Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works


  • This topic is locked This topic is locked



    New Member

  • Member
  • Pip
  • 7 posts
Can someone please assist me. I have a virus in which i cannot update my antivirus (i have norton and mcafee) i also cannot access any antivirus website (nort, mcafee, avg, panda etc)
I have found the following information that apparently gets rid of it, but i am confused as to how to do it (or if it is right)

any help is appreciated, THANKS!

# The worm starts itself up when Windows starts. Alas, you cannot use Task Manager to see and terminate this process. The invader immediately kills any window starting up that has "Task" in its title. You cannot visit the site of a vendor of antivirus software, because they have all been made inaccessible. You cannot delete its entries from the Registry because it kills the Regedit or Regedt32 applications from the moment they start. You cannot start a DOS Prompt, because ... you get the picture.
# So what you do is the following: create command prompt with a different name. Go to the C:\WINNT\system32 (Win2K) or C:\Windows\System32 (WinXP) folder and copy the cmd.exe file to e.g. whatever.exe. Now doubleclick the last file, and you should get a command prompt (DOS box). The worm will not detect this.
# The worm works through 3 hidden .exe files: %System%\formatsys.exe - %System%\serbw.exe - %Windir%\msmbw.exe. We will deactivate them by making them accessible (non-hidden) and renaming them:
attrib -h serbw.exe
ren serbw.exe die_sucker.dead (and the same for the other 2)
I first tried to delete the files, but that did not work. Renaming did work, though.
# Restart your computer. The worm will try to start up by one of the three .exe files, since they are now gone, it will not run. Now start up regedit and delete the hooks the worm had placed in the Registry (see Symantec page for details).
# Go to the hosts file (most likely in %SYSTEM%\drivers\etc\hosts) and delete the lines that made the antivirus vendors unavailable. (See Symantec page for details)
Edit/Delete Message
  • 0




    Visiting Staff

  • Member
  • PipPipPipPip
  • 1,690 posts

please continue here:

  • 0

Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP