Worm_spybot.gen

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

drazil91

Thread Starter
Joined
Sep 16, 2003
Messages
19
Can someone walk me through removal of this thing? housecall/trendmicro detects it and cleans, but next run it shows up again. I am not sure, but I think it is blocking certain antivirus urls also.





Thanks in advance

Matt
 
Joined
Sep 11, 2000
Messages
10,673
Could you please state what operating system you are using?

If you have WinME then you need to first turn off system restore!
 

drazil91

Thread Starter
Joined
Sep 16, 2003
Messages
19
The page cannot be displayed


See what I mean? It is almost like antivirus pages are being prevented.
 
Joined
May 28, 2003
Messages
2,366
Hey Matt,

At first, I thought I put a bad link up, but it worked for me. It is stange that you can't get to it, but I copied the instructions for you:

MANUAL REMOVAL INSTRUCTIONS

Identifying the Malware Program

Before proceeding to remove this malware, first identify the malware program.

Scan your system with Trend Micro antivirus and NOTE all files detected as WORM_SPYBOT.GEN. To do this, Trend Micro customers must download the latest pattern file and scan their system. Other Internet users can use HouseCall, Trend Micro's free online virus scanner.

Terminating the Malware Program

Since this malware terminates the Windows NT and 2000 Task Manager and is invisible on the Windows 95, 98, and ME Task Manager, you need to use a process viewer to terminate this malware.

One such utility isProcess Explorer from SystInternals. This small program can be downloaded freely from the SysInternals site.

Once you have downloaded utility, locate and terminate the process of the file(s) detected earlier.

Removing Autostart Entries from the Registry

Removing autostart entries from registry prevents the malware from executing during startup. You will need the name(s) of the file(s) detected earlier.

Open Registry Editor. To do this, click Start>Run, type REGEDIT, then press Enter.
In the left panel, double-click the following:
HKEY_LOCAL_MACHINE>Software>Microsoft>
Windows>CurrentVersion>Run
In the right panel, locate and delete the entry or entries whose data value (in the rightmost column) is the malware file(s) detected earlier.
In the left panel, double-click the following:
HKEY_CURRENT_USER>Software>Microsoft>
Windows>CurrentVersion>RunOnce
In the right panel, locate and delete the entry or entries whose data value (the rightmost column) is the malware file(s) detected earlier.
Removing Malware Entries from the Registry

Still in the Registry Editor, double-click the following:
HKEY_CURRENT_USER>Software>Kazaa>LocalContent
In the right panel, locate and delete this entry:
Dir0 = 012345:%System% \kazaabackupfiles
(Note: %System% refers to the Windows System folder which is usually the folder C:\Windows\System, C:\Winnt\System32 or C:\Windows\System32.)
Close Registry Editor.
NOTE: If you were not able to terminate the malware process from memory as described in the previous procedure, restart your system.
Additional Windows ME/XP Cleaning Instructions

Running Trend Micro Antivirus

Scan your system with Trend Micro antivirus and delete all files detected as WORM_SPYBOT.GEN. To do this, Trend Micro customers must download the latest pattern file and scan their system. Other Internet users can use HouseCall, Trend Micro's free online virus scanner.

Trend Micro offers best-of-breed antivirus and content-security solutions for your corporate network or home PC.



For additional information about this threat, seeTechnical Details.
 

drazil91

Thread Starter
Joined
Sep 16, 2003
Messages
19
OK thanks for that. My printer is fried so I will eat dinner first then work on it.


Thanks for your time.


Matt
 

eddie5659

Moderator
Malware Specialist
Joined
Mar 19, 2001
Messages
37,258
I've seen this in another site. We've tried all sorts: Spybot, HT, cleanups, registering dll's, repairing IE, but still no real joy. :(

Thats for the virus sites. May also see if this is what they have, but checked their startup list as well :(


If you can get into the Antivirus sites after, let us know :)

Regards

eddie
 
Joined
May 28, 2003
Messages
2,366
You are welcome indeed. If you have problems, come back and you'll get help here.

Enjoy dinner!

BillC
 

drazil91

Thread Starter
Joined
Sep 16, 2003
Messages
19
Originally posted by BillC:
[MANUAL REMOVAL INSTRUCTIONS

Identifying the Malware Program

Before proceeding to remove this malware, first identify the malware program.

Scan your system with Trend Micro antivirus and NOTE all files detected as WORM_SPYBOT.GEN. To do this, Trend Micro customers must download the latest pattern file and scan their system. Other Internet users can use HouseCall, Trend Micro's free online virus scanner.

Terminating the Malware Program

Since this malware terminates the Windows NT and 2000 Task Manager and is invisible on the Windows 95, 98, and ME Task Manager, you need to use a process viewer to terminate this malware.

One such utility isProcess Explorer from SystInternals. This small program can be downloaded freely from the SysInternals site.

Once you have downloaded utility, locate and terminate the process of the file(s) detected earlier.


OK a couple of questions

Trend micro doesn't identify the malware program?

I can't load that url for sysinternals.com can you send file?





Thanks,
Matt
 
Joined
Sep 11, 2000
Messages
10,673
Use THIS if you don't have the Trend Micro anti-virus installed.


Here is the read me file for how to use it:

Clickity - Click !

Make sure you actually read the read me file.

For the TSC package to be effective, you must download and use the LATEST PATTERN FILE . Place the pattern file in the same folder as the Trend Micro System Cleaner Package.
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Members online

Top