Re: W32.Spybot.Worm
From: David H. Lipman (DLipman~nospam~_at_Verizon.Net)
Date: 01/26/04
- Next message: Andrew Z Carpenter [MVP:Windows:Security]: "Re: Blasterworm virus"
- Previous message: David H. Lipman: "Re: email from Microsoft"
- In reply to: Virusessuck: "W32.Spybot.Worm"
- Next in thread: anonymous_at_discussions.microsoft.com: "Re: W32.Spybot.Worm"
- Reply: anonymous_at_discussions.microsoft.com: "Re: W32.Spybot.Worm"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 26 Jan 2004 12:42:30 -0500
Please read the following URL:
http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm
The objective:
------------------
- Turn off the System Restore function
- Reboot the PC
- Using your SAV package, perform a full scan of all files on the platform and clean/delete
infectors found
- Turn on the System Restore function, and re-apply any System Restore preferences,
e.g. HD space to use
- Reboot the PC
- Create a new System Restore point.
If you have problems, it can be done manually....
Use the WinME floppy boot disk and boot from drive "A:"
When you get to a DOS prompt enter the following command
attrib -r -s -h c:\_RESTORE
rename c:\_RESTORE c:\RESTORE.old
Reboot the PC.
In Windows delete the folder; c:\RESTORE.old
Please report back your results.
Dave
"Virusessuck" <anonymous@discussions.microsoft.com> wrote in message
news:4b8101c3e432$8fccd790$a601280a@phx.gbl...
| Hi all,
|
| Somehow I've ended up with the Spybot Worm. The first
| thing I did was visit SARC to see how it might be removed.
|
| They advise to disable System Restore, which has worked
| perfectly in the past to 'purge' my system of any critters
| who might be lurking.
|
| Unfortunately, my System Restore was ALREADY disabled.
| They also advise to look in the registry for certain
| values. I looked and found none. Then, they advised that I
| start the computer in Safe Mode and run an AV scan. Well,
| my AV scan wouldn't run in Safe Mode!
|
| Spybot has infected .CPY files in the c:\\_Restore\Temp
| folder. File names are AA0015547, 548, 549, etc.
|
| I am running Windows Me with NAV antivirus and firewall.
| Does anyone know how I might be able to get rid of this
| virus without having to do the (cringe) F-disk thing?
|
| To recap:
|
| Disable Sys restore - already disabled
|
| start computer in safe mode, do av scan - won't run in
| safe mode
|
| delete infected files - wasn't able to delete files when
| reviewing the list of infections
|
| edit registry - no suspicious registry values found.
|
| Thanks in advance for anyone who can help me!
- Next message: Andrew Z Carpenter [MVP:Windows:Security]: "Re: Blasterworm virus"
- Previous message: David H. Lipman: "Re: email from Microsoft"
- In reply to: Virusessuck: "W32.Spybot.Worm"
- Next in thread: anonymous_at_discussions.microsoft.com: "Re: W32.Spybot.Worm"
- Reply: anonymous_at_discussions.microsoft.com: "Re: W32.Spybot.Worm"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
