Source: C:\DOCUMENTS AND SETTINGS\ALL USERS.WINDOWS\DOCUMENTS\OPEN_ME.exe
Source: C:\DOCUMENTS AND SETTINGS\ALL USERS.WINDOWS\DOCUMENTS\explore.exe
Source: C:\DOCUMENTS AND SETTINGS\ALL USERS.WINDOWS\DOCUMENTS\OPEN_ME.exe
,Threat category: VirusSource: C:\Documents and Settings\All Users.WINDOWS\Documents\OPEN_ME.exe,Description: The file C:\Documents and Settings\All Users.WINDOWS\Documents\OPEN_ME.exe is infected with the W32.Spybot.Worm virus.
,Threat category: VirusSource: C:\Documents and Settings\All Users.WINDOWS\Documents\explore.exe,Description: The file C:\Documents and Settings\All Users.WINDOWS\Documents\explore.exe is infected with the W32.Spybot.Worm virus.
Source: C:\DOCUMENTS AND SETTINGS\ALL USERS.WINDOWS\DOCUMENTS\OPEN_ME.exe
Source: C:\DOCUMENTS AND SETTINGS\ALL USERS.WINDOWS\DOCUMENTS\OPEN_ME.exe
Source: C:\Documents and Settings\All Users.WINDOWS\Documents\explore.exe
,Threat category: VirusSource: C:\Documents and Settings\All Users.WINDOWS\Documents\explore.exe,Description: The file C:\Documents and Settings\All Users.WINDOWS\Documents\explore.exe is infected with the W32.Spybot.Worm virus.




I keep getting that crap all day long.. I have run a scan. It finds it, and then deletes it. Then a few hours later it pops back up. I have scanned my machine and know it has gotten rid of the damn worm.. but it just keeps coming back.... Any ideas?

What did you use to scan, NAV 2004? Maybe you need another program to do it.

boogs the real question is how do you keep getting it. have you ran a port scan to see if your wide open like a hooker on the corner. :D

I'm sure you've already seen all of this but here it is anyway with the Symantec Removal Tool: http://search.symantec.com/custom/us/query.html

This info from AVG. It may help you prevent re-infection.

Worm/Spybot

The exact description is not available.

This type of virus spreads across local networks or through internet via shares disks. The virus searches for computers in its "neighborhood" with shared network drives and then copies itself on them.

For prevention as far as possible do not share whole disks, but only selected folders. It is also advisable to use passwords on shared folders.

We recommend you remove binding to "File and printer sharing" in Bindings Tab under TCP/IP Properties for all TCP/IP protocols (the TCP/IP protocol is usually defined for every LAN or Dial-Up adapter).


Peer-to-peer networks

Next most common method of spreading is by "peer-to-peer" networks (like KaZaA), the virus creates a few copies of itself in folders within the P2P shared system. If these files have got alluring names then there is a good chance somebody will download these files and execute them.

I tried Rik's link but didn't find it.. I did a seach myself, and I didn't find removal tool. But there is removal instructions
http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.worm.html#removalinstructions
Since this worm copies itself into the system directory the File Protection System has a copy. So whenever you (or the AV) delete the file, Windows copy the file from the back up. You have to actually run the AV from Safe Mode, and modify some registry keys.

HAVE FUN ;)

I followed the Symantec instructions twice before. Even booted to safemode to remove it..

I think it is coming from my Wife's PC over the network. I have print and file sharing enabled in order to share a networked printer... I have to have it, so she can print, which she does nearly every day.

I disabled system restore. I checked that folder and deleted all contents from it. Hopefully that has solved this problem.

I'm going to scan her PC tonight, and see. I'll check again when I return home. I will scan both PCs. Hopefully I can figure this out.

If all else fails, I may just format and reinstall the OS if it keeps returning.

Sorry for the bad link...dunno what happened but here is the correct one: http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.worm.html

and it does have the removal instructions also.

Thanks rik,
I'll give that a go when I get home. Yesterday I had no spybot warnings so it appears to be solved.. but for extra precautions, I shall try that removal tool.
:D