• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 465
  • Last Modified:

WORM.WIN32.LADEX

NEED TO GET RID OF WORM.WIN32.LADEX. NORTON CAN'T FIND AND DESTROY
0
xstash
Asked:
xstash
  • 5
  • 3
  • 2
  • +1
2 Solutions
 
sunray_2003Commented:
Hi xstash,
> WORM.WIN32.LADEX

possibly you are having this worm which is also knows as ladex

check the removal instructions here

http://www.symantec.com/avcenter/venc/data/w32.dalbug.worm.html



Thanks
0
 
sunray_2003Commented:
0
 
What90Commented:
Hi xstash,


Have you followed Norton guide to removal:
http://www.symantec.com/avcenter/venc/data/w32.dalbug.worm.html


0
Evaluating UTMs? Here's what you need to know!

Evaluating a UTM appliance and vendor can prove to be an overwhelming exercise.  How can you make sure that you're getting the security that your organization needs without breaking the bank? Check out our UTM Buyer's Guide for more information on what you should be looking for!

 
What90Commented:
sunray_2003,
 Ba hum bug, you beat me to it, same link too! ;-)
0
 
sunray_2003Commented:
What90,
> Ba hum bug, you beat me to it, same link too!

Not a problem
0
 
trywaredkCommented:
Protect your pc in the future with a firewall...

Getting a personal Firewall
http://www.zensecurity.co.uk/default.asp?URL=personal

Download the free version of Sygate personal firewall
http://smb.sygate.com/support/documents/spf/default.htm
http://smb.sygate.com/download/download.php?pid=spf

Download the free version of ZoneAlarm firewall
http://www.zonelabs.com/store/content/company/zap_za_grid.jsp?lid=ho_za

Comparative reviews of personal firewall software:
http://www.firewallguide.com/software.htm 

Firewall Product Selector - Choose yourself which one to compare
http://www.spirit.com/cgi-new/report.pl?dbase=fw&function=view
0
 
trywaredkCommented:
Also protect your pc against spyware

Spybot:
http://security.kolla.de/index.php

Ad-aware Standard Edition is THE award winning, free*, multicomponent adware detection and removal utility:
http://www.lavasoft.de/software/adaware/

SpyFerret detects & removes spyware
http://www.onlinepcfix.com/spyware/spyware.htm

Bazooka Adware and Spyware Scanner v1.13.01
http://www.kephyr.com/spywarescanner/

Automatic check of your browser for parasites, adware and spyware
http://www.doxdesk.com/parasite/
0
 
xstashAuthor Commented:
All solutions recommended were tried before I came to experts exchange. I can't remove symantec sugested files.

I need something new.
0
 
sunray_2003Commented:
According to your question , you have said that Norton cannot find.
Is it finding the files now ?

what happens after you try using the removal instructions given in the link ? After rebooting the machine are the files still present  or are the files being shown as virus by norton ..

May be that virus has disabled norton from removing them .. Could be the case. What you can do is try removing norton completely from the system, reinstall it and check if it would work

http://service1.symantec.com/SUPPORT/nav.nsf/docid/2001092114452606

What OS are you in ?

Can you not go directly to that file and delete it ?
0
 
xstashAuthor Commented:
ANSWER:
I HAVE RUN NORTON AND IT DOES NOT IDENTIFY LMHSVC.EXE, SMSS.EXE, LADY.EXE, CSRSS.EXE AS A TROJAN OR VIRUS.
I HAVE FOLLOWED SYMANTEC SECURITY RESPONSE AND RE-BOOTED IN SAFE MODE WITH SYSTEM RESTORE OFF.
SMSS AND CSRSS DO NOT PERMIT "ENDING PROCESS" IN TASK MANAGER. PROIROTY IS NORMAL AND HIGH RESPECTIVELY AND CAN NOT BE CHANGED.
RENAMING THRU DOS (OR WINDOWS) OR CHANGING ATTRIBUTES EITHER IS NOT PERMITTED OR RESULTED IN A NEW FILE BEING CREATED IN 30 SECONDS.
ACCORDING TO SYMANTIC THIS BUGGER MESSES WITH THE REGISTRY AND DELETES ITSELF IF IT SEES REGEDIT RUNNING
ONCE REGEDIT IS CLOSED IT GOES BACK IN AND RECREATES THE REGISTRY ENTRIES AGAIN.

THERE IS MORE INFO ON SYMANTEC'S SITE UNDER W32.DALBUG.WORM.

YOU CAN TRULY GO MAD.
0
 
sunray_2003Commented:
csrss.exe is not a trojan : http://www.liutilities.com/products/wintaskspro/processlibrary/csrss/

smss.exe : http://www.liutilities.com/products/wintaskspro/processlibrary/smss/  -- Not spyware

the removal method here http://vil.nai.com/vil/content/v_99590.htm might work for lmhsvc.exe

looks like lady.exe is a network worm.. Try going offline , and then scan for virus and check if you can delete lady.exe

Also try these tools

CWShredder: http://www.softpedia.com/public/cat/10/17/10-17-150.shtml

HijackThis : http://www.webattack.com/download/dlhijackthis.shtml 

Pest Patrol : http://www.pestpatrol.com/

Trojan Remover :http://www.simplysup.com/
0
 
trywaredkCommented:
Take ownership of the files you can't delete.

HOW TO: Take Ownership of files in NTFS (windows xp)
http://support.microsoft.com/default.aspx?scid=kb;en-us;Q308421&sd=tech

HOW TO: Use the File Ownership Script Tool (Fileowners.pl) in Windows 2000
http://support.microsoft.com/default.aspx?scid=kb;en-us;320046

0

Featured Post

Will You Be GDPR Compliant by 5/28/2018?

GDPR? That's a regulation for the European Union. But, if you collect data from customers or employees within the EU, then you need to know about GDPR and make sure your organization is compliant by May 2018. Check out our preparation checklist to make sure you're on track today!

  • 5
  • 3
  • 2
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now