help help W32.Korgo.AB

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by etqw, Oct 27, 2004.

  1. etqw

    etqw Private E-2

    my com is affected by a virus named W32.Korgo.AB,i follow the instructions till the step3 from the symantec secruity on how to removal,when in safe mode after scanning finish the virus it still cannot be deleted


    then i don the basics of removing spyware ects , but to no avail ...


    i cant even access the internet so i had to use my friends one to post it here


    any ideas?
     
  2. Kodo

    Kodo SNATCHSQUATCH

  3. etqw

    etqw Private E-2

    the problem is still there after applying the update and going thru the tutorial ... any more ideas?
     
  4. Kodo

    Kodo SNATCHSQUATCH

  5. etqw

    etqw Private E-2

    as attached
     

    Attached Files:

  6. Kodo

    Kodo SNATCHSQUATCH

    you're machine is loaded with crap. worms etc..
    here's what you need to start with. We're gonna have to widdle this down at first.

    Open up your services (start, run type SERVICES.MSC) and disable the Remote Procedure Call(RPC) service.

    now try to run the steps in safe mode with networking (if you have broadband not dial up). if you have dial up then run the steps in safe mode with out networking and the online scans in normal mode. You may want to try the alternate scans as well that are listed at the bottom of the tutorial.

    Once we get the machine clean, you MUST upgrade to the MINIMUM of SP1 with all post sp1 hotfixes.

    when you're done with the steps , post a new log.
     
  7. etqw

    etqw Private E-2

    how do you boot to safe mode with networking ... in the RUN ... which command ?
     
  8. Kodo

    Kodo SNATCHSQUATCH

    no,
    reboot the machine, right after the BIOS post but BEFORE the windowsXP splash screen, hit F8 on your keyboard (until the menu shows up) and choose the appropriate menu item.
     
  9. etqw

    etqw Private E-2

    sorry for the long time taken , as attached , thnx
     

    Attached Files:

  10. Kodo

    Kodo SNATCHSQUATCH

    put HiJackThis in C:\program files\Hijackthis
    then run it and post another log.
     
  11. etqw

    etqw Private E-2

    i couldn't use safe mode wif networking as i am using dialup.Therefore i used online scan in normal mode.In the trend micro online scan they couldnt delete the virus as it is under access.When in safe mode using stinger C:\\WINDOWS\SYSTEM32\hpcsm32.dll could not be repair.
     
  12. Kodo

    Kodo SNATCHSQUATCH

    Download this and run it in safe mode.. make sure your RPC service is disabled like I asked. If you don't do this, you will not be able to fix this easiliy.


    disable all other ativirus software before using.
    http://www.majorgeeks.com/download1968.html
    Avast! Home Edition 4.1.418
     

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds