Solved

Trying to clean off W32.BEAGLE.M@mm worm...

Posted on 2004-10-07
5
298 Views
Last Modified: 2010-04-11
Trying to install Norton AntiVirus.  It won't install because it's finding the W32.BEAGLE.M@mm virus.  I've run Stinger, and Symantec's tool to remove the virus.  It won't remove it from the following files:

EXPLORER.EXE
WSCNTFY.EXE
WINUPD.EXE

I believe this is happening because the files are open by the OS.  No matter what I do I can't seem to remove the worm from these files.  

Any suggestions, short of reinstalling the OS.  I was thinking of doing an "inplace install" where Windows replaces all the OS files from the installation disk.  Again, any ideas?

Thanks!!

0
Comment
Question by:CraigSNYC
  • 3
5 Comments
 
LVL 49

Expert Comment

by:sunray_2003
ID: 12255432
Hi CraigSNYC,

Have you checked this ?
http://securityresponse.symantec.com/avcenter/venc/data/w32.beagle.mo@mm.removal.tool.html

Have you run stinger and other tool in safe mode ?

Have you disabled system restore if you have windows xp ?


SR..
0
 
LVL 49

Expert Comment

by:sunray_2003
ID: 12255441
http://www.neuber.com/taskmanager/process/wscntfy.exe.html --

Do you have windows xp Sp2 ? As per the above link , go to services and stop security center related service..

Can you not remove this file WINUPD.EXE
going to safe mode ?

open windows
go to start --> run --> msconfig
go to startup tab and disable all applications except firewall and anti-virus
reboot and check if you can remove the virus and delete the files
0
 
LVL 49

Expert Comment

by:sunray_2003
ID: 12255448
Also do these

Remove temporary internet files, folders and cookies
Also remove windows Temp files going to

1) Start --> run --> typein:  %systemroot%/temp
2) Start  --> run --> typein: %temp%

Scan virus using this online virus scanner : http://housecall.trendmicro.com/ 

SR
0
 
LVL 2

Accepted Solution

by:
kitisak earned 375 total points
ID: 12256008
0
 
LVL 15

Expert Comment

by:Naser Gabaj
ID: 12267410
reboot in safe mode after making sure that you have latest update of NAV, and them make full system scan, remove them and work safe.

regards,

0

Featured Post

Enterprise Mobility and BYOD For Dummies

Like “For Dummies” books, you can read this in whatever order you choose and learn about mobility and BYOD; and how to put a competitive mobile infrastructure in place. Developed for SMBs and large enterprises alike, you will find helpful use cases, planning, and implementation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Nothing in an HTTP request can be trusted, including HTTP headers and form data.  A form token is a tool that can be used to guard against request forgeries (CSRF).  This article shows an improved approach to form tokens, making it more difficult to…
An overview of HIPAA and guidance on this topic that Experts Exchange members can offer.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
A short film showing how OnPage and Connectwise integration works.

932 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now