Solved

WORM.WIN32.LADEX

Posted on 2004-04-04
12
461 Views
Last Modified: 2013-12-04
NEED TO GET RID OF WORM.WIN32.LADEX. NORTON CAN'T FIND AND DESTROY
0
Comment
Question by:xstash
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 3
  • 2
  • +1
12 Comments
 
LVL 49

Expert Comment

by:sunray_2003
ID: 10754542
Hi xstash,
> WORM.WIN32.LADEX

possibly you are having this worm which is also knows as ladex

check the removal instructions here

http://www.symantec.com/avcenter/venc/data/w32.dalbug.worm.html



Thanks
0
 
LVL 49

Expert Comment

by:sunray_2003
ID: 10754545
0
 
LVL 20

Expert Comment

by:What90
ID: 10754554
Hi xstash,


Have you followed Norton guide to removal:
http://www.symantec.com/avcenter/venc/data/w32.dalbug.worm.html


0
Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

 
LVL 20

Expert Comment

by:What90
ID: 10754561
sunray_2003,
 Ba hum bug, you beat me to it, same link too! ;-)
0
 
LVL 49

Expert Comment

by:sunray_2003
ID: 10754620
What90,
> Ba hum bug, you beat me to it, same link too!

Not a problem
0
 
LVL 12

Expert Comment

by:trywaredk
ID: 10755255
Protect your pc in the future with a firewall...

Getting a personal Firewall
http://www.zensecurity.co.uk/default.asp?URL=personal

Download the free version of Sygate personal firewall
http://smb.sygate.com/support/documents/spf/default.htm
http://smb.sygate.com/download/download.php?pid=spf

Download the free version of ZoneAlarm firewall
http://www.zonelabs.com/store/content/company/zap_za_grid.jsp?lid=ho_za

Comparative reviews of personal firewall software:
http://www.firewallguide.com/software.htm 

Firewall Product Selector - Choose yourself which one to compare
http://www.spirit.com/cgi-new/report.pl?dbase=fw&function=view
0
 
LVL 12

Expert Comment

by:trywaredk
ID: 10755257
Also protect your pc against spyware

Spybot:
http://security.kolla.de/index.php

Ad-aware Standard Edition is THE award winning, free*, multicomponent adware detection and removal utility:
http://www.lavasoft.de/software/adaware/

SpyFerret detects & removes spyware
http://www.onlinepcfix.com/spyware/spyware.htm

Bazooka Adware and Spyware Scanner v1.13.01
http://www.kephyr.com/spywarescanner/

Automatic check of your browser for parasites, adware and spyware
http://www.doxdesk.com/parasite/
0
 

Author Comment

by:xstash
ID: 10762070
All solutions recommended were tried before I came to experts exchange. I can't remove symantec sugested files.

I need something new.
0
 
LVL 49

Expert Comment

by:sunray_2003
ID: 10762084
According to your question , you have said that Norton cannot find.
Is it finding the files now ?

what happens after you try using the removal instructions given in the link ? After rebooting the machine are the files still present  or are the files being shown as virus by norton ..

May be that virus has disabled norton from removing them .. Could be the case. What you can do is try removing norton completely from the system, reinstall it and check if it would work

http://service1.symantec.com/SUPPORT/nav.nsf/docid/2001092114452606

What OS are you in ?

Can you not go directly to that file and delete it ?
0
 

Author Comment

by:xstash
ID: 10762457
ANSWER:
I HAVE RUN NORTON AND IT DOES NOT IDENTIFY LMHSVC.EXE, SMSS.EXE, LADY.EXE, CSRSS.EXE AS A TROJAN OR VIRUS.
I HAVE FOLLOWED SYMANTEC SECURITY RESPONSE AND RE-BOOTED IN SAFE MODE WITH SYSTEM RESTORE OFF.
SMSS AND CSRSS DO NOT PERMIT "ENDING PROCESS" IN TASK MANAGER. PROIROTY IS NORMAL AND HIGH RESPECTIVELY AND CAN NOT BE CHANGED.
RENAMING THRU DOS (OR WINDOWS) OR CHANGING ATTRIBUTES EITHER IS NOT PERMITTED OR RESULTED IN A NEW FILE BEING CREATED IN 30 SECONDS.
ACCORDING TO SYMANTIC THIS BUGGER MESSES WITH THE REGISTRY AND DELETES ITSELF IF IT SEES REGEDIT RUNNING
ONCE REGEDIT IS CLOSED IT GOES BACK IN AND RECREATES THE REGISTRY ENTRIES AGAIN.

THERE IS MORE INFO ON SYMANTEC'S SITE UNDER W32.DALBUG.WORM.

YOU CAN TRULY GO MAD.
0
 
LVL 49

Accepted Solution

by:
sunray_2003 earned 400 total points
ID: 10762851
csrss.exe is not a trojan : http://www.liutilities.com/products/wintaskspro/processlibrary/csrss/

smss.exe : http://www.liutilities.com/products/wintaskspro/processlibrary/smss/  -- Not spyware

the removal method here http://vil.nai.com/vil/content/v_99590.htm might work for lmhsvc.exe

looks like lady.exe is a network worm.. Try going offline , and then scan for virus and check if you can delete lady.exe

Also try these tools

CWShredder: http://www.softpedia.com/public/cat/10/17/10-17-150.shtml

HijackThis : http://www.webattack.com/download/dlhijackthis.shtml 

Pest Patrol : http://www.pestpatrol.com/

Trojan Remover :http://www.simplysup.com/
0
 
LVL 12

Assisted Solution

by:trywaredk
trywaredk earned 100 total points
ID: 10775841
Take ownership of the files you can't delete.

HOW TO: Take Ownership of files in NTFS (windows xp)
http://support.microsoft.com/default.aspx?scid=kb;en-us;Q308421&sd=tech

HOW TO: Use the File Ownership Script Tool (Fileowners.pl) in Windows 2000
http://support.microsoft.com/default.aspx?scid=kb;en-us;320046

0

Featured Post

Optimize your web performance

What's in the eBook?
- Full list of reasons for poor performance
- Ultimate measures to speed things up
- Primary web monitoring types
- KPIs you should be monitoring in order to increase your ROI

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Users of Windows 10 Professional can disable automatic reboots using the policy editor. This tool is not included in the Windows home edition. But don't worry! Follow the instructions below to install (a Win7) policy editor on your Windows 10 Home e…
OfficeMate Freezes on login or does not load after login credentials are input.
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…
This tutorial will teach you the special effect of super speed similar to the fictional character Wally West aka "The Flash" After Shake : http://www.videocopilot.net/presets/after_shake/ All lightning effects with instructions : http://www.mediaf…
Suggested Courses

623 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question