Help With w32.spybot.worm

[jnjmitch]

A Norton scan tells me that I have the w32.spybot.worm. I'm currently
doing a Norton scan from safe mode, but it was almost done before I
left for work and hadn't detected anything. My system has become
almost useless when in regular mode- I get tons of pop-ups, my DSL
light flashes constantly indicating activity even without a browser
open, and I can't access various features like system manager, regedit,

add/remove, etc. Any suggestions beyond formatting my drive? Are
Norton's steps for removing the worm from the registry effective? Any
programs that specifically target this virus? How do I tell which file
has specifically been
infected?

(And yes, I'm all too aware of what I need to do to prevent it. I had
briefly disconnected my firewall, and apparently became infected with
it almost immediately!!!)


Thanks!

 

[Ramesh, MS-MVP]

Is the system fully patched? Most worms use spread by exploiting the
vulnerabilities in the Operating System. First thing you should do is to
make sure that your system is up-to-date. Personally, I've seen several
cases where the system (not fully patched) is affected, even with a good
firewall application installed.

Visit http://windowsupdate.microsoft.com to get download updates for the
Operating System. It's recommended that you install the "Microsoft Update"
ActiveX control when promped by the Windows Update site. Microsoft Update is
a recent addition wherein you can download the updates for the Operating
System, as well as for the Microsoft Office products.

Secondly, use a third-party firewall like Zone Alarm. This is because the
Windows XP's built-in firewall monitors the inbound traffic pretty well, but
does not monitor outgoing traffic.

IMHO, use a better anti-virus application (in terms of detection and memory
use). AVG Anti-virus (from www.grisoft.com) is what I use and can recommend.

If your system is already infestated badly, don't hesitate to backup the
existing data to a removable media and then do a clean installation
(preferably with a XP CD-ROM with Service Pack 2 integration, a.k.a
"slipstreamed cd"). Visit the following links to know how to create a
bootable Windows XP CD-ROM (if you have a Windows XP retail CD already) with
Service Pack 2 integration.

How to integrate Windows XP Service Pack 2 files into the Windows XP
installation folder:
http://support.microsoft.com/kb/900871/
http://www.winsupersite.com/showcase/windowsxp_sp2_slipstream.asp

[Automated slipstreaming] AutoStreamer 1.0.30:
http://www.majorgeeks.com/download4444.html

Importantly, don't forget to get the post-SP2 updates after the clean
install. Plenty of updates were security were released post SP2, available
via Windows Update site.

--
Regards,

Ramesh Srinivasan, Microsoft MVP [Windows XP Shell/User]
Windows® XP Troubleshooting http://www.winhelponline.com


A Norton scan tells me that I have the w32.spybot.worm. I'm currently
doing a Norton scan from safe mode, but it was almost done before I
left for work and hadn't detected anything. My system has become
almost useless when in regular mode- I get tons of pop-ups, my DSL
light flashes constantly indicating activity even without a browser
open, and I can't access various features like system manager, regedit,

add/remove, etc. Any suggestions beyond formatting my drive? Are
Norton's steps for removing the worm from the registry effective? Any
programs that specifically target this virus? How do I tell which file
has specifically been
infected?

(And yes, I'm all too aware of what I need to do to prevent it. I had
briefly disconnected my firewall, and apparently became infected with
it almost immediately!!!)


Thanks!

 

[Guest]

Go to the below website. renish has a link to remove it.
w32.spybot.worm–w32.spybot.worm removal tool for XP - ISP
http://forum.theispguide.com/isp-ftopic2901.html