prasant_g
asked on
how to remove the virus or worm called soundblaster.exe which breaking my head for the last few days???
Hi all,
am a new member to this group.
well, My system is affected with a virus called Soundblaster.exe this virus is sitting in C:Windows/System32.
I scanned using Norton Antivirus , McAfee and also spyware (webroot spysweeper). there is no use to remove the virus from the system.
Then I tried to remove as described in the website
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.NP
As described in the site i removed the soundblaster.exe file in the TaskManager... no use still itz active
and then as described below from the link
Removing Autostart Entries from the Registry
Removing autostart entries from the registry prevents the malware from executing at startup.
Open Registry Editor. Click Start>Run, type REGEDIT, then press Enter.
In the left panel, double-click the following:
HKEY_LOCAL_MACHINE>Softwar
Windows>CurrentVersion>Run
In the right panel, locate and delete the entry:
Micr Update = "soundblaster.exe"
>>>>in my PC There was no Micr Update = "soundblaster.exe" entry in the rigistry
In the left panel, double-click the following:
HKEY_LOCAL_MACHINE>Softwar
Windows>CurrentVersion>Run
In the right panel, locate and delete the entry:
Micr Update = "soundblaster.exe"
>>>>there is no folder called Runservices
In the left panel, double-click the following:
HKEY_CURRENT_USER>Software
Windows>CurrentVersion>Run
In the right panel, locate and delete the entry:
Micr Update = "soundblaster.exe"
Removing Other Malware Entries from the Registry
>>>>again in my PC There was no Micr Update = "soundblaster.exe" entry in the rigistry
Still in the Registry Editor in the left panel, double-click the following:
HKEY_LOCAL_MACHINE>Softwar
Still in the left panel, change the entry:
EnableDCOM = "N"
to
EnableDCOM = "Y"
>>>>>>>> Itz already enabled to 'Y'
Still in the Registry Editor in the left panel, double-click the following:
HKEY_LOCAL_MACHINE>SYSTEM>
Control>Lsa
Still in the left panel, change the entry:
restrictanonymous = "dword:00000001"
to
restrictanonymous = "dword:00000000"
Close Registry Editor.
>>>>>>>> Itz already restrictanonymous = "dword:00000000"
finally i tried to remove using the free version of Trend Micro antivirus software from the same site and still coundnt sort out.
am a new member to this group.
well, My system is affected with a virus called Soundblaster.exe this virus is sitting in C:Windows/System32.
I scanned using Norton Antivirus , McAfee and also spyware (webroot spysweeper). there is no use to remove the virus from the system.
Then I tried to remove as described in the website
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.NP
As described in the site i removed the soundblaster.exe file in the TaskManager... no use still itz active
and then as described below from the link
Removing Autostart Entries from the Registry
Removing autostart entries from the registry prevents the malware from executing at startup.
Open Registry Editor. Click Start>Run, type REGEDIT, then press Enter.
In the left panel, double-click the following:
HKEY_LOCAL_MACHINE>Softwar
Windows>CurrentVersion>Run
In the right panel, locate and delete the entry:
Micr Update = "soundblaster.exe"
>>>>in my PC There was no Micr Update = "soundblaster.exe" entry in the rigistry
In the left panel, double-click the following:
HKEY_LOCAL_MACHINE>Softwar
Windows>CurrentVersion>Run
In the right panel, locate and delete the entry:
Micr Update = "soundblaster.exe"
>>>>there is no folder called Runservices
In the left panel, double-click the following:
HKEY_CURRENT_USER>Software
Windows>CurrentVersion>Run
In the right panel, locate and delete the entry:
Micr Update = "soundblaster.exe"
Removing Other Malware Entries from the Registry
>>>>again in my PC There was no Micr Update = "soundblaster.exe" entry in the rigistry
Still in the Registry Editor in the left panel, double-click the following:
HKEY_LOCAL_MACHINE>Softwar
Still in the left panel, change the entry:
EnableDCOM = "N"
to
EnableDCOM = "Y"
>>>>>>>> Itz already enabled to 'Y'
Still in the Registry Editor in the left panel, double-click the following:
HKEY_LOCAL_MACHINE>SYSTEM>
Control>Lsa
Still in the left panel, change the entry:
restrictanonymous = "dword:00000001"
to
restrictanonymous = "dword:00000000"
Close Registry Editor.
>>>>>>>> Itz already restrictanonymous = "dword:00000000"
finally i tried to remove using the free version of Trend Micro antivirus software from the same site and still coundnt sort out.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
yea, this virus is deadly.
can some one activate and use my pc when it is in logout??
can some one activate and use my pc when it is in logout??
Disconnect from network
Did you update your AV before scanning?
ASKER
yup, obviously i updated my Antivirus b4 scanning...
Maybe you have to disable system restore, connection and sharing first. Then you login to Safe Mode and scan virus again.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Go to this link
http://securityresponse1.symantec.com/sarc/sarc.nsf/html/w32.blaster.worm.removal.tool.html
If it didn't work go to Start, then Run. And type this command shutdown -a
It will block the Virus but only temporay!!!.....but then you have a time how to delete that
****TY VIRUS!!!!
I wish you god LUCK!!!
http://securityresponse1.symantec.com/sarc/sarc.nsf/html/w32.blaster.worm.removal.tool.html
If it didn't work go to Start, then Run. And type this command shutdown -a
It will block the Virus but only temporay!!!.....but then you have a time how to delete that
****TY VIRUS!!!!
I wish you god LUCK!!!
ASKER
well, finally i guess we can delete with sophos antivirus with the latest *.ide files. while deleting disconnect from the network and run the antivirus several times. hope it has removed the **** virus.
My guess is that the information provided above, and including the 'system restore' issue helped resolved this, based on the last response and the tool prasant_g used. I'd recommend a split between all but myself, unless Asker responds.
Thanks, LucF.
Asta
Thanks, LucF.
Asta
It all sounds fair to me
acmp<><
acmp<><
I agree, LucF, thanks for your work here. ":0) Asta
When something like this happens, I just format the workstation, reinstall all apps and a good current copy of mcafee 8.0 with current dat.
Works everytime.
Works everytime.
ASKER
I tried to kill all the virus in SAFE mode, n still the problem exists?. now my pc is very slow with lot of virus i guess...