17 replies to this topic

[dec]

i got this Virus called I-Worm/mabuta i ran virus scan it cant get rid of it, im on win 98 if it helps. please tell me if there is anything that could get rid of it Except from formatting my C drive *looks at Cule*

[alone]

Kick it real hard. If the worm's still there, pour water over to bring it to the surface, then simply pick it up.


Keep trying various different virus scanners (I mean AVg/Norton/McAfee (sp?), and any other free ones you can find), otherwise. Wait for someone smarter than me.

[dec]

anyone wanna link me to scanner downloads

[Charon]

AVG free version
McAfee Trial
Norton Antivirus 2005 Free TrialWare
Panda ActiveScan
Stop Sign
Trend Micro

Please note- I take NO responsibility if any of these make your system worse.

[dec]

ok i'll blame alone

[Akira]

Hmm, according to what I have read, this worm blocks access attempts by anti-virus software, meaning that only specially designed tools will be able to remove it, by re-writing BAT files and the such.

Anyway, I'm sure a bit of quick searching will give you results, however I won't give you any recommendations, just try them if you want to risk it =).

You may want to think about updating from 98 as well, seeing as it will be pretty much decommisioned as of next year or so.

Edited by Akira, 01 October 2004 - 10:55 PM.

[alone]

I believe Norton do specific solutions for some virus', but you may need their paid-for software...?!

[dec]

i got some intructions to do something along the lines of what akira said but it didnt work

[Cule]

Format the bastage i say

[2Pac]

I'm with Cule on this one, reformat it is only choice you got, if that makes it worse blame it on cule and sue him for alot of money.

[Lady_Maha]

Why take drastic measures? Follow instructions on here: http://securityrespo...w32.mota.a.html

Important part is to delete the value "winupd" = "RUNDLL32.EXE %Windir%\<random value>.dll,_mainRD" from the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run after running a virus scan and removing the actual worm.

To fix the registry:

Click Start > Run.
Type regedit

Then click OK.


Navigate to the key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run


In the right pane, delete the value:

"winupd" = "RUNDLL32.EXE %Windir%\<random value>.dll,_mainRD"


Exit the Registry Editor.

[jurian]

if what maha said dun work then just google something like "remove 9insert worm name here)"

[dec]

well idid what maha said before posting on here but ill try that again just incase.

EDIT: nope i cant find the file in there so i must have delted it :S

Edited by dec, 02 October 2004 - 11:33 AM.

[sayadin]

hmm... you can formatt or you can get a magnet and put it next to the tower... that should bring everything back into its place, if that doesn't work then give it a lil voltage to the cpu... if all else fails draw a big circle over the tower and slam your head in the circle continously until it works.

[Thrice]

hmm... you can formatt or you can get a magnet and put it next to the tower... that should bring everything back into its place, if that doesn't work then give it a lil voltage to the cpu... if all else fails draw a big circle over the tower and slam your head in the circle continously until it works.

That made me laugh! lol

[jurian]

you have no sense of humor

[sayadin]

true, but i probaly did make you smile

[jurian]

nah takes alot more to make me smile