W32 cult b worm

G

gls858

I know this isn't the place to post
this but I tried an anti virus group and
didn't get a response.

I have PC-cillin updated with the latest engine
and pattern files. OS WIN XP.
When I do a scan it doesn't detect the virus.
I've been trying to get rid of this thing for
a couple of hours now. I checked numerous sites
and they all pretty much have the same solution.
Go into the registry and delete a couple of entries.

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\NvCpTDaemon =
wuauqmr.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce\NvCpTDaemon =
wuauqmr.exe

The problem is that the
entries come right back. I tried going into
safemode and deleting them, same result.
I did a find in the registry and deleted every
wuauqmr it found. They came right back.
How do I get rid of these entries or where
can I post this to get some help.

Thanks,
gls858
 
R

Rick \Nutcase\ Rogers

Hi,

That worm is usually distributed via the Kazaa file sharing network. Have
you either disabled or uninstalled that program and deleted the kazaa
folders in addition to removing hte registry entries?

--
Best of Luck,

Rick Rogers aka "Nutcase" MS-MVP - Win9x
Windows isn't rocket science! That's my other hobby!

Associate Expert - WinXP - Expert Zone
 
G

gls858

Rick "Nutcase" Rogers said:
Hi,

That worm is usually distributed via the Kazaa file sharing network. Have
you either disabled or uninstalled that program and deleted the kazaa
folders in addition to removing hte registry entries?

--
Best of Luck,

Rick Rogers aka "Nutcase" MS-MVP - Win9x
Windows isn't rocket science! That's my other hobby!

Associate Expert - WinXP - Expert Zone
Click to expand...
Rick,
Thanks for the reply. I don't use Kazaa and as far
as I know it's never been installed on the system.
That said I did have a Kazaa folder in the registry
which I deleted. I'll double check add and remove
programs just to be sure it's not there. I'm pretty
sure this came to me disguised as a Blue Mountan Card.
The strange thing is that I searched all drives for wuauqmr.exe
and didn't find anything, but somehow it keeps putting those
keys right back into the registry. It's got me stumped.

gls858
 
J

Joseph Conway [MSFT]

Try recovery console to delete the file. Since it is showing in the run
keys, try renaming the file and then remove the entries in the registry.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

W32/Cult-B virus 1
2 Strange entries in MSCONFIG | Startup 7
program startup mechanisms - apologies for previosu empty post 1
"admin" could not make entries in registry ... 8
Webroot's SPYSWEEPER 4
Registry editing in recovery console 6
unable to delete admin. tools icon on desktop 2
Virus 3

Top