This topic is locked
I have found the following information that apparently gets rid of it, but i am confused as to how to do it (or if it is right)
any help is appreciated, THANKS!
# The worm starts itself up when Windows starts. Alas, you cannot use Task Manager to see and terminate this process. The invader immediately kills any window starting up that has "Task" in its title. You cannot visit the site of a vendor of antivirus software, because they have all been made inaccessible. You cannot delete its entries from the Registry because it kills the Regedit or Regedt32 applications from the moment they start. You cannot start a DOS Prompt, because ... you get the picture.
# So what you do is the following: create command prompt with a different name. Go to the C:\WINNT\system32 (Win2K) or C:\Windows\System32 (WinXP) folder and copy the cmd.exe file to e.g. whatever.exe. Now doubleclick the last file, and you should get a command prompt (DOS box). The worm will not detect this.
# The worm works through 3 hidden .exe files: %System%\formatsys.exe - %System%\serbw.exe - %Windir%\msmbw.exe. We will deactivate them by making them accessible (non-hidden) and renaming them:
attrib -h serbw.exe
ren serbw.exe die_sucker.dead (and the same for the other 2)
I first tried to delete the files, but that did not work. Renaming did work, though.
# Restart your computer. The worm will try to start up by one of the three .exe files, since they are now gone, it will not run. Now start up regedit and delete the hooks the worm had placed in the Registry (see Symantec page for details).
# Go to the hosts file (most likely in %SYSTEM%\drivers\etc\hosts) and delete the lines that made the antivirus vendors unavailable. (See Symantec page for details)
Edit/Delete Message
Sign In
Create Account
