General discussion

Locked

Virus on my PC that cannot get off

By ffontan1 ·
Ihave virus on my PC that cannot get off. they keep coming back.

I have" WINDOWS XP HOME W/ SP1" .

1) TURNED OFF SYSTEM RESTORE.

2) RAN SCAN WITH NORTON AV 2002 WITH UPDATE VIRUS DEFINITIONS.
SET TO SCAN ALL FILES AND INTERNET AND MAIL.
I HAVE NOT ONLY OR DOWNLOADED ANY MAIL.

3) I DELETED TEMPORARY FILES.

4) RAN SYMANTEC REPAIR TOOLS.

5) RUN SCAN IN FULL MODE AND SAFE MODE TOO.

6) NORTON CAN'T REPAIR OR QUARANTINE USING NORTON.

7) IN THE PAST I WAS ABLE TO REMOVE ONLY TO HAVE THEM
COME BACK WHEN I GO ON THE INTERNET.

SETTINGS ARE SET CORRECTLY IN NORTON TO REPAIR , DELETE OR QUARANTINE.

9) I HAVE MSN AS INTERNET PROVIDER.

10) SOFTWARE: POP-UP STOPPER AND SPY SWEEPER ON.

11) THEY ARE (3) VIRUSON MY PC :
W32.KORGO.V -- X[1].EXE , W32.KORGO.P -- X[2].EXE AND
W32.SPYBOT.WORM -- SYSTEM32


I NEED SERIOUS HELP ??? 817-215-4515 8AM TO 6PM TEXAS.
EMAIL: FFONTAN1@TXUED.COM

I AM WORKING AT A DIFFERENT LOCATION AND PC TODAY.


FRANK

This conversation is currently closed to new comments.

11 total posts (Page 1 of 2)   01 | 02   Next
| Thread display: Collapse - | Expand +

All Comments

Collapse -

by darts32 In reply to Virus on my PC that canno ...

One thing you might of missed. Since you have SP1. Either apply windows updates prior to SP2 or install SP2.

On the Symantec site its listed the following patches to be applied to avoid reinfection:

W32.Spybot.Worm can perform different backdoor-type functions by connecting to a configurable IRC server and joining a specific channel to listen for instructions.

Newer variants may also spread by exploiting the following vulnerabilities:


The DCOM RPC Vulnerability (described in Microsoft Security Bulletin MS03-026) using TCP port 135.
The Microsoft Windows Local Security Authority Service Remote Buffer Overflow (described in Microsoft Security Bulletin MS04-011).
The vulnerabilities in the Microsoft SQL Server 2000 or MSDE 2000 audit (described in Microsoft Security Bulletin MS02-061) using UDP port 1434.
The WebDav Vulnerability (described in Microsoft Security Bulletin MS03-007) using TCP port 80.
The UPnP NOTIFY Buffer Overflow Vulnerability (described in Microsoft Security Bulletin MS01-059).
The Workstation Service Buffer Overrun Vulnerability (described in Microsoft Security Bulletin MS03-049) using TCP port 445. Windows XP users are protected against this vulnerability if the patch in Microsoft Security Bulletin MS03-043 has been applied. Windows 2000 users must apply the patch in Microsoft Security Bulletin MS03-049.

W32.Korgo.V is a variant of W32.Korgo.N. This worm attempts to propagate by exploiting the Microsoft Windows LSASS Buffer Overrun Vulnerability (described in Microsoft Security Bulletin MS04-011) on TCP port 445. It also listens on random TCP ports between 256 and 8191.

Attempts to exploit the LSASS Windows vulnerability on TCP port 445 (described in Microsoft Security Bulletin MS04-011), against random IP addresses. If the worm successfully finds a vulnerable computer, the computer will attempt to reconnect to the infected computer to download the worm.

Collapse -

by darts32 In reply to

Also view the following pages for help:

http://tinyurl.com/5m5kg - W32.Korgo.P

http://tinyurl.com/6k5mf - W32.Korgo.V

http://tinyurl.com/fcvw - W32.SPYBOT.WORM

Hope this helps you out.

Collapse -

by ffontan1 In reply to

Poster rated this answer.

Collapse -

by Miss Kitty In reply to Virus on my PC that canno ...

My son had the same problem with his PC. He also was running Norton. I completely reformated his PC and then had him install a freeware anti-virus program by Avast. When he installed it and did a scan, he found 12 viruses in his boot area. The same ones you are gettting. The software did clean his PC where Norton would not. The software site is Avast.com. They also have a cleaner program which I downloaded and reran after he was finished. I think his PC had had these viruses in his boot for at least 6 months. Try it. It might work.
Cathy

Collapse -

by Miss Kitty In reply to

I loaded a new laptop yesterday and brought over a file from the old pc with an update Norton on it and Avast found a infected file. Evidently, Norton is not catching everything.
Cathy

Collapse -

by ffontan1 In reply to

Poster rated this answer.

Collapse -

by MadestroITSolutions In reply to Virus on my PC that canno ...

To remove Korgo [and variants], go to the following page, download the tool and follow the instructions:
http://securityresponse.symantec.com/avcenter/venc/data/w32.korgo.removal.tool.html

To remove Spybot, go to the following page, scroll down to "Removal Instructions" and follow them:
http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.worm.html

Good luck and don't forget to rate my answer!

Collapse -

by ffontan1 In reply to

Poster rated this answer.

Collapse -

by RRV In reply to Virus on my PC that canno ...

Hi,
Believe me or not it seems like a conspiracy theory. In my 8 yrs of exp i feel it should be antivirus companies like norton or mcafee who create or support to create viruses to keep their stocks and interests up. Please bear with MS and keep your PCs uptodate. It is high time from us as customers to force Microsoft to come up with MSAV - Microsoft Anti Virus AGAIN!!!.
lets all insist microsoft to do that.
RV

Collapse -

by ffontan1 In reply to

Poster rated this answer.

Back to Web Development Forum
11 total posts (Page 1 of 2)   01 | 02   Next

Related Discussions

Related Forums