W32.Spybot.Worm

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

cdplayer

Thread Starter
Joined
Sep 2, 2004
Messages
8
I am using Windows XP SP1. Norton discovered a few weeks ago that I have the W32.Spybot.Worm. It was unable to do anything with it except to tell me.

I followed Symantec's Security Response to the W32.Spybot.Worm to the letter.

I have been hit twice with this worm and have removed it. After I removed the W32.Spybot.Worm the second time I installed an NAT router, updated Norton (it was using the latest version of the definitions at the time) and installed Ad-aware SE.

This morning I discovered that I have been hit again. Is there any logical way to attack this beast?

I am going to use Symantec's Security Response to rid me of the W32.Spybot.Worm again. (I hope)

Maybe what I am doing is not enough……………………….

What should I be looking at next?

Thanks!
 

Cookiegal

Karen
Administrator
Malware Specialist Coordinator
Joined
Aug 27, 2003
Messages
119,617
Hi and welcome to TSG,

Please do this. Click here: http://www.majorgeeks.com/download3155.html to download Hijack This. It’s very important that you save it to its own folder on your hard drive, such as program files (not temporary files or the desktop), so that it can create proper back-ups and be able to restore them if necessary.

Close all open windows and open Hijack This. Click “Scan”. When the scan is finished (it only takes a second), the scan button will change to “Save Log”. Click on “Save Log” and then save it to NotePad. Click on “Edit” – “Select all” – “copy” and then “paste” into the thread.

DO NOT FIX ANYTHING YET, most items that appear in the log are harmless or even needed.
 

cdplayer

Thread Starter
Joined
Sep 2, 2004
Messages
8
Thanks Cookie for the information.
What I have done is run the automatic removal by Trend Micro System Cleaner (http://www.trendmicro.com/download/tsc.asp). Boy did it do a house cleaning! Take a look at the log file:
Damage Cleanup Engine (DCE) 3.6(Build 1120)
Windows XP(Build 2600: Service Pack 1)

Start time : Thu Sep 02 2004 21:49:00

Load Damage Cleanup Template (DCT) "C:\Documents and Settings\LENK\Desktop\sysclean\tsc.ptn" (version 415) [success]
WORM_SPYBOT.BA[virus found]
-->delete registry data("HKEY_LOCAL_MACHINE","Software\Microsoft\Windows\CurrentVersion\Run","SYSCFG32.EXE") success
WORM_SDBOT.MY[virus found]
-->delete registry data("HKEY_CURRENT_USER","Software\Microsoft\Windows\CurrentVersion\Run","wuamgrd.exe") success
WORM_SDBOT.JG[virus found]
-->delete registry data("HKEY_CURRENT_USER","Software\Microsoft\Windows\CurrentVersion\Run","wuamgrd.exe") success
WORM_SDBOT.L[virus found]
-->delete registry data("HKEY_CURRENT_USER","Software\Microsoft\Windows\CurrentVersion\Run","wuamgrd.exe") success
WORM_SDBOT.ZY[virus found]
-->delete registry data("HKEY_CURRENT_USER","Software\Microsoft\Windows\CurrentVersion\Run","WUAMGRD.EXE") success
-->modify registry data("HKEY_LOCAL_MACHINE","SOFTWARE\Microsoft\Ole","EnableDCOM") success
WORM_RBOT.AE[virus found]
-->delete registry data("HKEY_CURRENT_USER","Software\Microsoft\Windows\CurrentVersion\Run","wuamgrd.exe") success
WORM_RBOT.CA[virus found]
-->delete registry data("HKEY_CURRENT_USER","Software\Microsoft\Windows\CurrentVersion\Run","wuamgrd.exe") success
WORM_RBOT.HB[virus found]
-->delete registry data("HKEY_CURRENT_USER","Software\Microsoft\Windows\CurrentVersion\Run","wuamgrd.exe") success
-->modify registry value("HKEY_LOCAL_MACHINE","SYSTEM\CurrentControlSet\Control\Lsa","restrictanonymous") success
WORM_RBOT.JS[virus found]
-->delete registry data("HKEY_CURRENT_USER","Software\Microsoft\Windows\CurrentVersion\Run","wuamgrd.exe") success
-->modify registry value("HKEY_LOCAL_MACHINE","SYSTEM\CurrentControlSet\Control\Lsa","restrictanonymous") success
-->modify registry value("HKEY_LOCAL_MACHINE","Software\Microsoft\Ole","EnableDCOM") success

Complete time : Thu Sep 02 2004 21:49:11
Execute pattern count(1170), Virus found count(9), Virus clean count(9), Clean failed count(0)

If this does not work then I will use Hijack This. I have already downloaded it and reviewed the tutorial.

I just hope I have not missed something else that I as suppose to do....
Wish me luck and thanks!
 

Cookiegal

Karen
Administrator
Malware Specialist Coordinator
Joined
Aug 27, 2003
Messages
119,617
I would still recommend posting the log as there may be other things that require our attention.
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Members online

Top