HELP!!!!!!!!!!!! - W32.Spybot.Worm Virus on Vista

P

pgnl

I have Norton AntiVirus 2007 and a new Vista PC which is about 3 months old.
Norton AV is reporting that I have two instances of the 'W32.Spybot.Worm'.
Norton just says 'review' and fails to remove them.

I have switched off System restore and re-run the scanner but the same
thing happens, I have tried running it in Safe mode but it still reports the
same.

What does this mean? Should I be worried?

None of Symantec instructions for Norton AV relate to Vista (only up to XP)
and I am a bit reluctant to follow them since they involve editing the
registry.

I cannot find any automatic removal tools on the web for XP or otherwise.

Please help.


Patrick
uk
 
D

David H. Lipman

From: "pgnl" <stuff@(removethisstuff)pgnl.co.uk>

| I have Norton AntiVirus 2007 and a new Vista PC which is about 3 months old.
| Norton AV is reporting that I have two instances of the 'W32.Spybot.Worm'.
| Norton just says 'review' and fails to remove them.
|
| I have switched off System restore and re-run the scanner but the same
| thing happens, I have tried running it in Safe mode but it still reports the
| same.
|
| What does this mean? Should I be worried?
|
| None of Symantec instructions for Norton AV relate to Vista (only up to XP)
| and I am a bit reluctant to follow them since they involve editing the
| registry.
|
| I cannot find any automatic removal tools on the web for XP or otherwise.
|
| Please help.
|
| Patrick
| uk
|


Download MULTI_AV.EXE from the URL --
http://www.pctipp.ch/downloads/dl/35905.asp

To use this utility, perform the following...
Execute; Multi_AV.exe { Note: You must use the default folder C:\AV-CLS }
Choose; Unzip
Choose; Close

Execute; C:\AV-CLS\StartMenu.BAT
{ or Double-click on 'Start Menu' in C:\AV-CLS }

NOTE: You may have to disable your software FireWall or allow WGET.EXE to go through your
FireWall to allow it to download the needed AV vendor related files.

C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in C:\AV-CLS}
This will bring up the initial menu of choices and should be executed in Normal Mode.
This way all the components can be downloaded from each AV vendor's web site.
The choices are; Sophos, Trend, McAfee, Kaspersky, Exit this menu and Reboot the PC.

You can choose to go to each menu item and just download the needed files or you can
download the files and perform a scan in Normal Mode. Once you have downloaded the files
needed for each scanner you want to use, you should reboot the PC into Safe Mode [F8 key
during boot] and re-run the menu again and choose which scanner you want to run in Safe
Mode. It is suggested to run the scanners in both Safe Mode and Normal Mode.

When the menu is displayed hitting 'H' or 'h' will bring up a more comprehensive PDF help
file.

Additional Instructions:
http://pcdid.com/Multi_AV.htm


* * * Please report back your results * * *
 
V

Virus Guy

pgnl said:
Norton AV is reporting that I have two instances of the
'W32.Spybot.Worm'.
Click to expand...

Hmmm.

Really.

Isin't it odd that Norton didn't detect the pre-cursors or the
first-stage of that infection before it took hold on your system?
Norton just says 'review' and fails to remove them.
Click to expand...

Geeze. You'd think that the various AV testing outfits would score AV
software based on their ability to REMOVE what they detect. Funny
that nobody tests for that.
What does this mean? Should I be worried?
Click to expand...

Don't use Vista.

Vista doesn't give you enough rights or permissions to access the
files on your own PC.
 
V

Victek

I have Norton AntiVirus 2007 and a new Vista PC which is about 3 months
old. Norton AV is reporting that I have two instances of the
'W32.Spybot.Worm'. Norton just says 'review' and fails to remove them.

I have switched off System restore and re-run the scanner but the same
thing happens, I have tried running it in Safe mode but it still reports
the same.

What does this mean? Should I be worried?

None of Symantec instructions for Norton AV relate to Vista (only up to
XP) and I am a bit reluctant to follow them since they involve editing the
registry.

I cannot find any automatic removal tools on the web for XP or otherwise.

Please help.


Patrick
uk
Click to expand...


You could try the free online scan available at www.trendmicro.com. It's
Vista compatible and very effective in my experience.
 
T

tom

Virus Guy said:
Hmmm.

Really.

Isin't it odd that Norton didn't detect the pre-cursors or the
first-stage of that infection before it took hold on your system?


Geeze. You'd think that the various AV testing outfits would score AV
software based on their ability to REMOVE what they detect. Funny
that nobody tests for that.


Don't use Vista.

Vista doesn't give you enough rights or permissions to access the
files on your own PC.
Click to expand...
Whoa........I'm glad you're not trying to "help" me.
 
K

Kayman

I have Norton AntiVirus 2007 and a new Vista PC which is about 3 months old.
Norton AV is reporting that I have two instances of the 'W32.Spybot.Worm'.
Norton just says 'review' and fails to remove them.

