How to shift W32.spybot.worm ?

  • Hey Guest, Early bird pricing on the Summer Moot (29th July - 10th August) available until April 6th, we'd love you to come. PLEASE CLICK HERE to early bird price and get more information.

Shewie

Mod
Mod
Dec 15, 2005
24,259
24
48
Yorkshire
Anybody ever had this worm ?

I`ve spent about 3 hours trying to shift it but it keeps reappearing. I`ve followed procedures on the Symantec site but I can`t seem to shift it.

Started in Safe mode, searched and detected the worm with Symantec, deleted the affected file, disabled system restore, edited registry (although I could only find one extra file), restarted PC and Symantec finds it again within minutes of startup.

Anybody tell me how to get rid permanently ?

EDIT:

Without formatting the whole thing and rebuilding it tomorrow
 

madfaxman

Need to contact Admin...
Jan 27, 2007
63
0
51
Belfast
www.vocalireland.com
Did you download the removal tool on the same machine that is infected?

I take it you are using a windows machine.

Norton sometimes keeps the file in Quarantine so check there as well.

Restart in safe mode and run a full system scan.

Check the symantec site again and see if there is any ref to start up. The worm has probably added a file to the start up / boot.

To check the start up files ..

Start - Run - msconfig . look in system ini., boot ini , win ini, files. (you will see something strange if its there)

Also check the start up tab and go thru and anything that look suspect disable ( if something doesnt work after that go thru and turn it back on)

click on and restart, on restart you will get a pop up window say system has changed click ignore or ok.

Also go in to your restore point and remove the restore points.

If that doesnt work try one of the many free online scanners that will remove the problem totally, such as Kapserky

Hope that works for you!
 

PJMCBear

Settler
May 4, 2006
622
2
55
Hyde, Cheshire
I've used the system recovery successfully quite recently, but then I did notice the worm as soon as the machine was infected and only had to go back a week for the backup.
 

David.s

Forager
Jan 27, 2007
201
0
36
Glasgow
www.myspace.com_evil_scrappy
I downloaded a program the other day called "malwarebytes" a basic version is free.

cleaned all the crap off my system and runs abit better as well.


i would advise once you clean it off, if you dont have a antivirus program to download avg free edition, its great.
 

Shewie

Mod
Mod
Dec 15, 2005
24,259
24
48
Yorkshire
Shewie, never had that one, however I did a quick Google of "How to remove W32.spybot.worm" and think the most likely solution can be found http://www.symantec.com/security_response/writeup.jsp?docid=2003-053013-5943-99&tabid=3] here


Let us know if it works or not!

Cheers,


Tried that one a few times Nag but it still kept creating itself on a reboot. I was a bit surprised though because the Symantec fixes are usually pretty good.
Messed around again this morning and managed to tie it down to a few processes and corrupt files by fiddling with msconfig and the registry for ages.

All seems to be well at the moment but I`ve read w32.spybot can regenerate itself at anytime :eek: I even read somewhere that a full format of the boot drive isn`t enough, not too sure about that one though.

I think it`s cured but thanks for the pointers guys

I like the way Symantec suggests avoiding the more "questionable" sites :cool:
 
Feb 5, 2008
336
0
Datchet
I like the way Symantec suggests avoiding the more "questionable" sites :cool:


Grrrrrr, Comments like this from the AV companies really bug me. The days of spy and malware only coming from "questionable sites" is long gone. Your just as likley to get malware or spyware from a legitimate site as anywhere else and advice like that causes even more problems for people as they tend to feel more safe sites that are not considered "questionable". Mostly its hidden code in advertising banners, links and also google sponsered adds are often the problem.

Anyway glad you got it sorted.
 

Hammock_man

Full Member
May 15, 2008
1,450
526
kent
A program called Hijackthis will show what runs at boot time and allows you to block / kill it. In short anything there that you dont like the look of is suspect and can be chopped. its freeware
 

BCUK Shop

We have a a number of knives, T-Shirts and other items for sale.

SHOP HERE