Although the Sircam32 virus didn't wreak the same level of havoc as the ILOVEYOU or Melissa outbreaks, those affected by this worm were faced with an often complicated and time-consuming repair process. TechRepublic member Oscar.packeer was one such unlucky individual.
Oscar recently asked for help repairing one of his Windows 95 workstations in our Technical Q&A. Although Oscar was able to remove the virus using McAfee and Microsoft tools, the system still experiences problems. Many Windows items such as Control Panel, Scandisk, and the like are no longer available or cause error messages when started. "Should I reinstall the OS (Win95)?" Oscar asks. "And what are the steps to do this safely without having to lose all the data on the drive?" To help Oscar and anyone else infected with the Sircam virus, here's information from our members on recovering from an infection.
The Sircam virus up close
To find out more about the W32.Sircam.Worm@mm or W32/SirCam@mm virus and how to fight it, check out these Symantec and McAfee sites.
Reinstall Windows over the existing installation
Both Maxwell_t_edison and Tech/Admin suggested Oscar first try installing Windows over the current installation. This process will often repair any damaged files without causing data loss. Tech/Admin goes one step further, advising Oscar to use the setup /p f command to maintain the system's current registry entries and installed programs. Tech/Admin points out that Oscar will need to reinstall any application files damaged by the virus. "You may not be aware of lost functionality until a program makes a call to a damaged .dll or other file," writes Tech/Admin.
Restore Rundll32.exe and Run32.exe
Members Stans and PhiltheGreat believe the virus may have infected Oscar's Rundell32.exe and Run32.exe files. They suggest Oscar extract the files from the Windows 95 CD and install them over the existing files before trying a reformat and reinstall.
Reformat the hard drive and start fresh
If all else fails, a complete hard drive reformat and OS reinstall is the only option. Maxwell_t_edison and Zlito recommend making backup copies of the user's files for restoration after Windows has been reinstalled. Maxwell suggests temporarily installing a second hard drive on which to save critical data before the OS reinstall. "You may have to remove the slave drive while reinstalling Windows," Maxwell writes. "Reinstall Windows and, before anything else, install the virus scanner and update it," Zlito writes. "Then copy the [user's files] back and run the scanner at least twice." Maxwell also advises Oscar to use caution to avoid copying any infected files back onto the reformatted drive.
Ask your TechRepublic peers for advice and assistance
If you have a question that you can't find an answer to, post it in TechRepublic’s Technical Q&A section. Other TechRepublic members will try to answer your question in return for TechPoints.
Bill Detwiler has nothing to disclose. He doesn't hold investments in the technology companies he covers.
Bill Detwiler is Managing Editor of TechRepublic and Tech Pro Research and the host of Cracking Open, CNET and TechRepublic's popular online show. Prior to joining TechRepublic in 2000, Bill was an IT manager, database administrator, and desktop support specialist in the social research and energy industries. He has bachelor's and master's degrees from the University of Louisville, where he has also lectured on computer crime and crime prevention.