A Digital Age Deserves A Digital Leader

Emergency Help Needed!

Postby purplehawk » Sun Jan 12, 2003 1:27 am

Good Lord! John, I was going to PM you and ask how things went with the virus... I think I'll pass after reading this thread. I'm in trouble here, too, but with a different Windows twist. I'll post separately for help.
purplehawk

Postby purplehawk » Sun Jan 12, 2003 2:04 am

I'm running Trend Micro now. It found and cleaned something called "malware.WORM_SAMBUD.A." Norton has no record of this worm, which apparently comes through the net.
purplehawk

Postby SCgone » Sun Jan 12, 2003 2:24 am

Sheri, my eTrust InoculateIT has popped up a warning on that one a couple of times lately on certain web pages. It must be making the rounds now. The VET engine that eTrust uses will catch worms like that. When I used Norton, I don't remember it doing too well on those.

purplehawk wrote:I'm running Trend Micro now. It found and cleaned something called "malware.WORM_SAMBUD.A." Norton has no record of this worm, which apparently comes through the net.
PRO PLATINUM
Posts: 6879
Joined: Thu Mar 14, 2002 11:59 pm
Location: South Carolina, USA

Postby purplehawk » Sun Jan 12, 2003 2:44 am

Apparently, Bob... I searched Symantec's site thoroughly and there is no reference to it anywhere in their database. Disheartening, actually.
purplehawk

Postby SCgone » Sun Jan 12, 2003 2:57 am

Worm/P2P.Sambud.A uses the file exchange P2P network Kazaa to trick users into downloading itself.

If executed, the worm copies itself in the \windows\system32\ directory under the filename "Turbo_forKazaa.exe".

It then creates a couple registry key entries so that it enables the Kazaa shared files and where to direct the shared folders, including:

HKEY_CURRENT_USER\Software\Kazaa\LocalContent
"dir99"="012345:C:\\WINDOWS\\sys32"
PRO PLATINUM
Posts: 6879
Joined: Thu Mar 14, 2002 11:59 pm
Location: South Carolina, USA

Postby kanaloa » Sun Jan 12, 2003 3:39 am

Update:

I'm back up and running with a fresh install of XP. GRRR at the virus. I'm installing a new AV program now, and will make sure that d*mn thing is gone.
"Greatness is not a function of circumstance. Greatness, it turns out, is largely a matter of conscious choice, and discipline." - Jim Collins
President
User avatar
Posts: 11795
Joined: Sun Mar 10, 2002 1:18 am
Location: Columbia, SC
Real Name: John Derrick

Postby Yappinator » Sun Jan 12, 2003 3:41 am

oh uh

Who is in trouble?

I'm here if ya need me


Yaps
Yappinator

Postby kanaloa » Sun Jan 12, 2003 4:19 am

I think we're all good now. Cept Purp... but I doubt there is anything you can do for that.

I got bombed earlier with a bad virus. Killed my XP.
"Greatness is not a function of circumstance. Greatness, it turns out, is largely a matter of conscious choice, and discipline." - Jim Collins
President
User avatar
Posts: 11795
Joined: Sun Mar 10, 2002 1:18 am
Location: Columbia, SC
Real Name: John Derrick

Postby Yappinator » Sun Jan 12, 2003 4:22 am

Awwww

U had to reformat John? that sux

I hope Bessie Gets better

Yaps
Yappinator

Postby Pot8oHead » Tue Jan 14, 2003 5:23 am

A friend of mine got hit with a virus a couple of weeks ago and that key in the registry that deals with how to handle .exe files was modified the way RIP! mentioned... for that particular virus, the instructions from Symantec included this:

Start the computer in Safe mode, then

Click Start>Run type cmd

If you aren't already in your Windows folder (the folder name before your flashing cursor... eg. C:\Windows) you'll need to go there. To do that, type "cd \" (without the quotes)hit enter, then type "cd windows" (again, no quotes) and hit enter again.

Type "ren regedit.exe regedit.com" ( -quotes) and hit enter. Now type "regedit" and the registry editor *should* open and you can do whatever editing you need to do.

This should work for any virus/trojan that modifies how Windows handles .exe files, but if it also modified how .com files are handled, this won't help.

Hopefully this information will be useless and no one here will get another virus. :blink

Steve
Image
PRO Level 6
User avatar
Posts: 240
Joined: Thu Mar 14, 2002 10:28 pm
Location: Lethbridge, Alberta

PreviousNext

Return to Security & Virus

Who is online

Users browsing this forum: No registered users and 1 guest