PDA

View Full Version : iworm_attck_v122.02a help!!!!



strika
2006-07-20, 15:55
i have this virus in my pc...and i dont know what to do..i already used my ad-aware Se proffesional but nothing.... can you help me?

spybotsandra
2006-07-20, 16:28
Hello,

Download smitRem.exe and save the file to your
desktop. (By noahdfear.)
Double click on the file to extract it to it's own folder on the desktop.
Place a shortcut to Computer Associates eTrust AV Web Scanner: on your desktop.
http://www3.ca.com/virusinfo/virusscan.aspx

Please download the trial version of Ewido Security Suite here:
install then from within the program check for updates BUT dont scan yet
ewido security suite: http://www.ewido.net/en/download/
When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
When you run ewido for the first time, you will get a warning "Database could not be found!". Click OK.
We will fix this in a moment.
From the main ewido screen, click on update in the left menu, then click the Start update button.
After the update finishes (the status bar at the bottom will display "Update successful"), Now close the program.
Do NOT run a scan yet.

If you have not already installed Ad-Aware SE 1.06, follow these download and setup instructions, otherwise, check for
updates: Ad-Aware SE Setup
Don't run it yet!
Next, please reboot your computer in SafeMode by doing the following:

1. Restart your computer
2. After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3. Instead of Windows loading as normal, a menu should appear
4. Select the first option, to run Windows in Safe Mode.

Now scan with HJT and place a checkmark next to each of the following items if there, then click FIX
CHECKED:
O2 - BHO: HomepageBHO - {1ca480cd-c0e5-4548-874e-b85b17905b3a} - C:\WINDOWS\system32\hp6205.tmp
O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll (file missing)
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE

Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on
screen.
Wait for the tool to complete and disk cleanup to finish.
The tool will create a log named smitfiles.txt in the root of your drive, eg; Local Disk C: or partition where your
operating system is installed. Please post that log along with all others requested in your next reply.
Open Spybot check for and fix any problems found.
Open Ad-aware and do a full scan. Remove all it finds.

Run Ewido:

* Click on scanner
* Click on Complete System Scan and the scan will begin.
* NOTE: During some scans with ewido it is finding cases of false positives.
* You will need to step through the process of cleaning files one-by-one.
* If ewido detects a file you KNOW to be legitimate, select none as the action.
* DO NOT select "Perform action on all infections"
* If you are unsure of any entry found select none for now.
* When the scan is finished, click the Save report button at the bottom of the screen.
* Save the report to your desktop

Close Ewido

Restart back to a normal windows session

Next go to Control Panel click Display > Desktop > Customize Desktop > Web > Uncheck "Security Info" if
present.
Use the free Computer Associates eTrust AV Web Scanner
select all drives, scan, Try to cure/repair, if it cannot choose delete! If it cannot delete tell us the files names and
locations.
Post a new HijackThis Log, the contents of the smitfiles.txt log and the Ewido Log by using Add
Reply.
Let us know if any problems persist

Best regards
Sandra
Team Spybot

LonnyRJones
2006-07-21, 00:13
Welcome to the forum strika

Lets back up a bit

What version of SpyBot is it you have and when was it last updated ?

First please follow the instructions here to post a Online antivirus scan report and a Hijackthis log http://forums.spybot.info/showthread.php?t=288

tashi
2006-07-25, 16:55
This topic has been closed to prevent others with similar issues posting in it.
If you need it re-opened please send me or your helper a pm and provide a link to the thread.

Applies only to the original topic starter.