I have switched off System restore and re-run the scanner but the same
thing happens, I have tried running it in Safe mode but it still reports the
same.

What does this mean? Should I be worried?

None of Symantec instructions for Norton AV relate to Vista (only up to XP)
and I am a bit reluctant to follow them since they involve editing the
registry.
Click to expand...
For an intermedidiate fix download/install the MULTI_AV tool as suggested
by D.Lipman.

You may then consider this:
"So, you didnÿt patch the system and it got hacked. What to do? Well, letÿs
see: ..."
"The only way to clean a compromised system is to flatten and rebuild.
Thatÿs right. If you have a system that has been completely compromised,
the only thing you can do is to flatten the system (reformat the system
disk) and rebuild it from scratch (re-install Windows and your
applications)..."
http://www.microsoft.com/technet/community/columns/secmgmt/sm0504.mspx

And this:
The retail version of Norton can play havoc with your pc. Uninstall it
using Norton's own uninstall tool
http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2005033108162039
and get a refund :)
As suggested on the site, you may wish to print out the directions before
proceeding.
Or
http://www.majorgeeks.com/Norton_Removal_Tool_SymNRT_d4749.html

If the Norton removal tool doesn't work satisfactory use this:
Revo Uninstaller Freeware - Remove unwanted programs and traces easily
http://www.revouninstaller.com/
and/or
RegSeeker
http://www.hoverdesk.net/freeware.htm
RegSeeker will remove all associated detritus (registry keys,files and
folders) from any application. I found this application user friendly and
very effective but suggest *not* to use the 'Clean the Registry' option.
Click onto 'Find in registry' and in the 'Search for' box type *Norton*;
The pertinent registry keys can then be safely deleted (just in case,
ensure that the 'Backup before deletion' is checked). Repeat the task by
typing in the Search for' box *Symantec*. You can then go on search and
remove associated files as well.
Then use NTREGOPT to compact the registry; Follow instructions.
http://www.larshederer.homepage.t-online.de/erunt

Then look at these:
Real-time AV applications - for viral malware.
Do not utilize more than one (1) real-time anti-virus scanning engine!
Disable the e-mail scanning function during installation (Custom
Installation on some AV apps.) as it provides no additional protection.
http://www.oehelp.com/OETips.aspx#3
In fact, most of experts (incl. Norton) believe that scanning incoming and
outgoing mail causes e-mail file corruption.

Avira AntiVir® PersonalEdition Classic - Free
http://www.free-av.com/antivirus/allinonen.html

Free antivirus - avast! 4 Home Edition
http://www.avast.com/eng/avast_4_home.html
(Choose Custom Installation and under Resident
Protection, uncheck: Internet Mail and Outlook/Exchange.)

Good luck :)
 
K

Kayman

You could try the free online scan available at www.trendmicro.com. It's
Vista compatible and very effective in my experience.
Click to expand...

On-line scanners are the most unsafe and next to useless. Because by the
time you've started your infected Windows and connected to the
Internet via this infected code base, and start to look for scanning sites
through infected DNS, you are almost certain to have the malware
perfectly positioned to overrule your attempts to clean it. Also, you have
to use IE on very low security setting - ActiveX is required. Many users
will lower security in the Internet Zone to use the service and then forget
to set the Internet Zone back to highest possible security level, which is
the only way that IE should be set.
What happens if active malware is found? Don't expect that the on-line
scanner will do anything about it. Most of them are just just marketing
tools for selling you their products. Quite often, malware removal on the
NT based OS (Win 2K and XP) is far from easy. Sometimes a resident AV can
deal with it in Safe Mode.

David's Multi-AV is safer, because you don't have to be online to use it,
and it can be used in Safe Mode.
 
P

pgnl

David H. Lipman said:
From: "pgnl" <stuff@(removethisstuff)pgnl.co.uk>

| I have Norton AntiVirus 2007 and a new Vista PC which is about 3 months
old.
| Norton AV is reporting that I have two instances of the
'W32.Spybot.Worm'.
| Norton just says 'review' and fails to remove them.
|
| I have switched off System restore and re-run the scanner but the same
| thing happens, I have tried running it in Safe mode but it still reports
the
| same.
|
| What does this mean? Should I be worried?
|
| None of Symantec instructions for Norton AV relate to Vista (only up to
XP)
| and I am a bit reluctant to follow them since they involve editing the
| registry.
|
| I cannot find any automatic removal tools on the web for XP or
otherwise.
|
| Please help.
|
| Patrick
| uk
|


Download MULTI_AV.EXE from the URL --
http://www.pctipp.ch/downloads/dl/35905.asp

To use this utility, perform the following...
Execute; Multi_AV.exe { Note: You must use the default folder C:\AV-CLS }
Choose; Unzip
Choose; Close

Execute; C:\AV-CLS\StartMenu.BAT
{ or Double-click on 'Start Menu' in C:\AV-CLS }

NOTE: You may have to disable your software FireWall or allow WGET.EXE to
go through your
FireWall to allow it to download the needed AV vendor related files.

