win32/i-worm/stration - E-mail-worm.win32.warezov or?

  • Thread starter Thread starter Postman Delivers
  • Start date Start date
P

Postman Delivers

A neighbor has a win2k system where the control panel has disappeared,
and last evening another neighbor asked about a pop-up on their XP
system.

Both have lost the control panel short cut, and a few other oddities,
are exhibited... I did manage to get access to the add and remove
software in the win2k, but am at a loss on the XP system...

I have found Vcleaner, but is their another suggestion to clean the
systems and restore the settings if this is the
"E-mail-worm.win32.warezov"?

JR the postman
 
Postman Delivers said:
A neighbor has a win2k system where the control panel has disappeared, and
last evening another neighbor asked about a pop-up on their XP system.
Click to expand...

Have you checked the 'Customize' settings under 'Taskbar and Start Menu
Properties' in WinXP? I know there is an option there to hide the control
panel there under WinXP (not sure about win2k tho.)
 
Double Z was thinking very hard :
Have you checked the 'Customize' settings under 'Taskbar and Start Menu
Properties' in WinXP? I know there is an option there to hide the control
panel there under WinXP (not sure about win2k tho.)
Click to expand...

Yes, in XP changing 'Taskbar and Start Menu Properties' to a menu I was
able to remove Spybot Search & Destroy 1.4 and install 1.5...

I ran ad-aware in safe mode, found two registry, and several files
along with 400 redirects..

Running Spybot Search & Destroy 1.5 in safe mode it found over 200
items and then Smithfraud-c started showing up, with a great amount of
redirects...

I was able to run vcleaner in safemode after changing vcleaner's
program name and it does not locate any infections... Is there a
stand-alone smithfraud-c remover as vcleaner does not remove this
parasite...

Adaware 1.6
Spybot search & destroy 1.5
www.ewido.com

Running free AVG does nothing, and I am certain it is not updating with
the server redirect of smithfraud-c.... Seems like all the anti-virus
products are redirected in the list that ad-aware & Spybot Search &
Destroy show, but can not permanently remove...

Is there a Linux live CD, which can remove this windows infection,
since smithfraud-c loads into memory very early in the windows start-up
process?

JR the postman
 
Postman said:
Is there a Linux live CD, which can remove this windows
infection, since smithfraud-c loads into memory very early
in the windows start-up process?
Click to expand...

Remove the infected hard drive and connect it to a second (trusted)
win-xp system that has capable AV software and scan the infected
drive. You should be able to remove all malware from the infected
drive while it's running as a slaved drive. When it's reinstalled you
can mess with the registry and remove offending entries.
 
Back
Top