?
Solved

How to rid of SirCam Virus/SirC32.EXE after quarantined?

Posted on 2003-03-02
9
Medium Priority
?
852 Views
Last Modified: 2013-12-28
My friend recently got hit by SirCam virus; we got it quarantined by Norton AV. Later, during startup, we kept getting error msgs about not being able to find SirC32.exe. So we downloaded the symantec fixer; but it only got worse. We got the options to quarantined, or to leave the file alone...we continued to quarantine it. I think it was the wrong choice. During startup, the error msgs continue to come, and we can't open any applications, except working online. Does anyone have any solutions?
0
Comment
Question by:mismag
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
9 Comments
 
LVL 41

Assisted Solution

by:stevenlewis
stevenlewis earned 100 total points
ID: 8051566
go here and get the .exe fix
http://www.geocities.com/plansdowne_ca/
it is a .reg file, unzip it, and double click on the reg file, reboot and your .exe will work
0
 
LVL 41

Expert Comment

by:stevenlewis
ID: 8051577
if you're good in the registry
you can rename regedit.exe to regedit.com (it will then work)
and go to these keys and fix it manually
this is how they should look
REGEDIT4

[HKEY_CLASSES_ROOT\exefile\shell\open\command]
@="\"%1\" %*"

[HKEY_LOCAL_MACHINE\Software\CLASSES\exefile\shell\open\command]
@="\"%1\" %*"

then check your run keys for the SirC32.exe
and delete it
the run keys
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]



0
 
LVL 41

Expert Comment

by:stevenlewis
ID: 8051580
Oh, and by all means quaranteen it, do not let it run!
0
Optimize your web performance

What's in the eBook?
- Full list of reasons for poor performance
- Ultimate measures to speed things up
- Primary web monitoring types
- KPIs you should be monitoring in order to increase your ROI

 

Assisted Solution

by:rameshsamala
rameshsamala earned 100 total points
ID: 8052243
hi,

 1)  For your problem boot your system from safe mode and run SYmantec tool which u downloaded from symantec website...


 2)  Next Replace the Rundll32.exe file from fresh system..

 3)  Type the command "msconfig" at run

 4)  In the startup tab check out any invalid entries  
     there  If there just unchek the check box..
 5)  open the Autoexec.bat file check out any invalid
     entries there just remove the lines
 6)  form the command prompt  come to Recybin directory
     just type the command  "deltree . "

     Just restrat your system again in safe mode only

 7)  in run just type the command regedit
     form the HKE_LoCAL_MACHINE
                   Software
         In the software container if you have any
        sircam   directories just delete it.
 8)  HKey_LOCAL_MACHINE
         Softwares
            Microsoft
                windows
                  current verstion
                        run
                           in the run folder if you any sircam related entries just delete it


thats all


good luck


   
0
 

Accepted Solution

by:
shantigohil earned 100 total points
ID: 8056251
mismag,
This is how your prob. looks
Error: "Cannot find the file "\recycled\SirC32.exe' (or one of its components)..." when trying to run a program after you quarantine or delete a W32.Sircam.Worm@mm infected file.If the answer is YES.Some insight before you go further.

Situation:
Norton AntiVirus detected the W32.Sircam.Worm@mm worm, and you quarantined or deleted the infected file. Now, when you try to run any program, you see the error message "Cannot find the file "\recycled\SirC32.exe' (or one of its components) make sure the path and filename are correct and that all required libraries are available."

Solution:
This error indicates that your computer has been infected by the W32.Sircam.Worm@mm worm. The worm has added the entry "\recycled\sirC32.exe" to a Windows registry key. This registry key is responsible for opening executable files on your computer. The registry key entry was not removed when the infected SirC32.exe file was quarantined or deleted. As a result, when you try to run a program, the registry key that opens executable files tries to locate the deleted SirC32.exe file. Because the file has been removed from the hard drive, the registry cannot find the file and you see this error message.

Removal Instruction.
Go to http://www.symantec.com/avcenter/venc/data/w32.sircam.worm@mm.removal.tool.html      and follow instructions.
Good luck

Shantigohil

0
 

Author Comment

by:mismag
ID: 8134582
thanks so much it worked :)
0
 
LVL 41

Expert Comment

by:stevenlewis
ID: 8139930
Glad we could help, now we need you to accept the comment that helped, so we can close this and move it to PAQ, and also award the expert whose comment you used :~)
0

Featured Post

Are You Using the Best Web Development Editor?

The worlds of web hosting and web development are constantly evolving. Every year we see design trends change, coding standards adapt and new frameworks/CMS created. With such a quick pace of change it’s easy to get lost trying to keep up.

See if your editor made the list.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article helps those who get the 0xc004d307 error when trying to rearm (reset the license) Office 2013 in a Virtual Desktop Infrastructure (VDI) and/or those trying to prep the master image for Microsoft Key Management (KMS) activation. (i.e.- C…
In the absence of a fully-fledged GPO Management product like AGPM, the script in this article will provide you with a simple way to watch the domain (or a select OU) for GPOs changes and automatically take backups when policies are added, removed o…
The viewer will learn how to successfully create a multiboot device using the SARDU utility on Windows 7. Start the SARDU utility: Change the image directory to wherever you store your ISOs, this will prevent you from having 2 copies of an ISO wit…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
Suggested Courses

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question