C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in C:\AV-CLS}
This will bring up the initial menu of choices and should be executed in
Normal Mode.
This way all the components can be downloaded from each AV vendor's web
site.
The choices are; Sophos, Trend, McAfee, Kaspersky, Exit this menu and
Reboot the PC.

You can choose to go to each menu item and just download the needed files
or you can
download the files and perform a scan in Normal Mode. Once you have
downloaded the files
needed for each scanner you want to use, you should reboot the PC into
Safe Mode [F8 key
during boot] and re-run the menu again and choose which scanner you want
to run in Safe
Mode. It is suggested to run the scanners in both Safe Mode and Normal
Mode.

When the menu is displayed hitting 'H' or 'h' will bring up a more
comprehensive PDF help
file.

Additional Instructions:
http://pcdid.com/Multi_AV.htm


* * * Please report back your results * * *
Click to expand...

Many thanks for your response and suggestion, which was very helpful.

I ran the software and downloaded the Trend definitions which found 3
trojans none of which Norton had previously spotted. Although pretty
experienced with Windows, I am not when it comes to viruses, since I have
had few problems in the past. Anyway I re-ran Norton and it still reported
the same problems as before. After delving a bit further I found they were
attached to a couple of files I had downloaded and I don't think I had
actually ever opened them. I have permanently deleted those files now so
hopefully all will be well. But with Trend finding those trojans it does
make me wonder what else is lurking on my machines...

Many thanks again and Merry Christmas to you.



Patrick
Worcs, UK
 
P

pgnl

Kayman said:
For an intermedidiate fix download/install the MULTI_AV tool as suggested
by D.Lipman.

You may then consider this:
"So, you didnÿt patch the system and it got hacked. What to do? Well, letÿs
see: ..."
"The only way to clean a compromised system is to flatten and rebuild.
Thatÿs right. If you have a system that has been completely compromised,
the only thing you can do is to flatten the system (reformat the system
disk) and rebuild it from scratch (re-install Windows and your
applications)..."
http://www.microsoft.com/technet/community/columns/secmgmt/sm0504.mspx

And this:
The retail version of Norton can play havoc with your pc. Uninstall it
using Norton's own uninstall tool
http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2005033108162039
and get a refund :)
As suggested on the site, you may wish to print out the directions before
proceeding.
Or
http://www.majorgeeks.com/Norton_Removal_Tool_SymNRT_d4749.html

If the Norton removal tool doesn't work satisfactory use this:
Revo Uninstaller Freeware - Remove unwanted programs and traces easily
http://www.revouninstaller.com/
and/or
RegSeeker
http://www.hoverdesk.net/freeware.htm
RegSeeker will remove all associated detritus (registry keys,files and
folders) from any application. I found this application user friendly and
very effective but suggest *not* to use the 'Clean the Registry' option.
Click onto 'Find in registry' and in the 'Search for' box type *Norton*;
The pertinent registry keys can then be safely deleted (just in case,
ensure that the 'Backup before deletion' is checked). Repeat the task by
typing in the Search for' box *Symantec*. You can then go on search and
remove associated files as well.
Then use NTREGOPT to compact the registry; Follow instructions.
http://www.larshederer.homepage.t-online.de/erunt

Then look at these:
Real-time AV applications - for viral malware.
Do not utilize more than one (1) real-time anti-virus scanning engine!
Disable the e-mail scanning function during installation (Custom
Installation on some AV apps.) as it provides no additional protection.
http://www.oehelp.com/OETips.aspx#3
In fact, most of experts (incl. Norton) believe that scanning incoming and
outgoing mail causes e-mail file corruption.

Avira AntiVir® PersonalEdition Classic - Free
http://www.free-av.com/antivirus/allinonen.html

Free antivirus - avast! 4 Home Edition
http://www.avast.com/eng/avast_4_home.html
(Choose Custom Installation and under Resident
Protection, uncheck: Internet Mail and Outlook/Exchange.)

Good luck :)
Click to expand...

Thanks for your lengthy and very helpful response, see my other post to what
happened.

Merry Christmas.

Patrick
 
K

Kayman

Thanks for your lengthy and very helpful response, see my other post to what
happened.
Click to expand...
Did you also scan with McAfee, Kaspersky and Sophos in both 'normal' *and*
'safe' mode?
If not you should!

If problem persists reformat HDD!

Did you see my note re Norton?
If not re-read!

Tip for you new year resolution:
Focus on security; Develop a security concept!
The only reasonable way to deal with malware is to prevent it from being
run in the first place.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

@ Help with w32.spybot.worm 1
W32.SPYBOT.WORM 5
w32.spybot.worm Virus Keeps Coming Back!?!? Help! 7
W32.Spybot.Worm 4
w32.spybot.worm 1
Help With w32.spybot.worm 2
w32.spybot.worm 1
Virus w32.weird removal using norton 1

Top