?
Solved

How to rid of SirCam Virus/SirC32.EXE after quarantined?

Posted on 2003-03-02
9
Medium Priority
?
876 Views
Last Modified: 2013-12-28
My friend recently got hit by SirCam virus; we got it quarantined by Norton AV. Later, during startup, we kept getting error msgs about not being able to find SirC32.exe. So we downloaded the symantec fixer; but it only got worse. We got the options to quarantined, or to leave the file alone...we continued to quarantine it. I think it was the wrong choice. During startup, the error msgs continue to come, and we can't open any applications, except working online. Does anyone have any solutions?
0
Comment
Question by:mismag
7 Comments
 
LVL 41

Assisted Solution

by:stevenlewis
stevenlewis earned 100 total points
ID: 8051566
go here and get the .exe fix
http://www.geocities.com/plansdowne_ca/
it is a .reg file, unzip it, and double click on the reg file, reboot and your .exe will work
0
 
LVL 41

Expert Comment

by:stevenlewis
ID: 8051577
if you're good in the registry
you can rename regedit.exe to regedit.com (it will then work)
and go to these keys and fix it manually
this is how they should look
REGEDIT4

[HKEY_CLASSES_ROOT\exefile\shell\open\command]
@="\"%1\" %*"

[HKEY_LOCAL_MACHINE\Software\CLASSES\exefile\shell\open\command]
@="\"%1\" %*"

then check your run keys for the SirC32.exe
and delete it
the run keys
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]



0
 
LVL 41

Expert Comment

by:stevenlewis
ID: 8051580
Oh, and by all means quaranteen it, do not let it run!
0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 

Assisted Solution

by:rameshsamala
rameshsamala earned 100 total points
ID: 8052243
hi,

 1)  For your problem boot your system from safe mode and run SYmantec tool which u downloaded from symantec website...


 2)  Next Replace the Rundll32.exe file from fresh system..

 3)  Type the command "msconfig" at run

 4)  In the startup tab check out any invalid entries  
     there  If there just unchek the check box..
 5)  open the Autoexec.bat file check out any invalid
     entries there just remove the lines
 6)  form the command prompt  come to Recybin directory
     just type the command  "deltree . "

     Just restrat your system again in safe mode only

 7)  in run just type the command regedit
     form the HKE_LoCAL_MACHINE
                   Software
         In the software container if you have any
        sircam   directories just delete it.
 8)  HKey_LOCAL_MACHINE
         Softwares
            Microsoft
                windows
                  current verstion
                        run
                           in the run folder if you any sircam related entries just delete it


thats all


good luck


   
0
 

Accepted Solution

by:
shantigohil earned 100 total points
ID: 8056251
mismag,
This is how your prob. looks
Error: "Cannot find the file "\recycled\SirC32.exe' (or one of its components)..." when trying to run a program after you quarantine or delete a W32.Sircam.Worm@mm infected file.If the answer is YES.Some insight before you go further.

Situation:
Norton AntiVirus detected the W32.Sircam.Worm@mm worm, and you quarantined or deleted the infected file. Now, when you try to run any program, you see the error message "Cannot find the file "\recycled\SirC32.exe' (or one of its components) make sure the path and filename are correct and that all required libraries are available."

Solution:
This error indicates that your computer has been infected by the W32.Sircam.Worm@mm worm. The worm has added the entry "\recycled\sirC32.exe" to a Windows registry key. This registry key is responsible for opening executable files on your computer. The registry key entry was not removed when the infected SirC32.exe file was quarantined or deleted. As a result, when you try to run a program, the registry key that opens executable files tries to locate the deleted SirC32.exe file. Because the file has been removed from the hard drive, the registry cannot find the file and you see this error message.

Removal Instruction.
Go to http://www.symantec.com/avcenter/venc/data/w32.sircam.worm@mm.removal.tool.html      and follow instructions.
Good luck

Shantigohil

0
 

Author Comment

by:mismag
ID: 8134582
thanks so much it worked :)
0
 
LVL 41

Expert Comment

by:stevenlewis
ID: 8139930
Glad we could help, now we need you to accept the comment that helped, so we can close this and move it to PAQ, and also award the expert whose comment you used :~)
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Understanding the various editions available is vital when you decide to purchase Windows Server 2012. You need to have a basic understanding of the features and limitations in each edition in order to make a well-informed decision that best suits …
This article is about my experience upgrading my consulting machine to Windows 10 Version 1709 (The Fall 2017 Creator Update)
In this video, we discuss why the need for additional vertical screen space has become more important in recent years, namely, due to the transition in the marketplace of 4x3 computer screens to 16x9 and 16x10 screens (so-called widescreen format). …
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Suggested Courses

621 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question