Emergency Help Needed!
Sheri, my eTrust InoculateIT has popped up a warning on that one a couple of times lately on certain web pages. It must be making the rounds now. The VET engine that eTrust uses will catch worms like that. When I used Norton, I don't remember it doing too well on those.
purplehawk wrote:I'm running Trend Micro now. It found and cleaned something called "malware.WORM_SAMBUD.A." Norton has no record of this worm, which apparently comes through the net.
Worm/P2P.Sambud.A uses the file exchange P2P network Kazaa to trick users into downloading itself.
If executed, the worm copies itself in the \windows\system32\ directory under the filename "Turbo_forKazaa.exe".
It then creates a couple registry key entries so that it enables the Kazaa shared files and where to direct the shared folders, including:
HKEY_CURRENT_USER\Software\Kazaa\LocalContent
"dir99"="012345:C:\\WINDOWS\\sys32"
If executed, the worm copies itself in the \windows\system32\ directory under the filename "Turbo_forKazaa.exe".
It then creates a couple registry key entries so that it enables the Kazaa shared files and where to direct the shared folders, including:
HKEY_CURRENT_USER\Software\Kazaa\LocalContent
"dir99"="012345:C:\\WINDOWS\\sys32"
Update:
I'm back up and running with a fresh install of XP. GRRR at the virus. I'm installing a new AV program now, and will make sure that d*mn thing is gone.
I'm back up and running with a fresh install of XP. GRRR at the virus. I'm installing a new AV program now, and will make sure that d*mn thing is gone.
"Greatness is not a function of circumstance. Greatness, it turns out, is largely a matter of conscious choice, and discipline." - Jim Collins
- kanaloa
- President
- Posts: 11795
- Joined: Sun Mar 10, 2002 1:18 am
- Location: HI & SC
- Real Name: John Derrick
I think we're all good now. Cept Purp... but I doubt there is anything you can do for that.
I got bombed earlier with a bad virus. Killed my XP.
I got bombed earlier with a bad virus. Killed my XP.
"Greatness is not a function of circumstance. Greatness, it turns out, is largely a matter of conscious choice, and discipline." - Jim Collins
- kanaloa
- President
- Posts: 11795
- Joined: Sun Mar 10, 2002 1:18 am
- Location: HI & SC
- Real Name: John Derrick
A friend of mine got hit with a virus a couple of weeks ago and that key in the registry that deals with how to handle .exe files was modified the way RIP! mentioned... for that particular virus, the instructions from Symantec included this:
Start the computer in Safe mode, then
Click Start>Run type cmd
If you aren't already in your Windows folder (the folder name before your flashing cursor... eg. C:\Windows) you'll need to go there. To do that, type "cd \" (without the quotes)hit enter, then type "cd windows" (again, no quotes) and hit enter again.
Type "ren regedit.exe regedit.com" ( -quotes) and hit enter. Now type "regedit" and the registry editor *should* open and you can do whatever editing you need to do.
This should work for any virus/trojan that modifies how Windows handles .exe files, but if it also modified how .com files are handled, this won't help.
Hopefully this information will be useless and no one here will get another virus.
Steve
Start the computer in Safe mode, then
Click Start>Run type cmd
If you aren't already in your Windows folder (the folder name before your flashing cursor... eg. C:\Windows) you'll need to go there. To do that, type "cd \" (without the quotes)hit enter, then type "cd windows" (again, no quotes) and hit enter again.
Type "ren regedit.exe regedit.com" ( -quotes) and hit enter. Now type "regedit" and the registry editor *should* open and you can do whatever editing you need to do.
This should work for any virus/trojan that modifies how Windows handles .exe files, but if it also modified how .com files are handled, this won't help.
Hopefully this information will be useless and no one here will get another virus.
Steve
Who is online
Users browsing this forum: No registered users and 5 guests