Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer Virus Worm Vb/so


  • Please log in to reply
14 replies to this topic

#1 pink_blossom1234

pink_blossom1234

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:08:48 AM

Posted 04 November 2007 - 11:04 AM

Help!!! my computer has viruses called "worm vb/so" and idk how to clean it. somebody help me please :thumbsup:

Mod Edit: Topic moved to more appropriate forum~ TMacK

Edited by TMacK, 04 November 2007 - 11:22 AM.


BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,953 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:08:48 AM

Posted 04 November 2007 - 02:30 PM

Welcome to BC pink_blossom1234

What OS (Win XP/2000, etc) are you using? What type of anti-virus are you using? Have you performed any anti-spyware scans? Have you tried doing your scans in "SAFE MODE"? Are you doing scans while logged into the "Administrator Account" or an "account with administrator privileges"?

You need to start there first. If rescanning in safe modes does not help, then do this:

Please download ATF Cleaner by Atribune & save it to your desktop. DO NOT use yet.
Please download Sysclean Package & save it to your desktop.
  • Create a new folder on drive "C:\" and rename it Sysclean - (C:\Sysclean).
  • Place the sysclean.com inside that folder.
  • Then download the latest Virus Pattern Files - (Pattern files are usually named lptxxx.zip, where xxx is the pattern file number)
  • Extract (unzip) the lptxxx.zip pattern file into the Sysclean folder where you put sysclean.com. (Click here for information on how to extract a file if your not sure how to do this. DO NOT scan yet.
Reboot your computer in "SAFE MODE" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Double-click ATF-Cleaner.exe to run the program.
  • Under Main "Select Files to Delete" choose: Select All.
  • Click the Empty Selected button.
  • If you use Firefox browser click Firefox at the top and choose: Select All
  • Click the Empty Selected button.
    If you would like to keep your saved passwords, please click No at the prompt.
  • If you use Opera browser click Opera at the top and choose: Select All
  • Click the Empty Selected button.
    If you would like to keep your saved passwords, please click No at the prompt.
  • Click Exit on the Main menu to close the program.
Note: Some anti-virus programs such as Avast will alert you to a virus attack when running sysclean so it's best to disable them before going to the next step.

Scan with Sysclean as follows:
  • Open the Sysclean folder and double-click on sysclean.com to start the scanning process.
  • Put a check mark on the "Automatically clean or delete infected files" option by clicking in the checkbox.
  • Click the Advanced >> button.
  • The scan options appear. Select the "Scan all local fixed drives".
  • Click the "Scan button" on the Trend Micro System Cleaner console.
  • It will take some time to complete. Be patient and let it clean whatever it finds.
  • Another MS-DOS window appears containing the log file (sysclean.log) generated in the same folder where the scan is completed - C:\Sysclean.
  • To view the log, click the "View button" on the Trend Micro System Cleaner console. The Trend Micro Sysclean Package - Log window appears.
    • The Files Detected section shows the viruses that were detected by System Cleaner.
    • The Files Clean section shows the viruses that were cleaned.
    • The Clean Fail section shows the viruses that were not cleaned.
  • Exit when done, reboot normally and re-enable your anti-virus program.
Instructions with screenshots are here if you need them.

When using Sysclean its best to use the Administrator's account or an account with Administrative rights otherwise you will not have access rights to scan some locations. You can also Use the "Run As" Command to Start a Program as an Administrator. Even when doing that, the scanning process may result in "Access Denied" messages for some files. This is normal because these files are protected by the system.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 pink_blossom1234

pink_blossom1234
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:08:48 AM

Posted 04 November 2007 - 03:25 PM

well i have AVG 7.5 i used it to scan my computer and found the worm

#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,953 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:08:48 AM

Posted 04 November 2007 - 03:37 PM

AVG AS works too. If your not having any further problems, you should Set a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then use Disk Cleanup to remove all but the most recent Restore Point.
  • Go to Start > Run and type: Cleanmgr
  • Click "OK".
  • Click the "More Options" Tab.
  • Click "Clean Up" in the System Restore section to remove all previous restore points except the newly created one.

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 pink_blossom1234

pink_blossom1234
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:08:48 AM

Posted 04 November 2007 - 03:40 PM

wait so should i do the AVG step first or the one u showed me be4? i'm sorry i'm really new at this

#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,953 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:08:48 AM

Posted 04 November 2007 - 03:49 PM

You said in your last reply that AVG had found the worm. If it did and removal was successful and if your not having any further problems with it, there is no need to use Sysclean. However, you can use it to get another opinion and/or look for any more malware.

If, AVG did not remove the worm, then yes, follow those instructions for Sysclean and hold off on setting a new restore point until your system is clean.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#7 pink_blossom1234

pink_blossom1234
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:08:48 AM

Posted 04 November 2007 - 03:57 PM

I tried to put it on "safe-mode", but it says i'm missing a file so i can't put it into safe mode. can i still continue the steps?

Edited by pink_blossom1234, 04 November 2007 - 03:58 PM.


#8 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,953 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:08:48 AM

Posted 04 November 2007 - 04:01 PM

Safe mode works best but if you cannot use it, then perform your scans in normal mode.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#9 pink_blossom1234

pink_blossom1234
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:08:48 AM

Posted 04 November 2007 - 04:25 PM

ok it's scanning right now...it says it didn't find any virus but it's still scaning now. but when i used AVG, it found the worm virus. sysclean clean any virus in the computer right?

#10 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,953 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:08:48 AM

Posted 04 November 2007 - 04:30 PM

when i used AVG, it found the worm virus

Is it removing it?

If not, what is the location of the specific file associated with the worm?
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#11 pink_blossom1234

pink_blossom1234
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:08:48 AM

Posted 04 November 2007 - 04:37 PM

i found out that the worm duplicate the files so the scan may never ends in AVG. So the worm will be +1000 and the files will be a lot. The sysclean is still scanning however

#12 pink_blossom1234

pink_blossom1234
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:08:48 AM

Posted 04 November 2007 - 05:39 PM

i'm done with all the scanning and the new system restore. does that means i'm done?

#13 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,953 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:08:48 AM

Posted 04 November 2007 - 08:01 PM

Is there any more indication of the worm?
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#14 pink_blossom1234

pink_blossom1234
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:08:48 AM

Posted 04 November 2007 - 08:39 PM

hmm...well when i scan my computer with AVG. the worms are still there. However, Sysclean says i have no virus. i'm quite confused...

but thanks for ur help anyway :thumbsup:

#15 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,953 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:08:48 AM

Posted 05 November 2007 - 08:19 AM

Where exactly (specific location on your computer) is AVG still finding the worm? We may be dealing with a "False Positive" from AVG. If the worm was still infecting your system there would be other symptoms.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users