Results 1 to 9 of 9

Thread: Spybot Worm is pissing me off

  1. #1
    Super Moderator Super Moderator Big Booger's Avatar
    Join Date
    Apr 2002
    Location
    JAPAN
    Posts
    10,941

    Spybot Worm is pissing me off

    Source: C:\DOCUMENTS AND SETTINGS\ALL USERS.WINDOWS\DOCUMENTS\OPEN_ME.exe
    Source: C:\DOCUMENTS AND SETTINGS\ALL USERS.WINDOWS\DOCUMENTS\explore.exe
    Source: C:\DOCUMENTS AND SETTINGS\ALL USERS.WINDOWS\DOCUMENTS\OPEN_ME.exe
    ,Threat category: VirusSource: C:\Documents and Settings\All Users.WINDOWS\Documents\OPEN_ME.exe,Description: The file C:\Documents and Settings\All Users.WINDOWS\Documents\OPEN_ME.exe is infected with the W32.Spybot.Worm virus.
    ,Threat category: VirusSource: C:\Documents and Settings\All Users.WINDOWS\Documents\explore.exe,Description: The file C:\Documents and Settings\All Users.WINDOWS\Documents\explore.exe is infected with the W32.Spybot.Worm virus.
    Source: C:\DOCUMENTS AND SETTINGS\ALL USERS.WINDOWS\DOCUMENTS\OPEN_ME.exe
    Source: C:\DOCUMENTS AND SETTINGS\ALL USERS.WINDOWS\DOCUMENTS\OPEN_ME.exe
    Source: C:\Documents and Settings\All Users.WINDOWS\Documents\explore.exe
    ,Threat category: VirusSource: C:\Documents and Settings\All Users.WINDOWS\Documents\explore.exe,Description: The file C:\Documents and Settings\All Users.WINDOWS\Documents\explore.exe is infected with the W32.Spybot.Worm virus.




    I keep getting that crap all day long.. I have run a scan. It finds it, and then deletes it. Then a few hours later it pops back up. I have scanned my machine and know it has gotten rid of the damn worm.. but it just keeps coming back.... Any ideas?

  2. #2
    Techzonez Governor Super Moderator Conan's Avatar
    Join Date
    Apr 2002
    Location
    Philippines
    Posts
    4,343
    What did you use to scan, NAV 2004? Maybe you need another program to do it.

  3. #3
    Friendly Neighborhood Super Moderator phishhead's Avatar
    Join Date
    Apr 2002
    Location
    San Diego, Ca.
    Posts
    3,732
    boogs the real question is how do you keep getting it. have you ran a port scan to see if your wide open like a hooker on the corner.



  4. #4
    Old and Cranky Super Moderator rik's Avatar
    Join Date
    Aug 2003
    Location
    Watching Your every move...
    Posts
    4,688
    I'm sure you've already seen all of this but here it is anyway with the Symantec Removal Tool: http://search.symantec.com/custom/us/query.html

  5. #5
    Titanium Member efc's Avatar
    Join Date
    Sep 2002
    Location
    North Central Arkansas
    Posts
    2,329
    This info from AVG. It may help you prevent re-infection.

    Worm/Spybot

    The exact description is not available.

    This type of virus spreads across local networks or through internet via shares disks. The virus searches for computers in its "neighborhood" with shared network drives and then copies itself on them.

    For prevention as far as possible do not share whole disks, but only selected folders. It is also advisable to use passwords on shared folders.

    We recommend you remove binding to "File and printer sharing" in Bindings Tab under TCP/IP Properties for all TCP/IP protocols (the TCP/IP protocol is usually defined for every LAN or Dial-Up adapter).


    Peer-to-peer networks

    Next most common method of spreading is by "peer-to-peer" networks (like KaZaA), the virus creates a few copies of itself in folders within the P2P shared system. If these files have got alluring names then there is a good chance somebody will download these files and execute them.
    Linux Mint Debian Edition

  6. #6
    Succeded in braking Windo TZ Veteran Dehcbad25's Avatar
    Join Date
    Apr 2002
    Location
    DE - USA
    Posts
    2,406
    I tried Rik's link but didn't find it.. I did a seach myself, and I didn't find removal tool. But there is removal instructions
    http://securityresponse.symantec.com...alinstructions
    Since this worm copies itself into the system directory the File Protection System has a copy. So whenever you (or the AV) delete the file, Windows copy the file from the back up. You have to actually run the AV from Safe Mode, and modify some registry keys.

    HAVE FUN

  7. #7
    Super Moderator Super Moderator Big Booger's Avatar
    Join Date
    Apr 2002
    Location
    JAPAN
    Posts
    10,941
    I followed the Symantec instructions twice before. Even booted to safemode to remove it..

    I think it is coming from my Wife's PC over the network. I have print and file sharing enabled in order to share a networked printer... I have to have it, so she can print, which she does nearly every day.

    I disabled system restore. I checked that folder and deleted all contents from it. Hopefully that has solved this problem.

    I'm going to scan her PC tonight, and see. I'll check again when I return home. I will scan both PCs. Hopefully I can figure this out.

    If all else fails, I may just format and reinstall the OS if it keeps returning.

  8. #8
    Old and Cranky Super Moderator rik's Avatar
    Join Date
    Aug 2003
    Location
    Watching Your every move...
    Posts
    4,688
    Sorry for the bad link...dunno what happened but here is the correct one: http://securityresponse.symantec.com...ybot.worm.html

    and it does have the removal instructions also.

  9. #9
    Super Moderator Super Moderator Big Booger's Avatar
    Join Date
    Apr 2002
    Location
    JAPAN
    Posts
    10,941
    Thanks rik,
    I'll give that a go when I get home. Yesterday I had no spybot warnings so it appears to be solved.. but for extra precautions, I shall try that removal tool.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •