|
|
|||||||
| Adware & Spyware Think you may have an Adware or Spyware problem? Discuss it here. |
|
|
|
Thread Tools | Display Modes |
November 18th, 2003, 13:22 PM
|
#1 |
|
Happy New Year!
Super Moderator
Join Date: Apr 2002
Location: JAPAN
Posts: 11,909
|
Spybot Worm is pissing me off
Source: C:\DOCUMENTS AND SETTINGS\ALL USERS.WINDOWS\DOCUMENTS\OPEN_ME.exe
Source: C:\DOCUMENTS AND SETTINGS\ALL USERS.WINDOWS\DOCUMENTS\explore.exe Source: C:\DOCUMENTS AND SETTINGS\ALL USERS.WINDOWS\DOCUMENTS\OPEN_ME.exe ,Threat category: VirusSource: C:\Documents and Settings\All Users.WINDOWS\Documents\OPEN_ME.exe,Description: The file C:\Documents and Settings\All Users.WINDOWS\Documents\OPEN_ME.exe is infected with the W32.Spybot.Worm virus. ,Threat category: VirusSource: C:\Documents and Settings\All Users.WINDOWS\Documents\explore.exe,Description: The file C:\Documents and Settings\All Users.WINDOWS\Documents\explore.exe is infected with the W32.Spybot.Worm virus. Source: C:\DOCUMENTS AND SETTINGS\ALL USERS.WINDOWS\DOCUMENTS\OPEN_ME.exe Source: C:\DOCUMENTS AND SETTINGS\ALL USERS.WINDOWS\DOCUMENTS\OPEN_ME.exe Source: C:\Documents and Settings\All Users.WINDOWS\Documents\explore.exe ,Threat category: VirusSource: C:\Documents and Settings\All Users.WINDOWS\Documents\explore.exe,Description: The file C:\Documents and Settings\All Users.WINDOWS\Documents\explore.exe is infected with the W32.Spybot.Worm virus. I keep getting that crap all day long.. I have run a scan. It finds it, and then deletes it. Then a few hours later it pops back up. I have scanned my machine and know it has gotten rid of the damn worm.. but it just keeps coming back.... Any ideas? |
|
|
|
November 18th, 2003, 14:14 PM
|
#2 |
|
Techzonez Governor
Administrator
Join Date: Apr 2002
Location: Philippines
Posts: 4,591
|
What did you use to scan, NAV 2004? Maybe you need another program to do it.
|
|
|
|
|
November 18th, 2003, 14:25 PM
|
#3 |
|
Friendly Neighborhood
Super Moderator
Join Date: Apr 2002
Location: San Diego, Ca.
Posts: 3,882
|
boogs the real question is how do you keep getting it. have you ran a port scan to see if your wide open like a hooker on the corner.
__________________
 |
|
|
|
|
November 18th, 2003, 16:11 PM
|
#4 |
|
Old, Cranky and Perverted
Super Moderator
Join Date: Aug 2003
Location: Watching Your every move...
Posts: 5,299
|
I'm sure you've already seen all of this but here it is anyway with the Symantec Removal Tool: http://search.symantec.com/custom/us/query.html
|
|
|
|
|
November 18th, 2003, 16:58 PM
|
#5 |
|
Titanium Member
Join Date: Sep 2002
Location: North Central Arkansas
Posts: 2,412
|
This info from AVG. It may help you prevent re-infection.
Worm/Spybot The exact description is not available. This type of virus spreads across local networks or through internet via shares disks. The virus searches for computers in its "neighborhood" with shared network drives and then copies itself on them. For prevention as far as possible do not share whole disks, but only selected folders. It is also advisable to use passwords on shared folders. We recommend you remove binding to "File and printer sharing" in Bindings Tab under TCP/IP Properties for all TCP/IP protocols (the TCP/IP protocol is usually defined for every LAN or Dial-Up adapter). Peer-to-peer networks Next most common method of spreading is by "peer-to-peer" networks (like KaZaA), the virus creates a few copies of itself in folders within the P2P shared system. If these files have got alluring names then there is a good chance somebody will download these files and execute them.
__________________
XandrOS Version 4 |
|
|
|
|
November 19th, 2003, 06:43 AM
|
#6 |
|
Trying to break 7
TZ Veteran
Join Date: Apr 2002
Location: Back in Civilization.
Posts: 2,391
|
I tried Rik's link but didn't find it.. I did a seach myself, and I didn't find removal tool. But there is removal instructions
http://securityresponse.symantec.com...alinstructions Since this worm copies itself into the system directory the File Protection System has a copy. So whenever you (or the AV) delete the file, Windows copy the file from the back up. You have to actually run the AV from Safe Mode, and modify some registry keys. HAVE FUN 
__________________
|
|
|
|
|
November 19th, 2003, 06:57 AM
|
#7 |
|
Happy New Year!
Super Moderator
Join Date: Apr 2002
Location: JAPAN
Posts: 11,909
|
I followed the Symantec instructions twice before. Even booted to safemode to remove it..
I think it is coming from my Wife's PC over the network. I have print and file sharing enabled in order to share a networked printer... I have to have it, so she can print, which she does nearly every day. I disabled system restore. I checked that folder and deleted all contents from it. Hopefully that has solved this problem. I'm going to scan her PC tonight, and see. I'll check again when I return home. I will scan both PCs. Hopefully I can figure this out. If all else fails, I may just format and reinstall the OS if it keeps returning. |
|
|
|
|
November 19th, 2003, 14:38 PM
|
#8 |
|
Old, Cranky and Perverted
Super Moderator
Join Date: Aug 2003
Location: Watching Your every move...
Posts: 5,299
|
Sorry for the bad link...dunno what happened but here is the correct one: http://securityresponse.symantec.com...ybot.worm.html
and it does have the removal instructions also. |
|
|
|
|
November 20th, 2003, 02:45 AM
|
#9 |
|
Happy New Year!
Super Moderator
Join Date: Apr 2002
Location: JAPAN
Posts: 11,909
|
Thanks rik,
I'll give that a go when I get home. Yesterday I had no spybot warnings so it appears to be solved.. but for extra precautions, I shall try that removal tool.
|
|
|
|
|
| Bookmarks |
| Thread Tools | |
| Display Modes | |
|
|
Linear Mode
