Slyck.com
 
Slyck Chatbox - And More

Have a worm need help to get rid of it

Discussion about the WinMX program/network
Forum rules
PLEASE READ BEFORE POSTING: Slyck Forum Rules

Have a worm need help to get rid of it

Postby fareryqueen73 » Mon Nov 15, 2004 11:17 pm

I was just informed today by mcafee virus scan that I have a worm on my computer that cannot be deleted, cleaned or quarantined. The virus is called W32/Bereb.worm!p2p. I have looked on the computer for possible solutions and alot of spyware/adware comes up. i was told that this doesn't work. Could someone please help me? :cry:
fareryqueen73
 
Posts: 6
Joined: Mon Nov 15, 2004 11:01 pm
Location: Illinois

Postby Nessmaster » Mon Nov 15, 2004 11:31 pm

Lol Mcafee? That piece of crap sucks. Use Norton, or better yet NOD32 :wink:
Nessmaster
 
Posts: 859
Joined: Fri Feb 27, 2004 3:13 am
Location: Hungary

Postby cacahead » Mon Nov 15, 2004 11:58 pm

I had a nasty one on my computer a while back. Nothing could get rid of it except spy sweeper. I even have Norton A.V. 2005, Norton Internet security 2005, and system works 2005. All with current definitions. My wife go it somehow (she could'nt remember). Now she has a limited account :x
cacahead
 
Posts: 158
Joined: Sun Aug 29, 2004 11:40 pm

Postby SlyckChuck » Tue Nov 16, 2004 12:32 am

1 - get avg6 it is free and works with others

2 - once installed run a sweep

3 - locate the worm file on search

4 - each time the worm is spotted during AV sweep delete it


This way the worm can not jump back into another area. Also, if you have xp or any type of nt windows installed, please turn off system restore. You might need to run another sweep after reboot because of restore files may have the worm still.


Hope this helps. I remember a kak worm that was a total pain one 5 yrs ago and above were the steps I took to rid myself of the nasty bastard. Good luck!! 8)
User avatar
SlyckChuck
 
Posts: 7025
Joined: Sun Jan 18, 2004 12:57 pm
Location: On Earth

Postby Allied » Tue Nov 16, 2004 12:40 am

Trend Micro online virus scanner,
http://housecall.trendmicro.com/houseca ... t_corp.asp

That and AVG Free are all I use.
Allied's Review:
Recommended: LimeWire | Ares | Shareaza | eMule | KCeasy
Not Recommended: Morpheus | Kazaa | eDonkey2000 | Manolito | iMesh
User avatar
Allied
Mostly Harmless
 
Posts: 2170
Joined: Sat Aug 14, 2004 11:23 pm
Location: Behind You Shoe Size: 11.008 BitTorrent: µTorrent Nationality: Canuckian Newsgroups: GrabIt

Postby j_dogg » Tue Nov 16, 2004 6:42 am

1 - get avg6 it is free and works with others


Bad idea. AVG may be free, but thats its only pro. It misses a lot of known and in the wild viruses and it removal abilities are useless.
NOD32 is the way to go. P.M me if you ned help cracking it, it's quite hard...

Also, check out virusbulletin, it's a good anaylis of whos, who in the AV world.
j_dogg
 
Posts: 2495
Joined: Sat Jan 24, 2004 12:47 am

Postby HouseCrowd » Tue Nov 16, 2004 7:29 am

Well, whichever AV software you choose to use fareryqueen73 (personally, I prefer Symantec Corporate) - in answer to your original question of how to get rid of it: Disable System Restore, and boot into Safe Mode, then run a full scan.
There are 10 types of people in the World; those who understand binary, and those who do not.
User avatar
HouseCrowd
 
Posts: 33862
Joined: Mon Oct 13, 2003 4:18 am
Location: UK

Postby thejynxed » Tue Nov 16, 2004 9:02 am

You might also try downloading programs like Stinger, etc, and running those. Also, read here: http://vil.nai.com/vil/content/v_101130.htm

This worm spreads through the WinMX file sharing network. When an infected file is run, the local machine becomes a host of the virus and IRC zombie system, carrying out the commands of a remote attacker.


Apparently if you are using McAfee, this worm was supposed to be detected and removed via a DAT file released back in March of 2004.

If you can read Dutch or wish to translate a page with good removal instructions, read here: http://www.lobika.be/Virus/2004/03/W32.Bereb.worm.html
"FlickR is supposed to be weird, fun, experimental, way out-there -- oh no, wait, now that it's so close to being part of Microsoft, FlickR's supposed to bore people to death and empty their pockets while pretending to innovate." - Bruce Sterling
thejynxed
 
Posts: 1953
Joined: Mon Sep 06, 2004 12:22 pm
Location: In a Galaxy Far, Far Away....

