Toggle sidebar

How to shift W32.spybot.worm ?

  • Come along to the amazing Summer Moot (21st July - 2nd August), a festival of bushcrafting and camping in a beautiful woodland PLEASE CLICK HERE for more information.
Shewie

Shewie

Mod
Dec 15, 2005
24,259
27
49
Yorkshire
Anybody ever had this worm ?

I`ve spent about 3 hours trying to shift it but it keeps reappearing. I`ve followed procedures on the Symantec site but I can`t seem to shift it.

Started in Safe mode, searched and detected the worm with Symantec, deleted the affected file, disabled system restore, edited registry (although I could only find one extra file), restarted PC and Symantec finds it again within minutes of startup.

Anybody tell me how to get rid permanently ?

EDIT:

Without formatting the whole thing and rebuilding it tomorrow
 
Did you download the removal tool on the same machine that is infected?

I take it you are using a windows machine.

Norton sometimes keeps the file in Quarantine so check there as well.

Restart in safe mode and run a full system scan.

Check the symantec site again and see if there is any ref to start up. The worm has probably added a file to the start up / boot.

To check the start up files ..

Start - Run - msconfig . look in system ini., boot ini , win ini, files. (you will see something strange if its there)

Also check the start up tab and go thru and anything that look suspect disable ( if something doesnt work after that go thru and turn it back on)

click on and restart, on restart you will get a pop up window say system has changed click ignore or ok.

Also go in to your restore point and remove the restore points.

If that doesnt work try one of the many free online scanners that will remove the problem totally, such as Kapserky

Hope that works for you!
 
I've used the system recovery successfully quite recently, but then I did notice the worm as soon as the machine was infected and only had to go back a week for the backup.
 
I downloaded a program the other day called "malwarebytes" a basic version is free.

cleaned all the crap off my system and runs abit better as well.


i would advise once you clean it off, if you dont have a antivirus program to download avg free edition, its great.
 
Nagual said:
Shewie, never had that one, however I did a quick Google of "How to remove W32.spybot.worm" and think the most likely solution can be found http://www.symantec.com/security_response/writeup.jsp?docid=2003-053013-5943-99&tabid=3] here


Let us know if it works or not!

Cheers,
Click to expand...


Tried that one a few times Nag but it still kept creating itself on a reboot. I was a bit surprised though because the Symantec fixes are usually pretty good.
Messed around again this morning and managed to tie it down to a few processes and corrupt files by fiddling with msconfig and the registry for ages.

All seems to be well at the moment but I`ve read w32.spybot can regenerate itself at anytime :eek: I even read somewhere that a full format of the boot drive isn`t enough, not too sure about that one though.

I think it`s cured but thanks for the pointers guys

I like the way Symantec suggests avoiding the more "questionable" sites :cool:
 
Shewie said:
I like the way Symantec suggests avoiding the more "questionable" sites :cool:
Click to expand...


Grrrrrr, Comments like this from the AV companies really bug me. The days of spy and malware only coming from "questionable sites" is long gone. Your just as likley to get malware or spyware from a legitimate site as anywhere else and advice like that causes even more problems for people as they tend to feel more safe sites that are not considered "questionable". Mostly its hidden code in advertising banners, links and also google sponsered adds are often the problem.

Anyway glad you got it sorted.
 
A program called Hijackthis will show what runs at boot time and allows you to block / kill it. In short anything there that you dont like the look of is suspect and can be chopped. its freeware
 
You must log in or register to reply here.

Similar threads

Shewie
How to shift a trojan ?
Replies
11
Views
3K
Other Chatter
Shewie
Shewie

BCUK Shop

We have a a number of knives, T-Shirts and other items for sale.

SHOP HERE
Top Bottom