Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

W32.Alcra B Worm


  • Please log in to reply
26 replies to this topic

#1 iNvAzN

iNvAzN

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:03:33 PM

Posted 29 June 2005 - 10:34 AM

Hello, this is my first time in this forum, and it helped me get rid of the W32.Alcra B worm, which came out a mere 2 days ago on my XP computer. You guys rock :thumbsup: !! The worm propagates through file-share networks and attempts to disable several programs on the compromised computer. I got rid of the worm and the startup registry using Autoruns and found the hidden file where the worm was, but it seems to have disabled my Norton Antivirus, and when I run Liveupdate, I can't get the Internet Worm Protecion Signatures :flowers:, and i can't configure it or scan, the window is just blank. Any help is greatly appreciated. -Kris

Edited by iNvAzN, 29 June 2005 - 10:41 AM.


BC AdBot (Login to Remove)

 


#2 tg1911

tg1911

    Lord Spam Magnet


  • Members
  • 19,274 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:SW Louisiana
  • Local time:01:33 PM

Posted 29 June 2005 - 11:56 AM

Have you tried going off-line, uninstall Norton, then reinstall?
MOBO: GIGABYTE GA-MA790X-UD4P, CPU: Phenom II X4 955 Deneb BE, HS/F: CoolerMaster V8, RAM: 2 x 1G Kingston HyperX DDR2 800, VGA: ECS GeForce Black GTX 560, PSU: Antec TruePower Modular 750W, Soundcard: Asus Xonar D1, Case: CoolerMaster COSMOS 1000, Storage: Internal - 2 x Seagate 250GB SATA, 2 x WD 1TB SATA; External - Seagate 500GB USB, WD 640GB eSATA, 3 x WD 1TB eSATA

Become a BleepingComputer fan: Facebook

#3 iNvAzN

iNvAzN
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:03:33 PM

Posted 29 June 2005 - 12:00 PM

yes, i have reinstalled it 3 times, but it's stil the same. :thumbsup:

#4 stidyup

stidyup

  • Members
  • 641 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:33 PM

Posted 30 June 2005 - 02:13 AM

Symantec

Have you deleted the following from the registry value?

#


# Navigate to the subkey:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

# In the right pane, delete the value:

"winupdates" = "%ProgramFiles%\winupdates\winupdates.exe /auto"


Download and run the MWav toolkit and see if any other reg values need manually removing.

Also try running Sysclean you'll also need the virus template file from here lpt***.zip

Edited by stidyup, 30 June 2005 - 02:16 AM.


#5 Rimmer

Rimmer

  • Members
  • 2,159 posts
  • OFFLINE
  •  
  • Location:near Sydney, Australia
  • Local time:05:33 AM

Posted 30 June 2005 - 04:32 AM

Kris - have you tried running Norton's scan in Safe Mode?
If you are not sure how to boot in Safe Mode there is a tutorial here:
Safe Mode

Soltek QBIC, Pentium 4 3.0GHz, 512MB RAM, 200GB SATA HDD, ATI Radeon 9600XT 256MB, Netgear 54Mb/s WAP, ridiculously expensive Satellite Broadband
Windows XP Home SP2, Trend Micro Internet Security, Firefox, Thunderbird, AdAwareSE, Spybot S&D, SpywareBlaster, A-squared Free, Ewido Security Suite.

#6 iNvAzN

iNvAzN
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:03:33 PM

Posted 01 July 2005 - 12:44 AM

Sorry, I have been busy lately....

stidyup-i used autoruns when the worm turned off the regedit function, so I used autoruns, and deleted the startup registry for the worm.

Rimmer-i ran my computer in safe mode, but to no avail. i still have the problem.

#7 Leurgy

Leurgy

    Voted most likely


  • Members
  • 3,831 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Collingwood, Ontario, Canada
  • Local time:02:33 PM

Posted 03 July 2005 - 04:29 AM

What is your operating System? Do a search for "Hosts" without the quotes. Sometimes these virus alter the Hosts file to block many websites that can help you remove them.

When the only tool you own is a hammer, every problem begins to resemble a nail. Abraham Maslo

**** We use our powers for good, not evil ****

 Trying to remove your data from the web is like trying to remove pee from a swimming pool


#8 iNvAzN

iNvAzN
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:03:33 PM

Posted 03 July 2005 - 07:43 AM

im using wondows xp home edition with sp2

#9 iNvAzN

iNvAzN
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:03:33 PM

Posted 03 July 2005 - 07:43 AM

where should i search for hosts?

#10 Leurgy

Leurgy

    Voted most likely


  • Members
  • 3,831 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Collingwood, Ontario, Canada
  • Local time:02:33 PM

Posted 03 July 2005 - 07:48 AM

Search your C: Drive. You can open it with Notepad. Unless you have a specialized one it should be a small file.

When the only tool you own is a hammer, every problem begins to resemble a nail. Abraham Maslo

**** We use our powers for good, not evil ****

 Trying to remove your data from the web is like trying to remove pee from a swimming pool


#11 iNvAzN

iNvAzN
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:03:33 PM

Posted 07 July 2005 - 09:28 PM

i think i found it, is it like 2 kb?

#12 iNvAzN

iNvAzN
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:03:33 PM

Posted 07 July 2005 - 09:31 PM

its just a sample hosts file

#13 Leurgy

Leurgy

    Voted most likely


  • Members
  • 3,831 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Collingwood, Ontario, Canada
  • Local time:02:33 PM

Posted 08 July 2005 - 05:48 AM

Post a reply and add it as an attachment.

When the only tool you own is a hammer, every problem begins to resemble a nail. Abraham Maslo

**** We use our powers for good, not evil ****

 Trying to remove your data from the web is like trying to remove pee from a swimming pool


#14 iNvAzN

iNvAzN
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:03:33 PM

Posted 11 July 2005 - 05:28 PM

how do i do that?

#15 iNvAzN

iNvAzN
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:03:33 PM

Posted 13 July 2005 - 04:48 PM

.....?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users