asked on wmibus.exe (Kaspersky - virus Worm.Win32.AutoRun.fcn)
Kaspersky keeps finding the file 'wmibus.exe' in C:\Windows\System\ folder. The Anti-Virus removes the file but it keeps popping back.
Currently we are completing Windows and Office Updates in hopes that this worm stops replicating.
My question is - there is not much information on this worm virus...Has anybody come across this worm and successfully removed it or have any information on this worm?
Currently we are completing Windows and Office Updates in hopes that this worm stops replicating.
My question is - there is not much information on this worm virus...Has anybody come across this worm and successfully removed it or have any information on this worm?
Anti-Virus Apps
Last Comment
narf23
also for Autorun related infections, most of those piggyback on USB devices And / OR network shares
it should help alot if you could disable autorun using group policy or registry tweak mentioned in the belowarticle
http://www.maxi-pedia.com/Disable+autorun+autoplay+via+group+policy
http://antivirus.about.com/od/securitytips/ht/autorun.htm
for an immediate fix, if you find hidden autorun.inf files and you wish to recover from this, you can run a tool like Flash_Disinfector which should prevent reinfection & immunize your system against such attacks
http://experi3nc3.wordpress.com/2007/05/10/flash-disinfector-by-subs/
it should help alot if you could disable autorun using group policy or registry tweak mentioned in the belowarticle
http://www.maxi-pedia.com/Disable+autorun+autoplay+via+group+policy
http://antivirus.about.com/od/securitytips/ht/autorun.htm
for an immediate fix, if you find hidden autorun.inf files and you wish to recover from this, you can run a tool like Flash_Disinfector which should prevent reinfection & immunize your system against such attacks
http://experi3nc3.wordpress.com/2007/05/10/flash-disinfector-by-subs/
This summary might help you: http://www.threatexpert.com/report.aspx?md5=68e636d10111fc2bfc8acb3391f3f3f8
You may need to boot your pc from a bootable Windows PE cd and remove the service the virus would have installed. I am sure it's the service that's stopping the antivirus from completely removing the virus.
You can search for Windows PE images on the internet or you can build your own using this MS article: http://technet.microsoft.com/en-us/library/cc709665.aspx
You may need to boot your pc from a bootable Windows PE cd and remove the service the virus would have installed. I am sure it's the service that's stopping the antivirus from completely removing the virus.
You can search for Windows PE images on the internet or you can build your own using this MS article: http://technet.microsoft.com/en-us/library/cc709665.aspx
This site http://apcmag.com/windows_pe_20_a_tiny_version_of_windows_for_system_maintenance.htm contains information on how to build your own Windows PE cd referencing required files from MS downloads
ASKER CERTIFIED SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
ASKER
After reading the removal link - I finally decided to re-install Windows XP (due to all the playing around trying to remove Trojan the system started giving an intermittent Blue Screen every few minutes)
Thank you for all your inputs.
Thank you for all your inputs.
http://www.threatexpert.com/report.aspx?md5=68e636d10111fc2bfc8acb3391f3f3f8
also I am pretty sure KAV should be able to fix this if a scan is conducted in safe mode.