On Thu, 23 Apr 2009 13:33:01 -0700, starman321 wrote:
> Windows update won't work, can't redownload the service packs, the worm has
> disabled servicve packs. Microsoft tells me to go to services and check
> automatic updates, background intelligent, and event log. Every time I
> correct from disable setting with the corrected word the worm changes it back
> every time. I'm running XP verison 5.1 Help ! how do I get rid of this worm
1.Clear the (IE) temporary Internet files and the history cache.
Click 'Start' and then click 'Run'... then type (or copy/paste)
"inetcpl.cpl" (w/out quotation marks) into the box, then click the 'OK'
In Internet Properties panel 'General' tab, under 'Browsing history', click
'Delete...'button, in 'Delete Browsing History' panel, click the 'Delete
all...' button then place a checkmark into the box beside 'Also delete
files and settings stored by add-ons', Click 'Yes' and exit the Internet
Properties panel by clicking the 'OK' button.
Click 'Start' and then click 'Run...' then type (or copy/paste) "cleanmgr"
(w/out quotation marks into the box, then click the 'OK' button. Select
your drive (presumably WinXP (C
and click OK.
2a.Delete files using Disk Cleanup (if on Vista)
Malwarebytes© Corporation - Anti-Malware
SuperAntispyware - Free
Both free versions of MBAM and SAS are on-demand scanners and offer no
'real-time' protection. Keep them installed and use them as
'second-opinion' scanner which is purposely (by design) recommended by
their respective authors.
Kaspersky® Virus Removal Tool
Dr.Web CureIt!® Utility - FREE
a-squared (a²) Free or a-squared (a²) Command Line Scanner
BitDefender10 Free Edition (*NOT FOR VISTA*)
Sophos Anti-Virus (SAV32CLI), is a 32 bit free command line scanner used in
an emergency as a disinfection utility for Windows NT, Windows 2000,
Windows XP and Windows 2003.
To use the Sophos command line software follow the steps below:
a) Download SAV32CLI
extract the contents by double clicking the file.
b) Add the latest virus identity files (IDE) to the folder; These can be
c) Read Scanning Options with SAV32CLI.
See removing malicious files with SAV32CLI for basic information on virus,
spyware, Trojan and worm removal with SAV32CLI.
David H. Lipman's MULTI_AV.EXE from the URL:
The above mentioned applications are not capable for real-time protection
of your computer; They are on-demand scanners.
Kaspersky® Virus Removal Tool, Dr.Web CureIt!® have no update feature (so
they don't turn into full blown scanners). As soon as your computer is
cleaned you are supposed to remove these tools from your operating system
and revert back to your (updated) resident (real-time) AV application.
Re: Kaspersky® Virus Removal Tool; To uninstall/move this program 'enable
self-defense' must be unchecked!
To scan your computer with the most up-to-date Kaspersky® AVPTool and
Dr.Web CureIT!® virus databases next time you should download new
Kaspersky® AVPTool and Dr.Web CureIt!® packages.
BitDefender10 Free Edition, a-squared Free or a-squared Command Line
Scanner, Sophos Anti-Virus (SAV32CLI) and the free version of Malwarebytes©
and SuperAntispyware have an update feature; You may wish to keep a couple
of them installed in addtion to your resident AV/A-S applications and scan
After the software is updated, it is suggested scanning the system in Safe
Mode (this does not apply to MBAM).
"Malwarebytes actually performs better in Normal Mode" says Dustin Cook,
Malwarebytes Researcher of MBAM.
How do you boot to Safe Mode?
By pressing/tabbing F8 (or F5 on some keyboards) continually during
A description of the Safe Mode Boot options in Windows XP
Click Start==>Run... then type (or copy/paste) "msconfig" (without
quotation marks), click OK. Then click onto BOOT.INI tab and 'check'
/SAFEBOOT then OK and click Restart. To go back to Normal Mode, you must
access the System Configuration utility again and click the General tab
then click/check the radio button 'Normal Startup'- load all device drivers
Start your computer in safe mode (Vista)
4.Download and execute HiJack This! (HJT)
Please, do not post HJT logs to this newsgroup.
Fora where you can get expert advice for HiJack This! (HJT) logs.
Registration is required in any of the above mentioned fora before posting
a HJT log and read the 'stickies' (instructions/guidelines) for the
respective HJT forum.
Malicious Software Removal Tool
(Skip: Run an Online Scan of Your PC for Malicious Software).
How to optimize or reset Internet Explorer
Applies to: Windows Internet Explorer in Windows Vista
How to use Reset Internet Explorer Settings (RIES)
Read: "What you must know"
Applies to: Windows Internet Explorer for Windows XP and
Windows Internet Explorer 7 in Windows Vista
GMER - is an application that detects and removes rootkits.
For additional assistance in relation GMER scan results consult either:
CCleaner - Free
Cleans temporary internet files, cookies, history, recent urls, application
MRUs, etc. ...(*Tune out the registry scanning/fixing option!*)
If Windows Defender is utilized go to Applications, under Utilities
uncheck "Windows Defender" (so it won't delete the history of WD).
If you wish, click 'Options' button the 'Settings' [check] 'Run CCleaner
when the computer starts'.
Setup CCleaner to Automatically Run Each Night in Vista or XP
Routinely practice Safe-Hex.
You'll need to upgrade to SP3 by 2010 or you won't be able receiving vital
and pertinent security updates/patches for your WinXP operating system.
Why Service Packs are Better Than Patches.
Description of Microsoft Office XP Service Pack 3