Microsoft > Windows XP
PLEASE HELP VIRUS W32.WALLZ
kopenhagen:
--- Quote ---kopenhagen..... Several questions ......
1.....Do you have the system restore feature turned off ?
it is ON
2.....Which version of Norton are you using and is it up to date re subscription and updates ?
I have NAV 2002, updates and subscription till 6/2006
3.....Does Norton find the virus and indicate where it is residing ?
c:\MSDIRECTX.SYS
C:\WIN\SYST32\MOUSEHS.EXE
4......Have you made the deletions and modifications to the registry as detailed by symantec ........ http://securityresponse.symantec.com/avcenter/venc/data/w32.wallz.html
Let us know
dl65 ::)
--- End quote ---
1/SYS RESTORE IS ON
2/NAV 2002, UPDATES AND SUBSCRIPTION TILL 6/06
3/ C:\MSDIRECTX.SYS
C:\WIN\SYS32\MOUSEHS.EXE
4/ This is the tricky part, I have afew questions
"EnableDCOM" = "Y"
I DID BUT WHEN I RESTART THE PC, IT BECOMES "N" UNLESS I HAVE TO SAVE IT AND HOW?
to the registry subkey:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole
to enable DCOM.
Adds the value:
"restrictanonymous" = "dword:00000001"
I RIGHT CLICK,MODIFY ,BUT CAN'T PUT DWORD: 00000..
to the registry subkey:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
to restrict anonymous access to network shares.
Creates the following file, which is not malicious:
%Windir%\Debug\dcpromo.log
I DID
ANYWAY, I scan on live with House call trend micro,symantec, AND mc affee
NOne of them can't remove this virus?
Thanks
Fed:
Removal Instructions
1) Disable System Restore (Windows Me/XP).
2) Update the virus definitions.
3) Run a full system scan and delete all the files detected as W32.Wallz.
4) Delete the value that was added to the registry.
Have you done the first 3 things yet?
You may need KillBox to delete the file.
http://spywareinfo.com/~merijn/files/
kopenhagen:
--- Quote ---Removal Instructions
1) Disable System Restore (Windows Me/XP).
2) Update the virus definitions.
3) Run a full system scan and delete all the files detected as W32.Wallz.
4) Delete the value that was added to the registry.
Have you done the first 3 things yet?
You may need KillBox to delete the file.
http://spywareinfo.com/~merijn/files/
--- End quote ---
1/CAN'T DISABLE IT, IT'S FROZEN
2/I DID ALREADY
3/ IF I CAN DELETE , I DON'T NEED TO POST THIS THREAD
I DELTE MSDIRECTX.SYS IN SAFE MODE,WHEN PC REBOOTS IT'S STILL THERE.
NORTON ALERT
C:\MSDIRECTX.SYS VIRUS NAME: Hacktool.Rootkit
C:\WIN\SYS32\MOUSEHS.EXE VIRUS NAME: W32.WALLZ
Thanks for your help
Fed:
Make a directory called C:\Hijack then go to
http://www.hijackthis.de/index.php?langselect=english
and download Hijackthis into the directory you made.
Bookmark the above site for later. ;)
Start Hijack, run a scan, save the scan, go back to the bookmarked site and get your saved scan analysed.
Take appropriate actions or post your scan in here (you will need a few posts to do it because of it's length)
Raptor:
Obviously, you are installing software that brings the virus along.
Navigation
[0] Message Index
[#] Next page
[*] Previous page
Go to full version