Postby Bunny101 » Tue Nov 16, 2004 9:53 am

Hmm the normal reason is that the file is in the windows restore file.
Try to turn of system restore.

how to: http://www.pchell.com/virus/systemrestore.shtml
User avatar
Bunny101
 
Posts: 1270
Joined: Mon Mar 08, 2004 8:53 am

Postby lordfoul » Tue Nov 16, 2004 10:55 am

A lot of anti-virus opinions get the facts...
http://www.virusbtn.com/vb100/archives/ ... .xml?table
User avatar
lordfoul
 
Posts: 2593
Joined: Tue Feb 17, 2004 11:44 pm

Postby fareryqueen73 » Thu Nov 18, 2004 1:04 am

so after i scan this and restart am i supposed to turn on the system restore? I am sorry this is the first time i have ever had to do this. The AVG 6 deal also found trojan horses also and i do say this plural because there was two.
fareryqueen73
 
Posts: 6
Joined: Mon Nov 15, 2004 11:01 pm
Location: Illinois

Postby SlyckChuck » Thu Nov 18, 2004 1:07 am

Yes once you rid yourself of the bug it is all right. The reason why HC and I asked you to turn it off is because it may record the worm in a restore file. :wink:
User avatar
SlyckChuck
 
Posts: 7025
Joined: Sun Jan 18, 2004 12:57 pm
Location: On Earth

Postby fareryqueen73 » Thu Nov 18, 2004 1:14 am

you guys and gals are awsome thanks
fareryqueen73
 
Posts: 6
Joined: Mon Nov 15, 2004 11:01 pm
Location: Illinois

Postby fareryqueen73 » Thu Nov 18, 2004 2:12 am

ok one more question if i delete any of the files that have the virus attached will it mess up my system. do i need to have a restore cd ready?
fareryqueen73
 
Posts: 6
Joined: Mon Nov 15, 2004 11:01 pm
Location: Illinois

Postby lordfoul » Thu Nov 18, 2004 9:25 am

If you mean delete them to the recycle bin you are ok just don't execute them; then empty the recycle bin immediately.
User avatar
lordfoul
 
Posts: 2593
Joined: Tue Feb 17, 2004 11:44 pm

Postby fareryqueen73 » Sat Nov 20, 2004 4:20 am

I am sorry to keep asking questions but what is a WIN32/parite. And do migpwd.exe, dxdllreg.exe and netsetup.exe mean anything. I mean could I just delete them and not have to worry about anything?
fareryqueen73
 
Posts: 6
Joined: Mon Nov 15, 2004 11:01 pm
Location: Illinois

Postby fareryqueen73 » Sat Nov 20, 2004 4:20 am

I am sorry to keep asking questions but what is a WIN32/parite. And do migpwd.exe, dxdllreg.exe and netsetup.exe mean anything. I mean could I just delete them and not have to worry about anything?
fareryqueen73
 
Posts: 6
Joined: Mon Nov 15, 2004 11:01 pm
Location: Illinois

Postby thejynxed » Sat Nov 20, 2004 10:47 am

dxdllreg - dxdllreg.exe - Process Information

Process File: dxdllreg or dxdllreg.exe
Process Name: Microsoft DXDllRegExe

Description:
dxdllreg.exe is an application which is supposed to request you register your version of DirectX, however sometimes it stays resident.
Author: Microsoft Corp.
Part Of: Microsoft Windows Operating System
=======================================================
netsetup.exe is a generic install program for some 3rd party apps, and there is also a file by the same name that is part of the Windows OS. The OS needs this file, do not delete it.
=======================================================
migpwd.exe is the file that allows you to migrate your Windows passwords. It is an important system file and without it you can't log into Windows.
=======================================================
Win32/Parite
=======================================================
The virus consists of a dropper, which is witten in assembler, and the virus part itself, written in Borland C++.

When an infected file is launched, the control flow is passed to the virus dropper, which writes the virus to a temporary file and executes its infection procedure.

The virus searches for Win32 EXE PE files with .scr and .exe extensions on all logical drives of computer, and also in shared resources of local network, and infects them.

The virus doesn't manifest itselfs presence in any way.

The structure of infected file looks like this:

Host file
Virus
dropper - drops "main" to TEMP dir and executes it.
main - searches for files and infects them, e.t.c.

Removal Tool: http://www.bitdefender.com/bd/site/viru ... &v_id=137#
"FlickR is supposed to be weird, fun, experimental, way out-there -- oh no, wait, now that it's so close to being part of Microsoft, FlickR's supposed to bore people to death and empty their pockets while pretending to innovate." - Bruce Sterling
thejynxed
 
Posts: 1953
Joined: Mon Sep 06, 2004 12:22 pm
Location: In a Galaxy Far, Far Away....


Return to WinMX

Who is online

Users browsing this forum: No registered users and 3 guests

© 2001-2008 Slyck.com