Solved

Trying to clean off W32.BEAGLE.M@mm worm...

Posted on 2004-10-07
5
304 Views
Last Modified: 2010-04-11
Trying to install Norton AntiVirus.  It won't install because it's finding the W32.BEAGLE.M@mm virus.  I've run Stinger, and Symantec's tool to remove the virus.  It won't remove it from the following files:

EXPLORER.EXE
WSCNTFY.EXE
WINUPD.EXE

I believe this is happening because the files are open by the OS.  No matter what I do I can't seem to remove the worm from these files.  

Any suggestions, short of reinstalling the OS.  I was thinking of doing an "inplace install" where Windows replaces all the OS files from the installation disk.  Again, any ideas?

Thanks!!

0
Comment
Question by:CraigSNYC
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
5 Comments
 
LVL 49

Expert Comment

by:sunray_2003
ID: 12255432
Hi CraigSNYC,

Have you checked this ?
http://securityresponse.symantec.com/avcenter/venc/data/w32.beagle.mo@mm.removal.tool.html

Have you run stinger and other tool in safe mode ?

Have you disabled system restore if you have windows xp ?


SR..
0
 
LVL 49

Expert Comment

by:sunray_2003
ID: 12255441
http://www.neuber.com/taskmanager/process/wscntfy.exe.html --

Do you have windows xp Sp2 ? As per the above link , go to services and stop security center related service..

Can you not remove this file WINUPD.EXE
going to safe mode ?

open windows
go to start --> run --> msconfig
go to startup tab and disable all applications except firewall and anti-virus
reboot and check if you can remove the virus and delete the files
0
 
LVL 49

Expert Comment

by:sunray_2003
ID: 12255448
Also do these

Remove temporary internet files, folders and cookies
Also remove windows Temp files going to

1) Start --> run --> typein:  %systemroot%/temp
2) Start  --> run --> typein: %temp%

Scan virus using this online virus scanner : http://housecall.trendmicro.com/ 

SR
0
 
LVL 2

Accepted Solution

by:
kitisak earned 375 total points
ID: 12256008
0
 
LVL 15

Expert Comment

by:Naser Gabaj
ID: 12267410
reboot in safe mode after making sure that you have latest update of NAV, and them make full system scan, remove them and work safe.

regards,

0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Evaluating Enterprise Antivirus solutions 2 73
Certificate error - subdomain? 2 35
Ransomware case 23 96
Problem to setting 16 40
Many old projects have bad code, but the budget doesn't exist to rewrite the codebase. You can update this code to be safer by introducing contemporary input validation, sanitation, and safer database queries.
Ransomware continues to grow in reach and sophistication, putting data everywhere at risk. Learn how to avoid being caught in its sinister clutches with these 11 key tips.
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

739 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question