Worm Problems - PLEASE HELP

[adillon]

well, it seems as though i have gotten myself a worm called 'Duload.A' by *cough* acquiring *cough* what i thought was an SoF2 multiplayer crack ... apparently it was not.

 

*hangs head in shame*

 

it seems that my virus software recognizes the worm ... it gives me warnings constantly. however, it does not seem to remove the worm when i run a scan. very confusing. i've looked at plenty of virus-related websites, and the only thing i can do now is remove a few lines from my registry that the worm wrote into it.

 

so, first off, does anybody have/know of an antidote i can use to remove the worm?

 

secondly, if there is no antidote available, SHOULD i delete the lines from my registry? this makes me very nervous ... but if i should do it this way, can you tell me where the registry can be found (windows XP)?

 

NOTE TO SELF: be careful what you download.

 

thanks in advance for any and all help you can give me.

[Hekx]

Use the Trend Macro Housecall Online Virus scan.. thing, Luke!

 

I use 'AVG Anti-Virus System: Free Edition' which doesn't seem to eat up resources and memory like a bloated piece of Micro$oft software.

 

In the past, I got quite a few worms of Kazaa.

That Benjamin one...

 

-Edit-

I've found this worm-removing guide, which may help...

This may also help, which includes, running their free online virus-scan, which I posted above.

[Wacky_Baccy]

Posted by adillon

well, it seems as though i have gotten myself a worm called 'Duload.A' by *cough* acquiring *cough* what i thought was an SoF2 multiplayer crack ... apparently it was not.

 

*hangs head in shame*

Tut tut tut... Oh well, it happens to a lot of people, so don't feel too bad

 

it seems that my virus software recognizes the worm ... it gives me warnings constantly. however, it does not seem to remove the worm when i run a scan. very confusing. i've looked at plenty of virus-related websites, and the only thing i can do now is remove a few lines from my registry that the worm wrote into it.

What software are you using?

 

so, first off, does anybody have/know of an antidote i can use to remove the worm?

Can't find anything myself, but there's a few sites with manual removal instructions like you seem to have already found... Looks like that's the only way to fix it if you antivirus software isn't automatically doing it...

 

secondly, if there is no antidote available, SHOULD i delete the lines from my registry? this makes me very nervous ...

Depends on the lines you've been told to delete

 

Compare a few sites that have manual removal instructions, and if the reg keys are all the same, then there shouldn't be a problem

 

but if i should do it this way, can you tell me where the registry can be found (windows XP)?

Start > Run > "regedit" [press Enter]

 

And back it up first - File > Export > set "Export Range" to "All", then give it a name and save it just in case something goes wrong

[adillon]

i use AVG as well ... it doesn't really make sense that it would recognize the worm and yet not be able to remove it. i went in and manually removed the registry entries through regedit, hopefully all is well.

 

thanks for your help guys! i appreciate it.

[WolfmanNCSU]

This worm is also know as w32.hllw.yoof

 

This is some info about it and how to get ride of the worm registers manually. Here ya go.

[[RAA]-=Chi3f=-]

Unfortunatelly the worms, trojan horses, and breakers are getting worse. I caught a nasty virus last summer.

 

 

The only way to stop these viruses is through prevention. Mine was so bad, I had to reformat both drives on my pc.

 

 

1)Run a firewall. I use blackICE defender. BTW, my firewall was down when I got my virus.

 

2) Perform regular scans with Anti-virus software. Also, keep your virus definition list up to date.

 

3) Avoid wares at all costs. For those of us that like that sort of thing, rumor has it that some software companies are putting out fake versions of their stuff to catch hackers. One version will send an email to the company with your ip saying that you're a thief.

 

4) When you dl a file from a peer to peer program, check the file size to see if it matches up with other files. If you dl a song, for example, that you already own.

 

 

Here's a search example...

 

Disturbed_stupify.mp3 / 4.53mb

Disturbed_stupify.mp3 / 4.53mb

Disturbed01_stupified_2002.mp3 / 4.53mb

Disturbed01newAlbum.mp3 / 2.3mb

Stupified - Disturbed(awesome live).mp3 / 6.73mb

Disturbed_stupify01.mp3 / 4.52mb

 

The 2.3mb is either a different version or possible a fake file. Sometimes file size can vary depending on the method of compression.

 

 

 

 

 

in other words...

 

 

Downloaders beware.

[adillon]

thanks for the help, guys.

 

i THINK the worm will no longer be a problem for me ... knock wood.

 

i found it very strange that the scans would not find any worms/viruses even though i was receiving warnings. being so observant, i noticed that the path referred to in these warnings said something about the restore files for the operating system. i read in one of the links that virus scanning applications cannot scan the restore files. so, it was a matter of turning off system restore, restarting the machine, then turning restore back on.

 

no more warnings, no more worm ... what a relief.

 

 

*pats self on back*

[BCanr2d2]

Please write on the blackboard 100 times "I will always virus scan no matter what"

 

Let us know when you have finished that..!!

 

Is your Firewall and Anti-Virus still running, even after needing to turn off system restore, and restart. Personally, that sounds more like System Restore was trying to replace a file that had been changed, but I could be wrong....