Hi,
I need some help. My computer is infected with this worm:
Win32:Warezov-AHW [WRM]
I found this while doing a through system scan. My Anti-Virus (Avast) found 2 copies of the worm, 1 was removed to chest, when I tried to remove the other one it came up with "access denied". My second is logged in this file:
C:\WINDOWS\system32\mebqouio.exe
Any help needs to be in 'English' I'm not all the computer 'savvy'
Thanks.
Worm Infection
Malice Black
Tachyon
Have you ran Spybot S&D? If not, then go and grab it from here :-
http://www.spybot.info/
Install it, run an update from within the program then let it scan your system.
http://www.spybot.info/
Install it, run an update from within the program then let it scan your system.
Malice Black
Had that installed since last time my computer got hit with a serious infection.
It never comes up with anything major, just the normal ad-ware/tracking cookie rubbish.
It never comes up with anything major, just the normal ad-ware/tracking cookie rubbish.
Hockster
Boot into safe mode, mash F8 a few times before the Windows splash screen appears. Run the scanner that way, or manually try to delete the file. Make sure to permanently delete it before booting back into regualr Windows.
Malice Black
Is it safe to delete a system32 file though? I thought about just deleting the file but that crossed my mine as I was about to hit delete.
Gimme Money Plzkthx
Do some more research (I tried google but didn't find anything) on alternate names for that virus or something. Then research those alternate names or post them here, and you can find out if it has infected a system file or if it just dropped into system32. Either way it is probably safe to delete/your only option.
Hockster
Google has exactly one hit for that file. It doesn't say what it is either. I don't have the file on either of two machines at home.
Could always check with an online scanner, Trend is a very good one.
http://housecall.trendmicro.com/
Could always check with an online scanner, Trend is a very good one.
http://housecall.trendmicro.com/
Malice Black
Closest things I can match it to is
Vundo
Win32:Warez
Vundo
Win32:Warez
Kuldebar Valiturus
There's many variants unfortunately:
http://www.viruslist.com/en/alerts?alertid=203996079
How it functions:
http://www.avast.com/eng/win32-warezov-family.html
The hard part is to keep it from insinuating itself back on your PC. Also, it may have already been:
It could be a royal mess if that's the case. But, it sounds like you have it isolated via your anti-virus software.
http://www.viruslist.com/en/alerts?alertid=203996079
Quote:
|
Email-Worm.Win32.Warezov: Kaspersky Lab has detected mass mailings of new variants of Email-Worm.Win32.Warezov, which started on 15th January, 2007. A new version is being sent out in each mass mailing. The variants are all highly similar, and spread as an attachment to infected emails. Once launched, they may terminate antivirus and firewall programs and download other malware. Antivirus updates have been released for all the latest variants. Users are strongly recommended to ensure that they keep their antivirus software up to date. |
How it functions:
http://www.avast.com/eng/win32-warezov-family.html
Quote:
|
Win32:Warezov family: When Win32:Warezov is launched, it creates several executables in %WINDOWS% and %SYSTEM% directory (count and names of the files depend on the exact version of Win32:Warezov). These files are also detected as Win32Warezov. Then, it opens Notepad and displays random characters in the text file. Win32:Warezov sets itself to run every time Windows starts by creating a registry entry in HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run Win32:Warezov is a fast growing family. |
Quote:
| downloading other dangerous or unwanted applications as Trojans or Adware. Many variants may disable security related products and/or disable their updating and browsing their websites by adding lines to hosts file (e.g. ‘127.0.0.1 download.microsoft.com’). |
Tachyon
Sorry, I forgot to post this in my first reply. Download and run this :-
http://www.softpedia.com/get/Antivirus/VundoFix.shtml
It needs no installation, so just download and run it. It'll get rid of your problem if it's Vundo related.
http://www.softpedia.com/get/Antivirus/VundoFix.shtml
It needs no installation, so just download and run it. It'll get rid of your problem if it's Vundo related.
Mineria
C:\WINDOWS\system32\mebqouio.exe is not a windows file, so just kill it!
tomcruisejr
If you got infected by a worm that spreads by attaching itself to emails, you fail unless it was your lil sibling who did it.
Practice safe computing.
Practice safe computing.
redant751
I Run AVG anti-spyware and I have not had any problems since using it.
Try the free demo (and clean out that worm while you’re at it).
http://www4.grisoft.com/doc/download.../crp/0?prd=amw
Try the free demo (and clean out that worm while you’re at it).
http://www4.grisoft.com/doc/download.../crp/0?prd=amw
Darko_UK
If you trying to delete it and it won't then FORCE delete it, Don't know how? LEARN