W32 cult b worm

  • Thread starter Thread starter gls858
  • Start date Start date
G

gls858

I know this isn't the place to post
this but I tried an anti virus group and
didn't get a response.

I have PC-cillin updated with the latest engine
and pattern files. OS WIN XP.
When I do a scan it doesn't detect the virus.
I've been trying to get rid of this thing for
a couple of hours now. I checked numerous sites
and they all pretty much have the same solution.
Go into the registry and delete a couple of entries.

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\NvCpTDaemon =
wuauqmr.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce\NvCpTDaemon =
wuauqmr.exe

The problem is that the
entries come right back. I tried going into
safemode and deleting them, same result.
I did a find in the registry and deleted every
wuauqmr it found. They came right back.
How do I get rid of these entries or where
can I post this to get some help.

Thanks,
gls858
 
Hi,

That worm is usually distributed via the Kazaa file sharing network. Have
you either disabled or uninstalled that program and deleted the kazaa
folders in addition to removing hte registry entries?

--
Best of Luck,

Rick Rogers aka "Nutcase" MS-MVP - Win9x
Windows isn't rocket science! That's my other hobby!

Associate Expert - WinXP - Expert Zone
 
Rick "Nutcase" Rogers said:
Hi,

That worm is usually distributed via the Kazaa file sharing network. Have
you either disabled or uninstalled that program and deleted the kazaa
folders in addition to removing hte registry entries?

--
Best of Luck,

Rick Rogers aka "Nutcase" MS-MVP - Win9x
Windows isn't rocket science! That's my other hobby!

Associate Expert - WinXP - Expert Zone
Click to expand...
Rick,
Thanks for the reply. I don't use Kazaa and as far
as I know it's never been installed on the system.
That said I did have a Kazaa folder in the registry
which I deleted. I'll double check add and remove
programs just to be sure it's not there. I'm pretty
sure this came to me disguised as a Blue Mountan Card.
The strange thing is that I searched all drives for wuauqmr.exe
and didn't find anything, but somehow it keeps putting those
keys right back into the registry. It's got me stumped.

gls858
 
Try recovery console to delete the file. Since it is showing in the run
keys, try renaming the file and then remove the entries in the registry.
 
Back
Top