reapers @ 1152Mhz, Gainward HD 4850 GPU, Asus P5Q-PRO, Corsair 60gb Force Series SSD, Seagate 7200.11 320Gb, Corsair 620W Modular PSU, Vista Home Premium 64
zildjianchris is offline  
Old 08-20-2005, 09:58 AM   #2 (permalink)
Techie Beyond Description
 
Osiris's Avatar
 
Join Date: Jan 2005
Location: Kentucky
Posts: 36,817
Send a message via ICQ to Osiris Send a message via AIM to Osiris Send a message via MSN to Osiris Send a message via Yahoo to Osiris
Default

1. To disable System Restore (Windows Me/XP)
If you are running Windows Me or Windows XP, we recommend that you temporarily turn off System Restore. Windows Me/XP uses this feature, which is enabled by default, to restore the files on your computer in case they become damaged. If a virus, worm, or Trojan infects a computer, System Restore may back up the virus, worm, or Trojan on the computer.

Windows prevents outside programs, including antivirus programs, from modifying System Restore. Therefore, antivirus programs or tools cannot remove threats in the System Restore folder. As a result, System Restore has the potential of restoring an infected file on your computer, even after you have cleaned the infected files from all the other locations.

Also, a virus scan may detect a threat in the System Restore folder even though you have removed the threat.

4. To delete the value from the registry
Important: Symantec strongly recommends that you back up the registry before making any changes to it. Incorrect changes to the registry can result in permanent data loss or corrupted files. Modify the specified subkeys only. For instructions refer to the document: How to make a backup of the Windows registry.

Click Start > Run.
Type regedit
Click OK.

Note: If the registry editor fails to open the threat may have modified the registry to prevent access to the registry editor. Security Response has developed a tool to resolve this problem. Download and run this tool, and then continue with the removal.


Navigate to the subkey:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run


In the right pane, delete the value:

"winupdates" = "%ProgramFiles%\winupdates\winupdates.exe /auto"


Exit the Registry Editor.
__________________

__________________
Osiris is offline  
Old 08-20-2005, 10:01 AM   #3 (permalink)
True Techie
 
Join Date: Jun 2005
Posts: 157
Default

I've already got system restore disabled. And also that wasn't in the specified location in the registry. Any other suggestions?
__________________
The Rig: Specs
e8500 @ 4.1Ghz, 4Gb OCZ Reapers @ 1152Mhz, Gainward HD 4850 GPU, Asus P5Q-PRO, Corsair 60gb Force Series SSD, Seagate 7200.11 320Gb, Corsair 620W Modular PSU, Vista Home Premium 64
zildjianchris is offline  
Old 08-20-2005, 10:13 AM   #4 (permalink)
Techie Beyond Description
 
Osiris's Avatar
 
Join Date: Jan 2005
Location: Kentucky
Posts: 36,817
Send a message via ICQ to Osiris Send a message via AIM to Osiris Send a message via MSN to Osiris Send a message via Yahoo to Osiris
Default

Did you try Microsofts AS? Also, run Hijack this and post a log. Run your spyware scans in safemode.
__________________
Osiris is offline  
Old 08-20-2005, 10:18 AM   #5 (permalink)
True Techie
 
Join Date: Jun 2005
Posts: 157
Default

Tried both, but not in safe mode. What button do I press for safe mode when booting again. Been so long since I've have to.
__________________
The Rig: Specs
e8500 @ 4.1Ghz, 4Gb OCZ Reapers @ 1152Mhz, Gainward HD 4850 GPU, Asus P5Q-PRO, Corsair 60gb Force Series SSD, Seagate 7200.11 320Gb, Corsair 620W Modular PSU, Vista Home Premium 64
zildjianchris is offline  
Old 08-20-2005, 10:27 AM   #6 (permalink)
True Techie
 
Join Date: Jun 2005
Posts: 157
Default

Print Screen in Hijack this
Attached Files
File Type: zip hijackthisprintscreen2.zip (67.6 KB, 2 views)
__________________
The Rig: Specs
e8500 @ 4.1Ghz, 4Gb OCZ Reapers @ 1152Mhz, Gainward HD 4850 GPU, Asus P5Q-PRO, Corsair 60gb Force Series SSD, Seagate 7200.11 320Gb, Corsair 620W Modular PSU, Vista Home Premium 64
zildjianchris is offline  
Old 08-20-2005, 11:55 AM   #7 (permalink)
Techie Beyond Description
 
Osiris's Avatar
 
Join Date: Jan 2005
Location: Kentucky
Posts: 36,817
Send a message via ICQ to Osiris Send a message via AIM to Osiris Send a message via MSN to Osiris Send a message via Yahoo to Osiris
Default

F8
__________________
Osiris is offline  
Old 08-20-2005, 11:56 AM   #8 (permalink)
Techie Beyond Description
 
Osiris's Avatar
 
Join Date: Jan 2005
Location: Kentucky
Posts: 36,817
Send a message via ICQ to Osiris Send a message via AIM to Osiris Send a message via MSN to Osiris Send a message via Yahoo to Osiris
Default

Post the log on the forum.
__________________
Osiris is offline  
Old 08-20-2005, 08:04 PM   #9 (permalink)
True Techie
 
Join Date: Jun 2005
Posts: 157
Default

Don't worry now. I've deleted it. Vet wasn't completely up to date. So I updated it and ran a search, and it found it and deleted this time. Thanks for your help anyway.
__________________

__________________
The Rig: Specs
e8500 @ 4.1Ghz, 4Gb OCZ Reapers @ 1152Mhz, Gainward HD 4850 GPU, Asus P5Q-PRO, Corsair 60gb Force Series SSD, Seagate 7200.11 320Gb, Corsair 620W Modular PSU, Vista Home Premium 64
zildjianchris is offline  
Closed Thread

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off




Copyright 2002- Social Knowledge, LLC All Rights Reserved.

All times are GMT -5. The time now is 06:18 PM.


Powered by vBulletin® Version 3.8.8 Beta 1
Copyright ©2000 - 2017, vBulletin Solutions, Inc.