HELP!!!!!!!!!!!! - W32.Spybot.Worm Virus on Vista

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
I have Norton AntiVirus 2007 and a new Vista PC which is about 3 months old.
Norton AV is reporting that I have two instances of the  'W32.Spybot.Worm'.
Norton just says 'review' and fails to remove them.

 I have switched off System restore and re-run the scanner but the same
thing happens, I have tried running it in Safe mode but it still reports the
same.

What does this mean? Should I be worried?

None of Symantec instructions for Norton AV relate to Vista (only up to XP)
and I am a bit reluctant to follow them since they involve editing the
registry.

I cannot find any automatic removal tools on the web for XP or otherwise.

Please help.


Patrick
uk




Re: HELP!!!!!!!!!!!! - W32.Spybot.Worm Virus on Vista


| I have Norton AntiVirus 2007 and a new Vista PC which is about 3 months old.
| Norton AV is reporting that I have two instances of the  'W32.Spybot.Worm'.
| Norton just says 'review' and fails to remove them.
|
|  I have switched off System restore and re-run the scanner but the same
| thing happens, I have tried running it in Safe mode but it still reports the
| same.
|
| What does this mean? Should I be worried?
|
| None of Symantec instructions for Norton AV relate to Vista (only up to XP)
| and I am a bit reluctant to follow them since they involve editing the
| registry.
|
| I cannot find any automatic removal tools on the web for XP or otherwise.
|
| Please help.
|
| Patrick
| uk
|


Download MULTI_AV.EXE from the URL --
http://www.pctipp.ch/downloads/dl/35905.asp

To use this utility, perform the following...
Execute; Multi_AV.exe { Note: You must use the default folder C:\AV-CLS }
Choose; Unzip
Choose; Close

Execute; C:\AV-CLS\StartMenu.BAT
{ or Double-click on 'Start Menu' in C:\AV-CLS }

NOTE: You may have to disable your software FireWall or allow WGET.EXE to go
through your
FireWall to allow it to download the needed AV vendor related files.

C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in C:\AV-CLS}
This will bring up the initial menu of choices and should be executed in Normal
Mode.
This way all the components can be downloaded from each AV vendor's web site.
The choices are; Sophos, Trend, McAfee, Kaspersky, Exit this menu and Reboot the
PC.

You can choose to go to each menu item and just download the needed files or you
can
download the files and perform a scan in Normal Mode. Once you have downloaded
the files
needed for each scanner you want to use, you should reboot the PC into Safe Mode
[F8 key
during boot] and re-run the menu again and choose which scanner you want to run
in Safe
Mode.  It is suggested to run the scanners in both Safe Mode and Normal Mode.

When the menu is displayed hitting 'H' or 'h' will bring up a more comprehensive
PDF help
file.

Additional Instructions:
http://pcdid.com/Multi_AV.htm


* * *   Please report back your results  * * *



--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp



Re: HELP!!!!!!!!!!!! - W32.Spybot.Worm Virus on Vista

David H. Lipman - 19.12.2007 00:04 :

Quoted text here. Click to load it

[...]

ah, back again after a period of silence?

--

by(e) PS

spam will be killfiled

Re: HELP!!!!!!!!!!!! - W32.Spybot.Worm Virus on Vista


Quoted text here. Click to load it

Many thanks for your response and suggestion, which was very helpful.

I ran the software and downloaded the Trend definitions which found 3
trojans none of which Norton had previously spotted. Although pretty
experienced with Windows, I am not when it comes to viruses, since I have
had few problems in the past. Anyway I re-ran Norton and it still reported
the same problems as before. After delving a bit further I found they were
attached to a couple of files I had downloaded and I don't think I had
actually ever opened them. I have permanently deleted those files now so
hopefully all will be well. But with Trend finding those trojans it does
make me wonder what else is lurking on my machines...

Many thanks again and Merry Christmas to you.



Patrick
Worcs, UK


Re: HELP!!!!!!!!!!!! - W32.Spybot.Worm Virus on Vista

Quoted text here. Click to load it


You could try the free online scan available at www.trendmicro.com.  It's
Vista compatible and very effective in my experience.
 


