Solved

E-mail Worm

Posted on 2006-10-27
2
178 Views
Last Modified: 2013-12-04
Hello there,

One of secretaries in our company has accidentaly opened a *.zip with a *.exe inside. It was a worm. Unfortunately she deleted the mail completely because she thought it was a dud. Her anti virus tool was not able to stop the worm its seems. She is using Avast.

Now this worm is using her e-mail to send "Update-KB7359-x86.exe" to who ever is on her personal list. Her OS is Windows 2000.

How do I stop it and remove it... please help.
0
Comment
Question by:Vulconi
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 37

Accepted Solution

by:
bbao earned 500 total points
ID: 17817853
hi Vulconi,

you may try these steps:

1. download TCPView (tcpview.exe) and Process Explorer (procexp.exe) from www.sysinternals.com.
2. run TCPView to see which process is connecting to other hosts through SMTP port 25.
3. run Process Explorer to find out the related process, locate its folder, then kill the worm process.

(the worm distribution should be terminated now, please make sure this is done before going to step 4)

4. rename or delete the executable file of the worm process in the folder located above.
5. run msconfig.exe from Start | Run, check if this worm process appears in the lists of Services and Startup.
6. uncheck the related items if found.
7. run regedit.exe from Start | Run, search for the items containing the name of that process.
8. delete the related items if found. better backup the windows registry before making changes.
9. reboot.

hope it helps,
bbao
0
 

Author Comment

by:Vulconi
ID: 17817976
Well I think I have already sorted it out.

I did follow some of your steps although I deviated somewhat.

1. I rebooted the machine into safemode.
2. Deleted all files located in the temp and Tempory internet files
3. Installed Nod32
4. Scanned and found an infected file ... W32/Rbot
5. Downloaded a removal tool via other computer and transfered via flash disk.
6. Ran the removal tool on machine.
7. Restarted and ran a full scan

The problem I encountered was the Nod32 did not want to work...services was disabled. Avast was re-installed and I ran the full system check.

No problems yet...

Thank you for your help. I hope both our steps will prove useful for other.

Vulconi
0

Featured Post

Raise the IQ of Your IT Alerts

From IT major incidents to manufacturing line slowdowns, every business process generates insights that need to reach the people required to take action. You need a platform that integrates with your business tools to create fully enabled DevOps toolchains.

You need xMatters.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Recently, I read that Microsoft has analysed statistics for their security intelligence report. It revealed: still, the clear majority of windows users do their daily work as administrator. An administrative account is a burden, security-wise. My ar…
Container Orchestration platforms empower organizations to scale their apps at an exceptional rate. This is the reason numerous innovation-driven companies are moving apps to an appropriated datacenter wide platform that empowers them to scale at a …
In this video, viewers will be given step by step instructions on adjusting mouse, pointer and cursor visibility in Microsoft Windows 10. The video seeks to educate those who are struggling with the new Windows 10 Graphical User Interface. Change Cu…
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …

696 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question