Worm Problem [Spybot.44544]

[Guest]

This morning my anti-virus software kept popping up a warning that a file
"windll32.exe", and a worm. Worm name in subject heading. I clicked the radio
button for "delete", but, the same warning message kept coming back. The more
I was on my computer, the more often the messages appeared.

I finally clicked "quarantine", after the messages appeared more than 20-25
times. The anti-virus software then moved the file from the
"c:\windows\system32" folder. After moving the file, I can no longer access
the internet.

Before the "quarantine", I updated the anti-virus software, and there were
no definitions for this worm.

My specs are: WinXP SP2, 640MB RAM, 1.8GHz CPU.
My anti-virus is: Anti-Vir 6.29.

If you need anything else, let me know!

 

[David H. Lipman]

1) Download the following two items...

Trend Sysclean Package
http://www.trendmicro.com/download/dcs.asp

Latest Trend signature files.
http://www.trendmicro.com/download/pattern.asp

Create a directory.
On drive "C:\"
(e.g., "c:\New Folder")
or the desktop
(e.g., "C:\Documents and Settings\lipman\Desktop\New Folder")

Download SYSCLEAN.COM and place it in that directory.
Download the Trend Pattern File by obtaining the ZIP file.
For example; lpt396.zip

Extract the contents of the ZIP file and place the contents in the same directory as
SYSCLEAN.COM .

2) Disable System Restore
http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm
3) Reboot your PC into Safe Mode then shutdown as many applications as possible.
4) Using the Trend Sysclean utility, perform a Full Scan of your platform and
clean/delete any infectors found
5) Restart your PC and perform a "final" Full Scan of your platform
6) Re-enable System Restore and re-apply any System Restore preferences,
(e.g. HD space to use suggested 400 ~ 600MB),
7) Reboot your PC.
8) Create a new Restore point


* * * Please report back your results * * *

--
Dave
http://www.claymania.com/removal-trojan-adware.html





| This morning my anti-virus software kept popping up a warning that a file
| "windll32.exe", and a worm. Worm name in subject heading. I clicked the radio
| button for "delete", but, the same warning message kept coming back. The more
| I was on my computer, the more often the messages appeared.
|
| I finally clicked "quarantine", after the messages appeared more than 20-25
| times. The anti-virus software then moved the file from the
| "c:\windows\system32" folder. After moving the file, I can no longer access
| the internet.
|
| Before the "quarantine", I updated the anti-virus software, and there were
| no definitions for this worm.
|
| My specs are: WinXP SP2, 640MB RAM, 1.8GHz CPU.
| My anti-virus is: Anti-Vir 6.29.
|
| If you need anything else, let me know!
|

 

[mo]

read here
http://securityresponse.symantec.com/avcenter/venc/data/trojan.mitglieder.l.html
for internet go here http://www.cexx.org/lspfix.htm
download and run lspfix

 

[S.Sengupta]

windll32.exe is related to worm W32.HLLW Respan.

Scan your system with latest version of Spbot,search and
destroy/CWShredder.Run them in safe mode.

regards,
ssg MS-MVP

 

[Guest]

I figured out why I wasn't accessing the internet. I had disabled the
connection, as a precaution, while I was trying to remove this worm. After
the quarantine, I forgot to re-enable the connection.

I found the folder that the file was moved to, and had the anti-virus
program scan it again. I figured that the anti-virus wasn't removing it
because it was "in use".

After re-scanning, the program was deleted "permanently".

I realized my error, and want to thank you for your post! I am getting this
worm in other files, but, they are successfully being deleted.