Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

WORM.WIN32.LADEX

Posted on 2004-04-04
12
Medium Priority
?
464 Views
Last Modified: 2013-12-04
NEED TO GET RID OF WORM.WIN32.LADEX. NORTON CAN'T FIND AND DESTROY
0
Comment
Question by:xstash
  • 5
  • 3
  • 2
  • +1
12 Comments
 
LVL 49

Expert Comment

by:sunray_2003
ID: 10754542
Hi xstash,
> WORM.WIN32.LADEX

possibly you are having this worm which is also knows as ladex

check the removal instructions here

http://www.symantec.com/avcenter/venc/data/w32.dalbug.worm.html



Thanks
0
 
LVL 49

Expert Comment

by:sunray_2003
ID: 10754545
0
 
LVL 20

Expert Comment

by:What90
ID: 10754554
Hi xstash,


Have you followed Norton guide to removal:
http://www.symantec.com/avcenter/venc/data/w32.dalbug.worm.html


0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 
LVL 20

Expert Comment

by:What90
ID: 10754561
sunray_2003,
 Ba hum bug, you beat me to it, same link too! ;-)
0
 
LVL 49

Expert Comment

by:sunray_2003
ID: 10754620
What90,
> Ba hum bug, you beat me to it, same link too!

Not a problem
0
 
LVL 12

Expert Comment

by:trywaredk
ID: 10755255
Protect your pc in the future with a firewall...

Getting a personal Firewall
http://www.zensecurity.co.uk/default.asp?URL=personal

Download the free version of Sygate personal firewall
http://smb.sygate.com/support/documents/spf/default.htm
http://smb.sygate.com/download/download.php?pid=spf

Download the free version of ZoneAlarm firewall
http://www.zonelabs.com/store/content/company/zap_za_grid.jsp?lid=ho_za

Comparative reviews of personal firewall software:
http://www.firewallguide.com/software.htm 

Firewall Product Selector - Choose yourself which one to compare
http://www.spirit.com/cgi-new/report.pl?dbase=fw&function=view
0
 
LVL 12

Expert Comment

by:trywaredk
ID: 10755257
Also protect your pc against spyware

Spybot:
http://security.kolla.de/index.php

Ad-aware Standard Edition is THE award winning, free*, multicomponent adware detection and removal utility:
http://www.lavasoft.de/software/adaware/

SpyFerret detects & removes spyware
http://www.onlinepcfix.com/spyware/spyware.htm

Bazooka Adware and Spyware Scanner v1.13.01
http://www.kephyr.com/spywarescanner/

Automatic check of your browser for parasites, adware and spyware
http://www.doxdesk.com/parasite/
0
 

Author Comment

by:xstash
ID: 10762070
All solutions recommended were tried before I came to experts exchange. I can't remove symantec sugested files.

I need something new.
0
 
LVL 49

Expert Comment

by:sunray_2003
ID: 10762084
According to your question , you have said that Norton cannot find.
Is it finding the files now ?

what happens after you try using the removal instructions given in the link ? After rebooting the machine are the files still present  or are the files being shown as virus by norton ..

May be that virus has disabled norton from removing them .. Could be the case. What you can do is try removing norton completely from the system, reinstall it and check if it would work

http://service1.symantec.com/SUPPORT/nav.nsf/docid/2001092114452606

What OS are you in ?

Can you not go directly to that file and delete it ?
0
 

Author Comment

by:xstash
ID: 10762457
ANSWER:
I HAVE RUN NORTON AND IT DOES NOT IDENTIFY LMHSVC.EXE, SMSS.EXE, LADY.EXE, CSRSS.EXE AS A TROJAN OR VIRUS.
I HAVE FOLLOWED SYMANTEC SECURITY RESPONSE AND RE-BOOTED IN SAFE MODE WITH SYSTEM RESTORE OFF.
SMSS AND CSRSS DO NOT PERMIT "ENDING PROCESS" IN TASK MANAGER. PROIROTY IS NORMAL AND HIGH RESPECTIVELY AND CAN NOT BE CHANGED.
RENAMING THRU DOS (OR WINDOWS) OR CHANGING ATTRIBUTES EITHER IS NOT PERMITTED OR RESULTED IN A NEW FILE BEING CREATED IN 30 SECONDS.
ACCORDING TO SYMANTIC THIS BUGGER MESSES WITH THE REGISTRY AND DELETES ITSELF IF IT SEES REGEDIT RUNNING
ONCE REGEDIT IS CLOSED IT GOES BACK IN AND RECREATES THE REGISTRY ENTRIES AGAIN.

THERE IS MORE INFO ON SYMANTEC'S SITE UNDER W32.DALBUG.WORM.

YOU CAN TRULY GO MAD.
0
 
LVL 49

Accepted Solution

by:
sunray_2003 earned 1200 total points
ID: 10762851
csrss.exe is not a trojan : http://www.liutilities.com/products/wintaskspro/processlibrary/csrss/

smss.exe : http://www.liutilities.com/products/wintaskspro/processlibrary/smss/  -- Not spyware

the removal method here http://vil.nai.com/vil/content/v_99590.htm might work for lmhsvc.exe

looks like lady.exe is a network worm.. Try going offline , and then scan for virus and check if you can delete lady.exe

Also try these tools

CWShredder: http://www.softpedia.com/public/cat/10/17/10-17-150.shtml

HijackThis : http://www.webattack.com/download/dlhijackthis.shtml 

Pest Patrol : http://www.pestpatrol.com/

Trojan Remover :http://www.simplysup.com/
0
 
LVL 12

Assisted Solution

by:trywaredk
trywaredk earned 300 total points
ID: 10775841
Take ownership of the files you can't delete.

HOW TO: Take Ownership of files in NTFS (windows xp)
http://support.microsoft.com/default.aspx?scid=kb;en-us;Q308421&sd=tech

HOW TO: Use the File Ownership Script Tool (Fileowners.pl) in Windows 2000
http://support.microsoft.com/default.aspx?scid=kb;en-us;320046

0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This is a guide to the following problem (not exclusive but here) on Windows: Users need our support and we supporters often use global administrative accounts to do this. Using these accounts safely is a real challenge. Any admin who takes se…
In a recent article here at Experts Exchange (http://www.experts-exchange.com/articles/18880/PaperPort-14-in-Windows-10-A-First-Look.html), I discussed my nine-month sandbox testing of the Windows 10 Technical Preview, specifically with respect to r…
This video shows how to quickly and easily deploy an email signature for all users in Office 365 and prevent it from being added to replies and forwards. (the resulting signature is applied on the server level in Exchange Online) The email signat…
In a question here at Experts Exchange (https://www.experts-exchange.com/questions/29062564/Adobe-acrobat-reader-DC.html), a member asked how to create a signature in Adobe Acrobat Reader DC (the free Reader product, not the paid, full Acrobat produ…

877 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question