Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

WORM.WIN32.LADEX

Posted on 2004-04-04
12
Medium Priority
?
463 Views
Last Modified: 2013-12-04
NEED TO GET RID OF WORM.WIN32.LADEX. NORTON CAN'T FIND AND DESTROY
0
Comment
Question by:xstash
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 3
  • 2
  • +1
12 Comments
 
LVL 49

Expert Comment

by:sunray_2003
ID: 10754542
Hi xstash,
> WORM.WIN32.LADEX

possibly you are having this worm which is also knows as ladex

check the removal instructions here

http://www.symantec.com/avcenter/venc/data/w32.dalbug.worm.html



Thanks
0
 
LVL 49

Expert Comment

by:sunray_2003
ID: 10754545
0
 
LVL 20

Expert Comment

by:What90
ID: 10754554
Hi xstash,


Have you followed Norton guide to removal:
http://www.symantec.com/avcenter/venc/data/w32.dalbug.worm.html


0
Looking for the Wi-Fi vendor that's right for you?

We know how difficult it can be to evaluate Wi-Fi vendors, so we created this helpful Wi-Fi Buyer's Guide to help you find the Wi-Fi vendor that's right for your business! Download the guide and get started on our checklist today!

 
LVL 20

Expert Comment

by:What90
ID: 10754561
sunray_2003,
 Ba hum bug, you beat me to it, same link too! ;-)
0
 
LVL 49

Expert Comment

by:sunray_2003
ID: 10754620
What90,
> Ba hum bug, you beat me to it, same link too!

Not a problem
0
 
LVL 12

Expert Comment

by:trywaredk
ID: 10755255
Protect your pc in the future with a firewall...

Getting a personal Firewall
http://www.zensecurity.co.uk/default.asp?URL=personal

Download the free version of Sygate personal firewall
http://smb.sygate.com/support/documents/spf/default.htm
http://smb.sygate.com/download/download.php?pid=spf

Download the free version of ZoneAlarm firewall
http://www.zonelabs.com/store/content/company/zap_za_grid.jsp?lid=ho_za

Comparative reviews of personal firewall software:
http://www.firewallguide.com/software.htm 

Firewall Product Selector - Choose yourself which one to compare
http://www.spirit.com/cgi-new/report.pl?dbase=fw&function=view
0
 
LVL 12

Expert Comment

by:trywaredk
ID: 10755257
Also protect your pc against spyware

Spybot:
http://security.kolla.de/index.php

Ad-aware Standard Edition is THE award winning, free*, multicomponent adware detection and removal utility:
http://www.lavasoft.de/software/adaware/

SpyFerret detects & removes spyware
http://www.onlinepcfix.com/spyware/spyware.htm

Bazooka Adware and Spyware Scanner v1.13.01
http://www.kephyr.com/spywarescanner/

Automatic check of your browser for parasites, adware and spyware
http://www.doxdesk.com/parasite/
0
 

Author Comment

by:xstash
ID: 10762070
All solutions recommended were tried before I came to experts exchange. I can't remove symantec sugested files.

I need something new.
0
 
LVL 49

Expert Comment

by:sunray_2003
ID: 10762084
According to your question , you have said that Norton cannot find.
Is it finding the files now ?

what happens after you try using the removal instructions given in the link ? After rebooting the machine are the files still present  or are the files being shown as virus by norton ..

May be that virus has disabled norton from removing them .. Could be the case. What you can do is try removing norton completely from the system, reinstall it and check if it would work

http://service1.symantec.com/SUPPORT/nav.nsf/docid/2001092114452606

What OS are you in ?

Can you not go directly to that file and delete it ?
0
 

Author Comment

by:xstash
ID: 10762457
ANSWER:
I HAVE RUN NORTON AND IT DOES NOT IDENTIFY LMHSVC.EXE, SMSS.EXE, LADY.EXE, CSRSS.EXE AS A TROJAN OR VIRUS.
I HAVE FOLLOWED SYMANTEC SECURITY RESPONSE AND RE-BOOTED IN SAFE MODE WITH SYSTEM RESTORE OFF.
SMSS AND CSRSS DO NOT PERMIT "ENDING PROCESS" IN TASK MANAGER. PROIROTY IS NORMAL AND HIGH RESPECTIVELY AND CAN NOT BE CHANGED.
RENAMING THRU DOS (OR WINDOWS) OR CHANGING ATTRIBUTES EITHER IS NOT PERMITTED OR RESULTED IN A NEW FILE BEING CREATED IN 30 SECONDS.
ACCORDING TO SYMANTIC THIS BUGGER MESSES WITH THE REGISTRY AND DELETES ITSELF IF IT SEES REGEDIT RUNNING
ONCE REGEDIT IS CLOSED IT GOES BACK IN AND RECREATES THE REGISTRY ENTRIES AGAIN.

THERE IS MORE INFO ON SYMANTEC'S SITE UNDER W32.DALBUG.WORM.

YOU CAN TRULY GO MAD.
0
 
LVL 49

Accepted Solution

by:
sunray_2003 earned 1200 total points
ID: 10762851
csrss.exe is not a trojan : http://www.liutilities.com/products/wintaskspro/processlibrary/csrss/

smss.exe : http://www.liutilities.com/products/wintaskspro/processlibrary/smss/  -- Not spyware

the removal method here http://vil.nai.com/vil/content/v_99590.htm might work for lmhsvc.exe

looks like lady.exe is a network worm.. Try going offline , and then scan for virus and check if you can delete lady.exe

Also try these tools

CWShredder: http://www.softpedia.com/public/cat/10/17/10-17-150.shtml

HijackThis : http://www.webattack.com/download/dlhijackthis.shtml 

Pest Patrol : http://www.pestpatrol.com/

Trojan Remover :http://www.simplysup.com/
0
 
LVL 12

Assisted Solution

by:trywaredk
trywaredk earned 300 total points
ID: 10775841
Take ownership of the files you can't delete.

HOW TO: Take Ownership of files in NTFS (windows xp)
http://support.microsoft.com/default.aspx?scid=kb;en-us;Q308421&sd=tech

HOW TO: Use the File Ownership Script Tool (Fileowners.pl) in Windows 2000
http://support.microsoft.com/default.aspx?scid=kb;en-us;320046

0

Featured Post

On Demand Webinar: Networking for the Cloud Era

Did you know SD-WANs can improve network connectivity? Check out this webinar to learn how an SD-WAN simplified, one-click tool can help you migrate and manage data in the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Many people tend to confuse the function of a virus with the one of adware, this misunderstanding of the basic of what each software is and how it operates causes users and organizations to take the wrong security measures that would protect them ag…
Article by: btan
The intent is not to repeat what many has know about Ransomware but more to join its dots of what is it, who are the victims, why it exists, when and how we respond on infection. Lastly, sum up in a glance to share such information with more to help…
Do you want to know how to make a graph with Microsoft Access? First, create a query with the data for the chart. Then make a blank form and add a chart control. This video also shows how to change what data is displayed on the graph as well as form…
How to fix incompatible JVM issue while installing Eclipse While installing Eclipse in windows, got one error like above and unable to proceed with the installation. This video describes how to successfully install Eclipse. How to solve incompa…
Suggested Courses

688 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question