Web Development

One thing you might of missed. Since you have SP1. Either apply windows updates prior to SP2 or install SP2.

On the Symantec site its listed the following patches to be applied to avoid reinfection:

W32.Spybot.Worm can perform different backdoor-type functions by connecting to a configurable IRC server and joining a specific channel to listen for instructions.

Newer variants may also spread by exploiting the following vulnerabilities:


The DCOM RPC Vulnerability (described in Microsoft Security Bulletin MS03-026) using TCP port 135.
The Microsoft Windows Local Security Authority Service Remote Buffer Overflow (described in Microsoft Security Bulletin MS04-011).
The vulnerabilities in the Microsoft SQL Server 2000 or MSDE 2000 audit (described in Microsoft Security Bulletin MS02-061) using UDP port 1434.
The WebDav Vulnerability (described in Microsoft Security Bulletin MS03-007) using TCP port 80.
The UPnP NOTIFY Buffer Overflow Vulnerability (described in Microsoft Security Bulletin MS01-059).
The Workstation Service Buffer Overrun Vulnerability (described in Microsoft Security Bulletin MS03-049) using TCP port 445. Windows XP users are protected against this vulnerability if the patch in Microsoft Security Bulletin MS03-043 has been applied. Windows 2000 users must apply the patch in Microsoft Security Bulletin MS03-049.

W32.Korgo.V is a variant of W32.Korgo.N. This worm attempts to propagate by exploiting the Microsoft Windows LSASS Buffer Overrun Vulnerability (described in Microsoft Security Bulletin MS04-011) on TCP port 445. It also listens on random TCP ports between 256 and 81**.

Attempts to exploit the LSASS Windows vulnerability on TCP port 445 (described in Microsoft Security Bulletin MS04-011), against random IP addresses. If the worm successfully finds a vulnerable computer, the computer will attempt to reconnect to the infected computer to download the worm.

My son had the same problem with his PC. He also was running Norton. I completely reformated his PC and then had him install a freeware anti-virus program by Avast. When he installed it and did a scan, he found 12 viruses in his boot area. The same ones you are gettting. The software did clean his PC where Norton would not. The software site is Avast.com. They also have a cleaner program which I downloaded and reran after he was finished. I think his PC had had these viruses in his boot for at least 6 months. Try it. It might work.
Cathy

To remove Korgo [and variants], go to the following page, download the tool and follow the instructions:
http://securityresponse.symantec.com/avcenter/venc/data/w32.korgo.removal.tool.html

To remove Spybot, go to the following page, scroll down to "Removal Instructions" and follow them:
http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.worm.html

Good luck and don't forget to rate my answer!

Hi,
Believe me or not it seems like a conspiracy theory. In my 8 yrs of exp i feel it should be antivirus companies like norton or mcafee who create or support to create viruses to keep their stocks and interests up. Please bear with MS and keep your PCs uptodate. It is high time from us as customers to force Microsoft to come up with MSAV - Microsoft Anti Virus AGAIN!!!.
lets all insist microsoft to do that.
RV