Phoenix said:
Hi,i'm really sorry i haven't been answering these posts,I'm not really a
computer wiz,so i don't exactly know what to do,or what not to do.usually my
dad takes care of these errors,but i'm on holiday for a while and he's at
work.
We have Norton antivirus 2003 edition profesional edition,and norton
antivirus 2006 (symantec corporation),do i need any more antivirus
programmes?
I have microsoft office 2000 multilanguage pack disc 1 ,and microsoft office
2000 premium.I'm now working with windows xp( professional ,version
2002,service pack 2), but we have both: windows ME and windows XP installed.
i have windows media player version 9
i hope that i have mentioned the required information now,and i'm really
sorry for not doing so before.
thank you for your patience,
Sara M. Sherra
First try to clean Up your Caches, Internet Files and Cookies to that you
don't need to be on the Internet <Off the Internet>:
1= Click start >> Control Panel >> Double Click Network and Internet
Connections >> Double click Internet Options, on the IE Properties window
you will see these Options:
General | Security | Privacy | Content | Connections | Programs
| Advanced .
Click on General Tab (1st Tab on the left) and you will see a Button called
[ Clear History ..] click on it to clear your History caches, then click on
[Delete Files..] to delete Internet Files created over the time, click on [
Delete Cookies...] to delete your cookies left by visiting websites.
= Then try to Disable the Add-Ons on your Browser somehow installed on your
browser, On how to disable the Add-ons follow this:
Click on Programs Tab and then click the Manage Add-Ons Button there Disable
the None/Not Verified Plug-ins/Add-ons ( you can Renable them one-by-one
later and see which is the culprit or you can send them here in your next
post) and click [OK] to confirm your Changes.
Click on Advanced Tab and scroll down under the browsing option and uncheck
this box:
[&] Browsing
[ ] Enable Third-Party browser extensions (Req Rest) and click Apply
then Ok to close your IE Properties.
2= Then Open the Windows Explorer by clicking Start >> All Programs >>
Accessories >> Windows explorer < This on XP> there locate this paths to
clear your Temp and delete any files/process for this worm if it there or you
can spot it there:
Create and Executable file in this path with this name or something similar
look for the File with extension *.exe* and see if they belong to
a windows file ( even if it belong to windows it could be infected with this
worm) so you need to do a search to be sure it is ligitimate file.
C:\Documents and Settings\<current user name>\Start
Menu\Programs\Startup\Cti.exe
Create a Keylogger in this path with .DLL extension or .Dat and encrypted
for the user not to be able to read it or change its permission:
C:\Windows\System\ <Look here for files with .DLL or .Dat>
\Windows\System32\< running service file here>
For the DLL this for example it create seven character names each:
C:\WINDOWS\SYSTEM\eamoim.dll
C:\WINDOWS\SYSTEM\pagurgu.dll
C:\Windows\System\zakqlkq.dll
For example something like this for the .dat:
C:\WINDOWS\kaewue.dat
C:\WINDOWS\uaisoi.dat
C:\Windows\Temp\Teporary Internet Files\Cookies = Select All and SHIFT +
Delete
C:\Windows\Temp\Teporary Internet Files\ContentIE.5 = <Delete all Temp
folders here>
3= Instructions on how to get Rid of BugBear worm, download the Zip file in
the Middle of the page and Extract it ,read the instruction first and then
proceed:
http://www.sophos.com/support/disinfection/bugbearb.html
Scan from here for the Worm:
http://www.f-secure.com/v-descs/bugbear_b.shtml#disinf
Removal Tool from Norton from here
http://www.symantec.com/security_response/writeup.jsp?docid=2003-060518-0958-99
Run a scan from here online:
http://www3.ca.com/securityadvisor/virusinfo/scan.aspx
Download Avast Cleaner from here:
http://www.avast.com/eng/avast-virus-cleaner.html
Lots of tools to download and disinfect your machine:
http://www.bitdefender.co.uk/site/Downloads/browseFreeRemovalTool/
For Malwares download both these software:
http://www.lavasoft.com/products/ad-aware_se_personal.php
http://www.safer-networking.org ; for Spybot S&D
4= Open a Run Command and type in:
regedit.exe click [K]
On the Registry Editor locate these Keys and Note the enetries and Remove it
if you are sure it is infected:
[-]HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run = look
here for the runing processes and remove the suspcious ones.
[-]HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\
Common Startup = <common startup full path>
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce= look in the Right
pane/Window for something like this "xxx" = "****.EXE"
I will perform Step (1,3) before any other steps to get you cleaned up from
the worm then to be sure perform the reset, also Norton 2003 is way old and
outdated and it is infected by the Worm, my advice Download one of the free
Anti-Virus like Avast or AVG with them you can get ZoneAlarm to protect you
from intruders and also you need to weed out your e-mails one of the e-mails
is containing this worm, delete all unknown E-mail which you get like free
vouchers, you won the 1$ Million Dalers and Hello, all the e-mail you don't
know the sender Flush it from your Outlook and from the E-mail server:
Here is the kink for ZA download all versions:
http://download.zonelabs.com/bin/free/information/znalm/zaReleaseHistory.html
After cleaning up and getting rid of this worm try to Run Windows updates
and get the security updates for your system and for your Outlook + IE.
Change your E-mail passwords and Your Bank passwords and Details if possible!.
HTH.
Let us know if you need further help.
nass
