Found the W32/Swen@MM virus (System Restore and Registry Problem)

[P LeBlanc]

Hi all,

Help. This morning my PC (WinXP Home Edition) got
infected with the W32/Swen@MM virus.

I've encountered 2 big problems while trying to follow
the removal instructions posted by Symantec at:

http://securityresponse.symantec.com/avcenter/venc/data/w3
(e-mail address removed)

----------
PROBLEM #1
----------
I CANNOT disable System Restore!! When I right-click My
Computer an error dialog box appears:

"Windows cannot find 'rundll32.exe'. Make sure you typed
the name correctly and then try again. To search for a
file, click Start button and then click Search."

I already tried rebooting in Safe Mode, then trying to
disable System Restore but that hasn't worked for me.

----------
PROBLEM #2
----------
I have a repair.reg file that is supposed to fix my
Registry but when I double-click it I get an error dialog
box saying:

"Registry editing has been disabled by your admin"

Any suggestions?

Thanks,
Phany

PS: I'm very limited in what I can do, nearly all my
shortcuts do not work, I just get the "Windows cannot
find..." dialog box. I can't even get a COMMAND PROMPT!!
ThankfulLY I can still dial-up and using IE.

 

[Bruce Chambers]

Greetings --

You might see if these removal tools help:

W32.Swen.A_mm Removal Tool
http://www.symantec.com/avcenter/venc/data/[email protected]

McAfee AVERT Stinger
http://us.mcafee.com/virusInfo/default.asp?id=stinger


Bruce Chambers

--
Help us help you:



You can have peace. Or you can have freedom. Don't ever count on
having both at once. -- RAH

 

[P LeBlanc]

Thanks for your suggestion.... I already tried running
the AVERT Stinger earlier this morning.... but since I
cannot disable System Restore, the virus was not
successfully cleaned from my computer

Actually, I even had trouble running the Stinger!!... I
downloaded it to my desktop and then double-clicked it
and I got an error msg:
"Windows cannot find 'C:\Documents and
Settings\Owner\Desktop\stinger.exe'..."

I managed to finally execute stinger.exe by right-
clicking it and selecting "Run As..."

I couldn't run Windows Explorer either, until I found a
loop-hole... I right-clicked my Desktop and created a new
folder, then I right-clicked the new folder and
clicked "Explore".

If you know or hear of an alternate way to disable System
Restore please let me know, I have yet to find a loop-
hole for that one.

Regards,
Phany

 

[Repaired]

-----Original Message-----
Hi all,

Help. This morning my PC (WinXP Home Edition) got
infected with the W32/Swen@MM virus.

I've encountered 2 big problems while trying to follow
the removal instructions posted by Symantec at:

http://securityresponse.symantec.com/avcenter/venc/data/w3
(e-mail address removed)

----------
PROBLEM #1
----------
I CANNOT disable System Restore!! When I right-click My
Computer an error dialog box appears:

"Windows cannot find 'rundll32.exe'. Make sure you typed
the name correctly and then try again. To search for a
file, click Start button and then click Search."

I already tried rebooting in Safe Mode, then trying to
disable System Restore but that hasn't worked for me.

----------
PROBLEM #2
----------
I have a repair.reg file that is supposed to fix my
Registry but when I double-click it I get an error dialog
box saying:

"Registry editing has been disabled by your admin"

Any suggestions?

Thanks,
Phany

PS: I'm very limited in what I can do, nearly all my
shortcuts do not work, I just get the "Windows cannot
find..." dialog box. I can't even get a COMMAND PROMPT!!
ThankfulLY I can still dial-up and using IE.

The UNDO.REG tool will reverse the changes made by the
virus and allow the user to execute REGEDIT.EXE as normal.


UNDO.REG
UNDO.REG <http://a64.g.akamai.net/7/64/2015/2003-08-04-03-
/download.nai.com/products/mcafee-avert/undo.reg>

MORE INFO ABOUT THE SWEN.WORM

http://securityresponse.symantec.com/avcenter/venc/data/w32
(e-mail address removed)

http://www.f-secure.com/v-descs/swen.shtml

http://us.mcafee.com/virusInfo/default.asp?
id=helpCenter&hcName=swen