1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Worm_spybot.gen

Discussion in 'Virus & Other Malware Removal' started by drazil91, Sep 16, 2003.

Thread Status:
Not open for further replies.
Advertisement
  1. drazil91

    drazil91 Thread Starter

    Joined:
    Sep 16, 2003
    Messages:
    19
    Can someone walk me through removal of this thing? housecall/trendmicro detects it and cleans, but next run it shows up again. I am not sure, but I think it is blocking certain antivirus urls also.





    Thanks in advance

    Matt
     
  2. Wet Chicken

    Wet Chicken

    Joined:
    Sep 11, 2000
    Messages:
    10,673
    Could you please state what operating system you are using?

    If you have WinME then you need to first turn off system restore!
     
  3. Wet Chicken

    Wet Chicken

    Joined:
    Sep 11, 2000
    Messages:
    10,673
    Oh and WELCOME to the forum! :D
     
  4. drazil91

    drazil91 Thread Starter

    Joined:
    Sep 16, 2003
    Messages:
    19
    Windows XP. This forum is great.
     
  5. BillC

    BillC

    Joined:
    May 28, 2003
    Messages:
    2,366
  6. drazil91

    drazil91 Thread Starter

    Joined:
    Sep 16, 2003
    Messages:
    19
    The page cannot be displayed


    See what I mean? It is almost like antivirus pages are being prevented.
     
  7. BillC

    BillC

    Joined:
    May 28, 2003
    Messages:
    2,366
    Hey Matt,

    At first, I thought I put a bad link up, but it worked for me. It is stange that you can't get to it, but I copied the instructions for you:

    MANUAL REMOVAL INSTRUCTIONS

    Identifying the Malware Program

    Before proceeding to remove this malware, first identify the malware program.

    Scan your system with Trend Micro antivirus and NOTE all files detected as WORM_SPYBOT.GEN. To do this, Trend Micro customers must download the latest pattern file and scan their system. Other Internet users can use HouseCall, Trend Micro's free online virus scanner.

    Terminating the Malware Program

    Since this malware terminates the Windows NT and 2000 Task Manager and is invisible on the Windows 95, 98, and ME Task Manager, you need to use a process viewer to terminate this malware.

    One such utility isProcess Explorer from SystInternals. This small program can be downloaded freely from the SysInternals site.

    Once you have downloaded utility, locate and terminate the process of the file(s) detected earlier.

    Removing Autostart Entries from the Registry

    Removing autostart entries from registry prevents the malware from executing during startup. You will need the name(s) of the file(s) detected earlier.

    Open Registry Editor. To do this, click Start>Run, type REGEDIT, then press Enter.
    In the left panel, double-click the following:
    HKEY_LOCAL_MACHINE>Software>Microsoft>
    Windows>CurrentVersion>Run
    In the right panel, locate and delete the entry or entries whose data value (in the rightmost column) is the malware file(s) detected earlier.
    In the left panel, double-click the following:
    HKEY_CURRENT_USER>Software>Microsoft>
    Windows>CurrentVersion>RunOnce
    In the right panel, locate and delete the entry or entries whose data value (the rightmost column) is the malware file(s) detected earlier.
    Removing Malware Entries from the Registry

    Still in the Registry Editor, double-click the following:
    HKEY_CURRENT_USER>Software>Kazaa>LocalContent
    In the right panel, locate and delete this entry:
    Dir0 = 012345:%System% \kazaabackupfiles
    (Note: %System% refers to the Windows System folder which is usually the folder C:\Windows\System, C:\Winnt\System32 or C:\Windows\System32.)
    Close Registry Editor.
    NOTE: If you were not able to terminate the malware process from memory as described in the previous procedure, restart your system.
    Additional Windows ME/XP Cleaning Instructions

    Running Trend Micro Antivirus

    Scan your system with Trend Micro antivirus and delete all files detected as WORM_SPYBOT.GEN. To do this, Trend Micro customers must download the latest pattern file and scan their system. Other Internet users can use HouseCall, Trend Micro's free online virus scanner.

    Trend Micro offers best-of-breed antivirus and content-security solutions for your corporate network or home PC.



    For additional information about this threat, seeTechnical Details.
     
  8. drazil91

    drazil91 Thread Starter

    Joined:
    Sep 16, 2003
    Messages:
    19
    OK thanks for that. My printer is fried so I will eat dinner first then work on it.


    Thanks for your time.


    Matt
     
  9. eddie5659

    eddie5659 Moderator Malware Specialist

    Joined:
    Mar 19, 2001
    Messages:
    34,315
    I've seen this in another site. We've tried all sorts: Spybot, HT, cleanups, registering dll's, repairing IE, but still no real joy. :(

    Thats for the virus sites. May also see if this is what they have, but checked their startup list as well :(


    If you can get into the Antivirus sites after, let us know :)

    Regards

    eddie
     
  10. BillC

    BillC

    Joined:
    May 28, 2003
    Messages:
    2,366
    You are welcome indeed. If you have problems, come back and you'll get help here.

    Enjoy dinner!

    BillC
     
  11. drazil91

    drazil91 Thread Starter

    Joined:
    Sep 16, 2003
    Messages:
    19
     
  12. Wet Chicken

    Wet Chicken

    Joined:
    Sep 11, 2000
    Messages:
    10,673
    Use THIS if you don't have the Trend Micro anti-virus installed.


    Here is the read me file for how to use it:

    Clickity - Click !

    Make sure you actually read the read me file.

    For the TSC package to be effective, you must download and use the LATEST PATTERN FILE . Place the pattern file in the same folder as the Trend Micro System Cleaner Package.
     
  13. drazil91

    drazil91 Thread Starter

    Joined:
    Sep 16, 2003
    Messages:
    19
    almost all trend micro site URLs wont load.


    I don't know if this is a feature of this worm.

    Can you email file to me?


    [email protected]


    Thanks,

    Matt
     
  14. eddie5659

    eddie5659 Moderator Malware Specialist

    Joined:
    Mar 19, 2001
    Messages:
    34,315
  15. drazil91

    drazil91 Thread Starter

    Joined:
    Sep 16, 2003
    Messages:
    19
    That site wont load either.


    Weird
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/165291

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice