Show Posts
1
Tech Clinic / Plz Help with Worm Alcan.a
« on: October 16, 2005, 01:46:31 PM »
I just ran into this myself. I think it's a new variant, and therefore isn't picked up by the scanners. Here's how I killed it.
1. Go to System32 folder. Delete the following (they should all have the same date/time):
• bszip.dll
• cmd.com
• netstat.com
• ping.com
• regedit.com
• taskkill.com
• tasklist.com
• tracert.com
2. Open a command prompt. (It will work now that you've deleted the above, but the task manager still will not work yet.)
3. Use the tasklist command to view the current running tasks. Find the winlogi.exe process and note its process ID (PID). (If needed, check out Microsoft's help page on tasklist.)
4. Use the taskkill command to kill winlogi.exe. (If needed, check out Microsoft's help page on taskkill.)
5. Perform 4 and 5 for MsMovies.exe. (If you’ve done it correctly up until now, you should be able to get the task manager to come up once this process is killed.)
6. Delete the C:\Program Files\MsMovies folder and all of its contents.
7. Empty the recycle bin.
8. Open regedit. Search for and delete any instances of winlogi.exe and MsMovies.exe. You will definitely find it in at least these locations:
HKEY_Local_Machine\Software\Microsoft\Windows\Current Version\Run
HKEY_Local_Machine\Software\Microsoft\Windows\Current Version\RunServices
9. Run Ad-Aware, Ewido and all other spyware and virus scanners at your disposal.
You should be all set then.
1. Go to System32 folder. Delete the following (they should all have the same date/time):
• bszip.dll
• cmd.com
• netstat.com
• ping.com
• regedit.com
• taskkill.com
• tasklist.com
• tracert.com
2. Open a command prompt. (It will work now that you've deleted the above, but the task manager still will not work yet.)
3. Use the tasklist command to view the current running tasks. Find the winlogi.exe process and note its process ID (PID). (If needed, check out Microsoft's help page on tasklist.)
4. Use the taskkill command to kill winlogi.exe. (If needed, check out Microsoft's help page on taskkill.)
5. Perform 4 and 5 for MsMovies.exe. (If you’ve done it correctly up until now, you should be able to get the task manager to come up once this process is killed.)
6. Delete the C:\Program Files\MsMovies folder and all of its contents.
7. Empty the recycle bin.
8. Open regedit. Search for and delete any instances of winlogi.exe and MsMovies.exe. You will definitely find it in at least these locations:
HKEY_Local_Machine\Software\Microsoft\Windows\Current Version\Run
HKEY_Local_Machine\Software\Microsoft\Windows\Current Version\RunServices
9. Run Ad-Aware, Ewido and all other spyware and virus scanners at your disposal.
You should be all set then.