Emergency Help Needed!

by **purplehawk** on Sat Jan 11, 2003 9:27 pm

Good Lord! John, I was going to PM you and ask how things went with the virus... I think I'll pass after reading this thread. I'm in trouble here, too, but with a different Windows twist. I'll post separately for help.

by **purplehawk** on Sat Jan 11, 2003 10:04 pm

I'm running Trend Micro now. It found and cleaned something called "malware.WORM_SAMBUD.A." Norton has no record of this worm, which apparently comes through the net.

by **SCgone** on Sat Jan 11, 2003 10:24 pm

Sheri, my eTrust InoculateIT has popped up a warning on that one a couple of times lately on certain web pages. It must be making the rounds now. The VET engine that eTrust uses will catch worms like that. When I used Norton, I don't remember it doing too well on those.

purplehawk wrote:I'm running Trend Micro now. It found and cleaned something called "malware.WORM_SAMBUD.A." Norton has no record of this worm, which apparently comes through the net.

by **purplehawk** on Sat Jan 11, 2003 10:44 pm

Apparently, Bob... I searched Symantec's site thoroughly and there is no reference to it anywhere in their database. Disheartening, actually.

by **SCgone** on Sat Jan 11, 2003 10:57 pm

Worm/P2P.Sambud.A uses the file exchange P2P network Kazaa to trick users into downloading itself.

If executed, the worm copies itself in the \windows\system32\ directory under the filename "Turbo_forKazaa.exe".

It then creates a couple registry key entries so that it enables the Kazaa shared files and where to direct the shared folders, including:

HKEY_CURRENT_USER\Software\Kazaa\LocalContent
"dir99"="012345:C:\\WINDOWS\\sys32"

by **kanaloa** on Sat Jan 11, 2003 11:39 pm

Update:

I'm back up and running with a fresh install of XP. GRRR at the virus. I'm installing a new AV program now, and will make sure that d*mn thing is gone.

by **Yappinator** on Sat Jan 11, 2003 11:41 pm

oh uh

Who is in trouble?

I'm here if ya need me

Yaps

by **kanaloa** on Sun Jan 12, 2003 12:19 am

I think we're all good now. Cept Purp... but I doubt there is anything you can do for that.

I got bombed earlier with a bad virus. Killed my XP.

by **Yappinator** on Sun Jan 12, 2003 12:22 am

Awwww

U had to reformat John? that sux

I hope Bessie Gets better

Yaps

by **Pot8oHead** on Tue Jan 14, 2003 1:23 am

A friend of mine got hit with a virus a couple of weeks ago and that key in the registry that deals with how to handle .exe files was modified the way RIP! mentioned... for that particular virus, the instructions from Symantec included this:

Start the computer in Safe mode, then

Click Start>Run type cmd

If you aren't already in your Windows folder (the folder name before your flashing cursor... eg. C:\Windows) you'll need to go there. To do that, type "cd \" (without the quotes)hit enter, then type "cd windows" (again, no quotes) and hit enter again.

Type "ren regedit.exe regedit.com" ( -quotes) and hit enter. Now type "regedit" and the registry editor *should* open and you can do whatever editing you need to do.

This should work for any virus/trojan that modifies how Windows handles .exe files, but if it also modified how .com files are handled, this won't help.

Hopefully this information will be useless and no one here will get another virus. :blink

Steve

Emergency Help Needed!

Who is online

PROnetworks - Technology News, Analysis, and Support