Re: First Experience with Worm

From: David H. Lipman (DLipman~nospam~_at_Verizon.Net)
Date: 10/26/04 

Date: Tue, 26 Oct 2004 21:52:36 GMT

1) Download the following two items...

        Trend Sysclean Package
         http://www.trendmicro.com/download/dcs.asp

         Latest Trend signature files.
         http://www.trendmicro.com/download/pattern.asp

Create a directory.
On drive "C:\"
(e.g., "c:\New Folder")
or the desktop
(e.g., "C:\Documents and Settings\lipman\Desktop\New Folder")

Download SYSCLEAN.COM and place it in that directory.
Dowload the signature files (pattern files) by obtaining the ZIP file.
For example; lpt218.zip

Extract the contents of the ZIP file and place the contents in the same directory as
SYSCLEAN.COM.

2) If you are using WinME or WinXP, disable System Restore
        http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm
3) Reboot your PC into Safe Mode
4) Using the Trend Sysclean utility, perform a Full Scan of your platform and
        clean/delete any infectors found
5) Restart your PC and perform a "final" Full Scan of your platform
6) If you are using WinME or WinXP, Re-enable System Restore and re-apply any
        System Restore preferences, (e.g. HD space to use suggested 400 ~ 600MB),
7) Reboot your PC.
8) If you are using WinME or WinXP, create a new Restore point

You can also try some of the below online scanners.

Trend:
http://housecall.antivirus.com
http://housecall.trendmicro.com

F-Secure:
http://support.f-secure.com/enu/home/ols.shtml

McAfee:
http://www.mcafee.com/myapps/mfs/default.asp

Panda:
http://www.pandasoftware.com/activescan/

Kaspersky:
http://www.kaspersky.com/de/scanforvirus

Symantec:
http://security.symantec.com/

BitDefender
http://www.bitdefender.com/scan/license.php

Freedom Online scanner
http://www.freedom.net/viruscenter/index.html

* * * Please report your results ! * * *

Dave

"R. Anvil" <ranvil@comcast.net> wrote in message news:GYednX872JYDL-PcRVn-pg@comcast.com...
| I'm running XP Pro with all the SPs, ZoneAlarm Pro and NIV 2005. I had just
| downloaded and installed NIV 2005 after doing a full virus/worm scan, when I
| got notice that backdoor-g-1 (1243) had been blocked and then something
| about TCP (I use a cable modem and router) and then ViaVoice\bin\engine.exe.
|
| All this is Greek to me.
|
| I wasn't using voice activated software at the time but there is a dictation
| button for ViaVoice in my Word 2000.
|
| So, like, do I need to do anything? I ran Spyware and Adware and didn't
| come up with anything, and another virus scan came up clean. According to
| Norton this is a really old worm. Do I need to look in ViaVoice to see if
| anything exists there?
|
|