Re: Worm

From: Malke (malke_at_nospoonnotreally.com)
Date: 08/29/04


Date: Sun, 29 Aug 2004 06:04:40 -0700

soumendu samanta wrote:

> How i can remove spyboot.worm virus.I can't update virus
> defination from symentac.It totaly blok the webpage.And
> also slow the mechine.I use windows xp.Help me to remove
> this virus.
>

If you can't get to antivirus/spyware removal sites, your hosts files
are probably compromised. Here's how to fix that:

1. In XP's Search preferences, set the files and folders handling to
Advanced, and then check the box that will make Search look in hidden
files/folders.
2. Now enter the search term "hosts" without the quotes.
3. You will get several hosts and lmhosts files. Double-click each one
to open it. When you do this, you'll get a Windows dialog box saying
that Windows cannot open this file, do you want to use the web or
select from a list to find the proper program. Choose "select from a
list" and highlight Notepad. Make sure the box to always use this
program to open this type of file is not checked.
4. Now carefully examine the file. Lines that begin with a # are
comments and don't count. Leave them alone. Unless you know you use a
proxy server to get to the Internet or you added entries yourself, the
only uncommented entry that should be there is:

127.0.0.1 localhost

If you see any other entries, delete them and Save the file. Make sure
you scroll all the way down to the bottom of the window if there is a
scrollbar. Do this for each file you found. Now you should be able to
get to antivirus and spyware-fighting websites. Continue your cleanup
by removing spyware with Spybot Search & Destroy from
www.safer-networking.org and Ad-aware from www.lavasoftusa.com. Be sure
to update these programs before running them. These programs are free,
so run them both since they complement each other. You may also want to
run CWShredder and HijackThis from http://aumha.org/freeware.htm.
Although CWShredder is no longer being updated, it will still clean
older variants of the CoolWebSearch malware. Always read the
instructions before running a spyware removal tool. It is best to run
antivirus and spyware removal tools in Safe Mode.

Malke

-- 
MS MVP - Windows Shell/User
Elephant Boy Computers
www.elephantboycomputers.com
"Don't Panic!"


Relevant Pages

  • Re: Windows Update Page doesnt load
    ... > Antivirus 2003. ... > contact Windows Update. ... Another thing to do is check your hosts files for hijacking. ... Always read the instructions before running a spyware ...
    (microsoft.public.windowsxp.general)
  • Re: host file
    ... Now enter the search term "hosts" without the quotes. ... you'll get a Windows dialog box saying ... instructions before running a spyware removal tool. ... antivirus and spyware removal tools in Safe Mode. ...
    (microsoft.public.windowsxp.general)
  • Re: Backdoor.irc.bot
    ... > patches, fixes, updates or any spy-removal software to do the job. ... Now enter the search term "hosts" without the quotes. ... you'll get a Windows dialog box saying ... get to antivirus and spyware-fighting websites. ...
    (microsoft.public.windowsxp.general)
  • Re: Unable to connect to Microsoft.com through ICS
    ... > it works fine for all websites, ... Check your Hosts files for compromise. ... you'll get a Windows dialog box saying ... instructions before running a spyware removal tool. ...
    (microsoft.public.windowsxp.network_web)
  • Re: Netspry
    ... > website hijacks the pop-up screen each time. ... Check the hosts files as follows (these instructions are for XP; ... you'll get a Windows dialog box saying ... instructions before running a spyware removal tool. ...
    (microsoft.public.security.virus)