win32/Sircam worm - solution!

From: jeon sanghun (winsnort@hotmail.com)
Date: 07/25/01 

From: "jeon sanghun" <winsnort@hotmail.com>
To: SECURITY-BASICS@securityfocus.com
Subject: win32/Sircam worm - solution!
Date: Wed, 25 Jul 2001 04:18:02 +0000
Message-ID: <F40OSTth6Xv3ZLcDgpA00004fd9@hotmail.com>

if you infect win32/SirCam. worm
you must cure it.

Antivirus Corp. release many cure vaccine!.

symantec information is here

http://www.symantec.com/avcenter/venc/data/w32.sircam.worm@mm.html

Find Antivirus tool ,if you want to remove virus
here so good cure vaccine.

http://home.ahnlab.com/virusinfo/down/v3sircam.com

remove sircam virus :

step 1: confirm autoexec.bat and remove @win\recycle\sirc32.exe

step2: start vaccine after downloading and reboot

step 3: you have to restartup keep command prompt mode, if you use windows
system

step 4: change directory c:\windows

step 5: find sirc32.exe ,scam32.exe ,sircam.exe remove it!

step 6: check exist these registry key & delete key

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Runservices\Driver32=c:\windows\system\scam32.exe"

HKEY_CLASSES_ROOT\exefile\shell\open\command\Default="c:\recycled\sirc32.exe"

"%1"%*
HKEY_LOCAL_MACHINE\Software\Sircam

sorry about my poor english ^^;
 
have a nice day!

_________________________________________________________________
MSN Explorer°¡ ÀÖÀ¸¸é Hotmail »ç¿ëÀÌ ÈξÀ Æí¸®ÇØ Áý´Ï´Ù.<br>Áö±Ý
http://explorer.msn.co.kr/¿¡¼­ ¹«·á·Î ´Ù¿î·ÎµåÇϼ¼¿ä.