Virus?

[Malware Removal Specialist]

Additional, you will need to download and unzip this file into the sysclean folder also.

lpt855.zip

Unzipping this new file will create a new folder. Drag and drop the sysclean package into the new folder and double click it to run.

Ok when I click to run I get  !pattern file “LPT$VPN.* “ is missing, please download a copy.
If i ignore the message and continue it says no viruses found and produces a log.

Hmm, something just hit me.  All three computers had network magic at one time.  The oldest computer which has no virus scan or internet security other then windows firewall no longer uses network magic cause it kept disconnecting from the internet.  I'm the only computer that still has network magic on it and i realized that even though the other computers don't have it anymore, my music/picture folders show on my program as being shareable with the other two computers.  I've no clue about all this computer stuff, but is it possible since only those two folders are shareable that it's the other computer sending the worm to those folders?

I've changed my options and am not sharing any folders.  I ran the virus scan three times since yesterday and it wasn't showing any viruses.  This time though, once i stopped sharing the music/picture folders, it listed all the worms in those two folders and removed them.

I'll wait to see if I get anymore pc-cillin pop-ups regarding the worm.



[saving space - attachment deleted by admin]

[Malware Removal Specialist]

Did you see my post about adding the lpt855.zip to the sysclean folder?

Additional, you will need to download and unzip this file into the sysclean folder also.

lpt855.zip

Unzipping this new file will create a new folder. Drag and drop the sysclean package into the new folder and double click it to run.

That is the virus definitions to clean the infection. Without it nothing will be found.

You may want to run it on all of the computers. This worm is NASTY to say the least and I don't think the pc-cillin will take care of it alone. I found an entry in the combofix log that led me to this fix so it really needs to be run.

Sorry I posted the instructions in reverse 

k ran it again.

haven't had any worm sightings yet.

[saving space - attachment deleted by admin]

[Malware Removal Specialist]

Go to Start > Control Panel and open the Scheduled tasks folder. Look for anything to do with WowTumpeh.com and right click it and select delete.

-------------------

Delete these files/folders, as follows:

* Open notepad and copy/paste the text in the quote box below into it (all except the word QUOTE):

C:\Documents and Settings\Cindy\Templates\WowTumpeh.com

* Save this as CFScript on the desktop.
* Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!



* ComboFix will begin to execute, just follow the prompts. After reboot (in case it asks to reboot), it shall produce a log for you. Post that log (Combofix.txt) in your next reply.

Note: Do not mouseclick combofix's window while it is running. That may cause your system to hang

------------------

Attach the combofix log in the next post.

done.



[saving space - attachment deleted by admin]

[Malware Removal Specialist]

You are going to like me now, lol

I messed that up.

To make it easier (hopefully) go to C:\Documents and Settings\Cindy\Templates\WowTumpeh.com and delete the WowTumpeh.com

Sorry.......

ha, you keep changing things after i've completed them 

the tumpeh thing was listed as 1a or something like that  in scheduled tasks, don't see anything like that in my templates.

[Malware Removal Specialist]

Lets try the combofix (the right way this time) I forgot to put the File:: in the quote box last time.

Delete these files/folders, as follows:

* Open notepad and copy/paste the text in the quote box below into it (all except the word QUOTE):

File::
C:\Documents and Settings\Cindy\Templates\WowTumpeh.com

* Save this as CFScript on the desktop.
* Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!



* ComboFix will begin to execute, just follow the prompts. After reboot (in case it asks to reboot), it shall produce a log for you. Post that log (Combofix.txt) in your next reply.

Note: Do not mouseclick combofix's window while it is running. That may cause your system to hang

------------------

Attach the combofix log in the next post.

k done

[saving space - attachment deleted by admin]

[Malware Removal Specialist]

OK, I don't see it anymore.

Is the computer still acting up?

I would suggest running the Trend Micro Online scan. It will remove any leftovers of the worm.
http://housecall.trendmicro.com/

You can delete the sysclean folder if you are done with it.

Go to Start > Run and copy and paste next command in the field:

ComboFix /u



Make sure there's a space between Combofix and /
Then hit Enter.

This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again

Let us know how things are now.

well its been about 4 or 5 hours now and no sign of the worm. hopefully it's gone for good, i'm working on the older computer it seems to have the same worm and lots of other goodies but it scans alot slower then mine.

thanks alot for your help, i would of ended up on the phone with dell and they'd of screwed my computer even more and then would of advised me to pull out my restore disk.    i really appreciate your help, thanks again!

[Malware Removal Specialist]

It was a tricky one. Hidden pretty well to say the least. I would stop using the internet without antivirus and a firewall.

Here are some good free lightweight suggestions.

Comodo Free Firewall

Avast Home Free

AVG Free Edition

Here are a few more scanners you may want to use. They scan and remove what they find, are very good plus free.

First though you may want to run CCleaner to remove all of the junk files. This will help to speed up the scans. 

Download CCleaner

Online Scanners

ESET Nod32 Online Scanner

BitDefender Online Scanner

Spyware/Trojan/Worm scanners

SUPERAntispyware Free Edition

A-Squared Free

Having a look at this article by Tony Klein for some great free tips to improve security. So how did I get infected in the first place?

If anything else comes up just let us know.

Safe surfing..........