Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Noooh Worm Solution


  • Please log in to reply
2 replies to this topic

#1 knightblood

knightblood

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:04:03 AM

Posted 01 June 2007 - 05:31 PM

This post is to address the infection of the NoooH worm that no antivirus, antispyware or any other method has been succesful in finding or removing it so here goes.......


I found this on an Arabic Forum

Much respect to JuSt+CuSe!!!!!!!



Here is the translation:





1- Go into windows safe mode

2- Don't go into any harddrives ........

open control panel>>>>folder options
uncheck: Hide protected operating system files (Recommended)

3- Now RIGHT-CLICK on c:\ drive DOOOOO NOT DOUBLE CLICK!!!!!!!!!!!
select: open

you will find: sys
autorun
delete them

Then go into c:\windows\web

you will find: sys
delete it

Now RIGHT-CLICK on d:\ drive DOOOOO NOT DOUBLE CLICK!!!!!!!!!!!
select: open

you will find: sys
autorun
delete them

repeat for all drives

IF YOU DOUBLE CLICK RESTART AND START OVER


4- Enter Start>>Run>> gpedit.msc

This will get you into group policy


Then: User config>>>> administrative templates>>>>> system
Then: Ctrl +Alt+Del options

Right click on each of the 4 choices and choose: properties

In properties: choose: disable...

Then go back and you will find: prevent access to registry editing tools
Right-click>>>properties>>>>disable

Your computer is healed



Note: This worm is transmitted through flash drives and the like so plug in your flash drive

AND RIGHT-CLICK>>>>>open DOOOOOOOOOOO NOT DOUBLECLICK or you go back to step 1

you will find: sys
autorun

Delete them

Your flash drive is healed


Enjoy people :thumbsup:

BC AdBot (Login to Remove)

 


m

#2 fozzie

fozzie

    aut viam inveniam aut faciam


  • Members
  • 3,516 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Ossendrecht/The Netherlands
  • Local time:02:03 AM

Posted 01 June 2007 - 05:39 PM

there are special tools for those flashdrive infections one of them being Flash_Disinfector, just to let you kno.w Thanks for the head up anyway

#3 rudy9

rudy9

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:04:03 AM

Posted 22 May 2014 - 06:18 PM

thank for sharing knightblood, after 7 years from posting this topic it was the best method I found to remove NoooH worm






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users