Re: Shinwow

From: AnitaN (AnitaN_at_discussions.microsoft.com)
Date: 10/10/04


Date: Sun, 10 Oct 2004 14:27:03 -0700

Please see my notes below....I need help!
Thank you.

"AnitaN" wrote:

> I tried all this yesterday as you recommended.... Zone Labs has now
> identified "Shinwow" and says to use archiving software to delete infected
> file. They also directed me to Microsoft bulletin MS03011.asp. I've already
> installed SP2. What's next? Thank you.
>
> "David H. Lipman" wrote:
>
> > Chances are it is identifying an exploit attempt. Not an infection.
> >
> > 1) Download the following three items...
> >
> > Trend Sysclean Package
> > http://www.trendmicro.com/download/dcs.asp
> >
> > Latest Trend signature files.
> > http://www.trendmicro.com/download/pattern.asp
> >
> > Adaware SE
> > http://www.lavasoftusa.com/
> >
> > Create a directory.
> > On drive "C:\"
> > (e.g., "c:\New Folder")
> > or the desktop
> > (e.g., "C:\Documents and Settings\lipman\Desktop\New Folder")
> >
> > Download sysclean.com and place it in that directory.
> > Dowload the signature files (pattern files) by obtaining the ZIP file.
> > For example; lpt186.zip
> >
> > Extract the contents of the ZIP file and place the contents in the same directory as
> > sysclean.com.
> >
> > 2) Update Adware with the latest definitions.
> > 3) If you are using WinME or WinXP, disable System Restore
> > http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm
> > 4) Reboot your PC into Safe Mode
> > 5) Using both the Trend Sysclean utility and Adaware, perform a Full Scan of your
> > platform and clean/delete any infectors/parasites found.
> > 6) Restart your PC and perform a "final" Full Scan of your platform using both the
> > Trend Sysclean utility and Adaware
> > 7) If you are using WinME or WinXP,Re-enable System Restore and re-apply any
> > System Restore preferences, (e.g. HD space to use suggested 400 ~ 600MB),
> > 8) Reboot your PC.
> > 9) If you are using WinME or WinXP, create a new Restore point
> > 10) Please report back your results
> >
> > Dave
> >
> >
> >
> >
> >
> >
> > "AnitaN" <AnitaN@discussions.microsoft.com> wrote in message
> > news:8E907DE4-E89B-4003-9592-2CB9D672481D@microsoft.com...
> > | Zone Labs has identified "ByteVerify.exploit." How do I remove this?
> > | Thank you.
> > |
> >
> >
> >