Re: HELP!!!!!!!!!!!! - W32.Spybot.Worm Virus on Vista

On Tue, 18 Dec 2007 17:54:47 -0800, Victek wrote:
Quoted text here. Click to load it

On-line scanners are the most unsafe and next to useless. Because by the
time you've started your infected Windows and connected to the
Internet via this infected code base, and start to look for scanning sites
through infected DNS, you are almost certain to have the malware
perfectly positioned to overrule your attempts to clean it. Also, you have
to use IE on very low security setting - ActiveX is required. Many users
will lower security in the Internet Zone to use the service and then forget
to set the Internet Zone back to highest possible security level, which is
the only way that IE should be set.
What happens if active malware is found? Don't expect that the on-line
scanner will do anything about it. Most of them are just just marketing
tools for selling you their products. Quite often, malware removal on the
NT based OS (Win 2K and XP) is far from easy. Sometimes a resident AV can
deal with it in Safe Mode.

David's Multi-AV is safer, because you don't have to be online to use it,
and it can be used in Safe Mode.

Re: HELP!!!!!!!!!!!! - W32.Spybot.Worm Virus on Vista

On Tue, 18 Dec 2007 22:48:41 GMT, pgnl wrote:

Quoted text here. Click to load it
For an intermedidiate fix download/install the MULTI_AV tool as suggested
by D.Lipman.

You may then consider this:
"So, you didn˙t patch the system and it got hacked. What to do? Well, let˙s
see: ..."
"The only way to clean a compromised system is to flatten and rebuild.
That˙s right. If you have a system that has been completely compromised,
the only thing you can do is to flatten the system (reformat the system
disk) and rebuild it from scratch (re-install Windows and your
applications)..."
http://www.microsoft.com/technet/community/columns/secmgmt/sm0504.mspx

And this:
The retail version of Norton can play havoc with your pc. Uninstall it
using Norton's own uninstall tool
http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2005033108162039
and get a refund :)
As suggested on the site, you may wish to print out the directions before
proceeding.
Or
http://www.majorgeeks.com/Norton_Removal_Tool_SymNRT_d4749.html

If the Norton removal tool doesn't work satisfactory use this:
Revo Uninstaller Freeware - Remove unwanted programs and traces easily
http://www.revouninstaller.com /
and/or
RegSeeker
http://www.hoverdesk.net/freeware.htm
RegSeeker will remove all associated detritus (registry keys,files and
folders) from any application. I found this application user friendly and
very effective but suggest *not* to use the 'Clean the Registry' option.
Click onto 'Find in registry' and in the 'Search for' box type *Norton*;
The pertinent registry keys can then be safely deleted (just in case,
ensure that the 'Backup before deletion' is checked). Repeat the task by
typing in the Search for' box *Symantec*. You can then go on search and
remove associated files as well.    
Then use NTREGOPT to compact the registry; Follow instructions.
http://www.larshederer.homepage.t-online.de/erunt

Then look at these:
Real-time AV applications - for viral malware.
Do not utilize more than one (1) real-time anti-virus scanning engine!
Disable the e-mail scanning function during installation (Custom
Installation on some AV apps.) as it provides no additional protection.
http://www.oehelp.com/OETips.aspx#3
In fact, most of experts (incl. Norton) believe that scanning incoming and
outgoing mail causes e-mail file corruption.

Avira AntiVir® PersonalEdition Classic - Free
http://www.free-av.com/antivirus/allinonen.html

Free antivirus - avast! 4 Home Edition
http://www.avast.com/eng/avast_4_home.html
(Choose Custom Installation and under Resident
Protection, uncheck: Internet Mail and Outlook/Exchange.)

Good luck :)

Re: HELP!!!!!!!!!!!! - W32.Spybot.Worm Virus on Vista


Quoted text here. Click to load it

Thanks for your lengthy and very helpful response, see my other post to what
happened.

Merry Christmas.

Patrick


Re: HELP!!!!!!!!!!!! - W32.Spybot.Worm Virus on Vista

On Thu, 20 Dec 2007 09:28:18 GMT, pgnl wrote:
Quoted text here. Click to load it
Did you also scan with McAfee, Kaspersky and Sophos in both 'normal' *and*
'safe' mode?
If not you should!

If problem persists reformat HDD!

Did you see my note re Norton?
If not re-read!

Tip for you new year resolution:
Focus on security; Develop a security concept!
The only reasonable way to deal with malware is to prevent it from being
run in the first place.
--
Security is a process not a product.
(Bruce Schneier)

Site Timeline