Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium


Best way to remove  Worm:Win32/Phorpiex.B

Posted on 2011-10-20
Medium Priority
Last Modified: 2012-06-27
We are using Microsoft Forefront in our organisation, but one site is badly infected with Worm:Win32/Phorpiex.B and Forefront is not helping much.   This is what a colleague sent me:

1.      Last night, I left my machine scanning with FEP in Safe Mode – Unfortunately I couldn’t see the results as the machine was rebooted over night
2.      Upon rebooting the machine in the Standard mode, FEP identifies a virus known as ‘Worm:Win32/Phorpiex.B ’, which I removed instead to disinfect or quarantine
3.      I then scanned USB with FEP but it neither identified or removed the virus from it
4.      I then used the tool ‘Virus Shortcut Remover’ to remove malicious application from the USB. Contrary to the previous behavior of this variant of virus, it has stopped repeating/coming back to USB. This result indicates that my computer is cleaned form virus or at least we can say that it is not affecting the USB disk drives any more.

A machine infected with ‘Worm:Win32/Phorpiex.B ’ gets slow but as such this virus doesn’t affect the data (files and folders). However it infects the USBs by changing the file type to Shortcut (.lnk) as well as hide files and folders inside it.  

FEP doesn’t identify or remove the virus from USBs. This worm can be removed and the files and folder are restored by using the tool ‘Virus Shortcut Remover’.  
FEP doesn’t identify or catch the virus on Full Scan in ladmin mode.  It also doesn’t catch the virus in Safe Mode either.  
However it is recommended to run a Full scan in Safe Mode. On next reboot in a standard mode, it is very likely that FEP would catch ‘Worm:Win32/Phorpiex.B’.  It is recommend to remove the worm instead of disinfect or quarantine.  

The main problem is that Forefront is not removing the virus from the USB drives.

The other problem is that I'm not sure if I trust the  ‘Virus Shortcut Remover’  tool completely since there are few references to it in forums that I trust.

The microsoft website refers to this virus and it has been the Forefront defnitions for months - but it's still not cleaning it off USB drives.

What is the best thing to do next, please?
Question by:concern_support
  • 3
  • 2

Author Comment

ID: 37001569
Anyone?  I'll be back online tomorrow morning, hopefully we'll have found something else out by then.
LVL 38

Accepted Solution

younghv earned 500 total points
ID: 37001652
I had to Google for ‘Virus Shortcut Remover’ - having never heard of it.
I don't see it on any sites that I would trust, but maybe didn't look hard enough.

Please use the basic programs described in my EE Articles here:

The tools recommended have been used many millions of times by IT techs all over the world.

Note - in almost all situations, you need to boot your system to "Normal Mode" for the actual scans.
LVL 30

Assisted Solution

by:Thomas Zucker-Scharff
Thomas Zucker-Scharff earned 500 total points
ID: 37001670
I highly recommend innoculating all USB drives using USB-Set.  To remove virii from USB drives try Flash Disinfector by sUBS.

USB-Set: http://www.spywareinfoforum.com/index.php?/topic/128367-usb-set-14/
Flash Disinfector: http://download.bleepingcomputer.com//sUBs/Flash_Disinfector.exe
Put Machine Learning to Work--Protect Your Clients

Machine learning means Smarter Cybersecurity™ Solutions.
As technology continues to advance, managing and analyzing massive data sets just can’t be accomplished by humans alone. It requires huge amounts of memory and storage, as well as the high-speed power of the cloud.

LVL 30

Expert Comment

by:Thomas Zucker-Scharff
ID: 37153272
@younghv I would love to be of some help, but the OP has not posted any information on the results of suggestions here.  If there is no follow up on the OP's part, I'm not sure what the policy at ee is.  I hartily believe in my solution, but I do not know if it worked for him/her.  On the other hand I personally have found the articles you wrote extremely helpful and think the the OP would as well.
LVL 38

Expert Comment

ID: 37210216
TZ -
Sorry for not responding earlier. I've set the "CV Tool" we use to NOT notify me of responses. Too often they are not nearly so cordial as yours and I figure it's best to let the Mods handle objections.

This is one of those questions in the Clean Up Queue that could go either way. Unless we're fairly confident that the suggestions posted will be useful to future readers, they tend to get deleted.

Plus - as one of the "Expert" participants in the question, I tend to not award myself points.

I'm going to recommend a point split on this one and let the Asker object - if he is still monitoring.
LVL 38

Expert Comment

ID: 37233450
This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.

Featured Post

Become an Android App Developer

Ready to kick start your career in 2018? Learn how to build an Android app in January’s Course of the Month and open the door to new opportunities.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

An introduction to the wonderful sport of Scam Baiting.  Learn how to help fight scammers by beating them at their own game. This great pass time helps the world, while providing an endless source of entertainment. Enjoy!
Curious about the latest ransomware attack? Check out our timeline of events surrounding the spread of this new virus along with tips on how to mitigate the damage.
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

578 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question