General discussion

  • Creator
    Topic
  • #2289456

    Virus on my PC that cannot get off

    Locked

    by ffontan1 ·

    Ihave virus on my PC that cannot get off. they keep coming back.

    I have” WINDOWS XP HOME W/ SP1″ .

    1) TURNED OFF SYSTEM RESTORE.

    2) RAN SCAN WITH NORTON AV 2002 WITH UPDATE VIRUS DEFINITIONS.
    SET TO SCAN ALL FILES AND INTERNET AND MAIL.
    I HAVE NOT ONLY OR DOWNLOADED ANY MAIL.

    3) I DELETED TEMPORARY FILES.

    4) RAN SYMANTEC REPAIR TOOLS.

    5) RUN SCAN IN FULL MODE AND SAFE MODE TOO.

    6) NORTON CAN’T REPAIR OR QUARANTINE USING NORTON.

    7) IN THE PAST I WAS ABLE TO REMOVE ONLY TO HAVE THEM
    COME BACK WHEN I GO ON THE INTERNET.

    8) SETTINGS ARE SET CORRECTLY IN NORTON TO REPAIR , DELETE OR QUARANTINE.

    9) I HAVE MSN AS INTERNET PROVIDER.

    10) SOFTWARE: POP-UP STOPPER AND SPY SWEEPER ON.

    11) THEY ARE (3) VIRUSON MY PC :
    W32.KORGO.V — X[1].EXE , W32.KORGO.P — X[2].EXE AND
    W32.SPYBOT.WORM — SYSTEM32

    I NEED SERIOUS HELP ??? 817-215-4515 8AM TO 6PM TEXAS.
    EMAIL: FFONTAN1@TXUED.COM

    I AM WORKING AT A DIFFERENT LOCATION AND PC TODAY.

    FRANK

All Comments

  • Author
    Replies
    • #2717227

      Reply To: Virus on my PC that cannot get off

      by darts32 ·

      In reply to Virus on my PC that cannot get off

      One thing you might of missed. Since you have SP1. Either apply windows updates prior to SP2 or install SP2.

      On the Symantec site its listed the following patches to be applied to avoid reinfection:

      W32.Spybot.Worm can perform different backdoor-type functions by connecting to a configurable IRC server and joining a specific channel to listen for instructions.

      Newer variants may also spread by exploiting the following vulnerabilities:

      The DCOM RPC Vulnerability (described in Microsoft Security Bulletin MS03-026) using TCP port 135.
      The Microsoft Windows Local Security Authority Service Remote Buffer Overflow (described in Microsoft Security Bulletin MS04-011).
      The vulnerabilities in the Microsoft SQL Server 2000 or MSDE 2000 audit (described in Microsoft Security Bulletin MS02-061) using UDP port 1434.
      The WebDav Vulnerability (described in Microsoft Security Bulletin MS03-007) using TCP port 80.
      The UPnP NOTIFY Buffer Overflow Vulnerability (described in Microsoft Security Bulletin MS01-059).
      The Workstation Service Buffer Overrun Vulnerability (described in Microsoft Security Bulletin MS03-049) using TCP port 445. Windows XP users are protected against this vulnerability if the patch in Microsoft Security Bulletin MS03-043 has been applied. Windows 2000 users must apply the patch in Microsoft Security Bulletin MS03-049.

      W32.Korgo.V is a variant of W32.Korgo.N. This worm attempts to propagate by exploiting the Microsoft Windows LSASS Buffer Overrun Vulnerability (described in Microsoft Security Bulletin MS04-011) on TCP port 445. It also listens on random TCP ports between 256 and 8191.

      Attempts to exploit the LSASS Windows vulnerability on TCP port 445 (described in Microsoft Security Bulletin MS04-011), against random IP addresses. If the worm successfully finds a vulnerable computer, the computer will attempt to reconnect to the infected computer to download the worm.

    • #2717645

      Reply To: Virus on my PC that cannot get off

      by miss kitty ·

      In reply to Virus on my PC that cannot get off

      My son had the same problem with his PC. He also was running Norton. I completely reformated his PC and then had him install a freeware anti-virus program by Avast. When he installed it and did a scan, he found 12 viruses in his boot area. The same ones you are gettting. The software did clean his PC where Norton would not. The software site is Avast.com. They also have a cleaner program which I downloaded and reran after he was finished. I think his PC had had these viruses in his boot for at least 6 months. Try it. It might work.
      Cathy

    • #2717493

      Reply To: Virus on my PC that cannot get off

      by madestroitsolutions ·

      In reply to Virus on my PC that cannot get off

      To remove Korgo [and variants], go to the following page, download the tool and follow the instructions:
      http://securityresponse.symantec.com/avcenter/venc/data/w32.korgo.removal.tool.html

      To remove Spybot, go to the following page, scroll down to “Removal Instructions” and follow them:
      http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.worm.html

      Good luck and don’t forget to rate my answer!

    • #2715885

      Reply To: Virus on my PC that cannot get off

      by rrv ·

      In reply to Virus on my PC that cannot get off

      Hi,
      Believe me or not it seems like a conspiracy theory. In my 8 yrs of exp i feel it should be antivirus companies like norton or mcafee who create or support to create viruses to keep their stocks and interests up. Please bear with MS and keep your PCs uptodate. It is high time from us as customers to force Microsoft to come up with MSAV – Microsoft Anti Virus AGAIN!!!.
      lets all insist microsoft to do that.
      RV

    • #2708518

      Reply To: Virus on my PC that cannot get off

      by ffontan1 ·

      In reply to Virus on my PC that cannot get off

      This question was closed by the author

Viewing 4 reply threads