Solved

WORM.WIN32.LADEX

Posted on 2004-04-04
12
460 Views
Last Modified: 2013-12-04
NEED TO GET RID OF WORM.WIN32.LADEX. NORTON CAN'T FIND AND DESTROY
0
Comment
Question by:xstash
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 3
  • 2
  • +1
12 Comments
 
LVL 49

Expert Comment

by:sunray_2003
ID: 10754542
Hi xstash,
> WORM.WIN32.LADEX

possibly you are having this worm which is also knows as ladex

check the removal instructions here

http://www.symantec.com/avcenter/venc/data/w32.dalbug.worm.html



Thanks
0
 
LVL 49

Expert Comment

by:sunray_2003
ID: 10754545
0
 
LVL 20

Expert Comment

by:What90
ID: 10754554
Hi xstash,


Have you followed Norton guide to removal:
http://www.symantec.com/avcenter/venc/data/w32.dalbug.worm.html


0
Guide to Performance: Optimization & Monitoring

Nowadays, monitoring is a mixture of tools, systems, and codes—making it a very complex process. And with this complexity, comes variables for failure. Get DZone’s new Guide to Performance to learn how to proactively find these variables and solve them before a disruption occurs.

 
LVL 20

Expert Comment

by:What90
ID: 10754561
sunray_2003,
 Ba hum bug, you beat me to it, same link too! ;-)
0
 
LVL 49

Expert Comment

by:sunray_2003
ID: 10754620
What90,
> Ba hum bug, you beat me to it, same link too!

Not a problem
0
 
LVL 12

Expert Comment

by:trywaredk
ID: 10755255
Protect your pc in the future with a firewall...

Getting a personal Firewall
http://www.zensecurity.co.uk/default.asp?URL=personal

Download the free version of Sygate personal firewall
http://smb.sygate.com/support/documents/spf/default.htm
http://smb.sygate.com/download/download.php?pid=spf

Download the free version of ZoneAlarm firewall
http://www.zonelabs.com/store/content/company/zap_za_grid.jsp?lid=ho_za

Comparative reviews of personal firewall software:
http://www.firewallguide.com/software.htm 

Firewall Product Selector - Choose yourself which one to compare
http://www.spirit.com/cgi-new/report.pl?dbase=fw&function=view
0
 
LVL 12

Expert Comment

by:trywaredk
ID: 10755257
Also protect your pc against spyware

Spybot:
http://security.kolla.de/index.php

Ad-aware Standard Edition is THE award winning, free*, multicomponent adware detection and removal utility:
http://www.lavasoft.de/software/adaware/

SpyFerret detects & removes spyware
http://www.onlinepcfix.com/spyware/spyware.htm

Bazooka Adware and Spyware Scanner v1.13.01
http://www.kephyr.com/spywarescanner/

Automatic check of your browser for parasites, adware and spyware
http://www.doxdesk.com/parasite/
0
 

Author Comment

by:xstash
ID: 10762070
All solutions recommended were tried before I came to experts exchange. I can't remove symantec sugested files.

I need something new.
0
 
LVL 49

Expert Comment

by:sunray_2003
ID: 10762084
According to your question , you have said that Norton cannot find.
Is it finding the files now ?

what happens after you try using the removal instructions given in the link ? After rebooting the machine are the files still present  or are the files being shown as virus by norton ..

May be that virus has disabled norton from removing them .. Could be the case. What you can do is try removing norton completely from the system, reinstall it and check if it would work

http://service1.symantec.com/SUPPORT/nav.nsf/docid/2001092114452606

What OS are you in ?

Can you not go directly to that file and delete it ?
0
 

Author Comment

by:xstash
ID: 10762457
ANSWER:
I HAVE RUN NORTON AND IT DOES NOT IDENTIFY LMHSVC.EXE, SMSS.EXE, LADY.EXE, CSRSS.EXE AS A TROJAN OR VIRUS.
I HAVE FOLLOWED SYMANTEC SECURITY RESPONSE AND RE-BOOTED IN SAFE MODE WITH SYSTEM RESTORE OFF.
SMSS AND CSRSS DO NOT PERMIT "ENDING PROCESS" IN TASK MANAGER. PROIROTY IS NORMAL AND HIGH RESPECTIVELY AND CAN NOT BE CHANGED.
RENAMING THRU DOS (OR WINDOWS) OR CHANGING ATTRIBUTES EITHER IS NOT PERMITTED OR RESULTED IN A NEW FILE BEING CREATED IN 30 SECONDS.
ACCORDING TO SYMANTIC THIS BUGGER MESSES WITH THE REGISTRY AND DELETES ITSELF IF IT SEES REGEDIT RUNNING
ONCE REGEDIT IS CLOSED IT GOES BACK IN AND RECREATES THE REGISTRY ENTRIES AGAIN.

THERE IS MORE INFO ON SYMANTEC'S SITE UNDER W32.DALBUG.WORM.

YOU CAN TRULY GO MAD.
0
 
LVL 49

Accepted Solution

by:
sunray_2003 earned 400 total points
ID: 10762851
csrss.exe is not a trojan : http://www.liutilities.com/products/wintaskspro/processlibrary/csrss/

smss.exe : http://www.liutilities.com/products/wintaskspro/processlibrary/smss/  -- Not spyware

the removal method here http://vil.nai.com/vil/content/v_99590.htm might work for lmhsvc.exe

looks like lady.exe is a network worm.. Try going offline , and then scan for virus and check if you can delete lady.exe

Also try these tools

CWShredder: http://www.softpedia.com/public/cat/10/17/10-17-150.shtml

HijackThis : http://www.webattack.com/download/dlhijackthis.shtml 

Pest Patrol : http://www.pestpatrol.com/

Trojan Remover :http://www.simplysup.com/
0
 
LVL 12

Assisted Solution

by:trywaredk
trywaredk earned 100 total points
ID: 10775841
Take ownership of the files you can't delete.

HOW TO: Take Ownership of files in NTFS (windows xp)
http://support.microsoft.com/default.aspx?scid=kb;en-us;Q308421&sd=tech

HOW TO: Use the File Ownership Script Tool (Fileowners.pl) in Windows 2000
http://support.microsoft.com/default.aspx?scid=kb;en-us;320046

0

Featured Post

Enroll in May's Course of the Month

May’s Course of the Month is now available! Experts Exchange’s Premium Members and Team Accounts have access to a complimentary course each month as part of their membership—an extra way to increase training and boost professional development.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This is a guide to the following problem (not exclusive but here) on Windows: Users need our support and we supporters often use global administrative accounts to do this. Using these accounts safely is a real challenge. Any admin who takes se…
SHARE your personal details only on a NEED to basis. Take CHARGE and SECURE your IDENTITY. How do I then PROTECT myself and stay in charge of my own Personal details (and) - MY own WAY...
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.

751 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question