General discussion

Locked

w32.xabot virus

By leighoneills ·
Ok, my friend bought a new computer and the **** goes straight to p2p and gets his computer infected. Ive cleaned most but w32.xabot.worm remains.
I have started in safe mode to use regedit, doesnt work. Tried the UnhookExec.inf download but it doesnt work either, doesnt work in safe mode either.
Tried all sorts of online scans, most are disabled but the ones that arent wont clean it.
Tried downloading obscure registry editors that the virus doesnt defend against but cant find one to do the job of letting me manually edit the registry, except for registry workshop which i can view and change the registry with but the entries I change re-appear as soon as move to another hkey folder.
I dont want to have to format his computer and start from scratch, so if anyone can help me Id be grateful
leighoneills@hotmail.com

This conversation is currently closed to new comments.

5 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

by BFilmFan In reply to w32.xabot virus

Be sure to turn off the system restore and follow the rest of the instructions here:

http://www.symantec.com/avcenter/venc/data/w32.xabot.worm.html

Collapse -

by leighoneills In reply to

I have been working from that site for 2 days.
A lot of it doesnt work.
regedit has been disabled so you can't even start doing what that says.
They have a link to UnHookExec.inf which they say unlocks the regeditor but it doesnt. Starting in safe mode then trying the same doesnt work either.

Collapse -

by cul8rm8e In reply to w32.xabot virus

Ok iv looked at your question and cant come to see why a simple AVP software programme wont work i.e Norton, Sophos or McAfee as i have a lot of viruses in the past and have always been able to remove them safely however thats software for you.

Onto the second option, i have seen that you say that you do not wish to re-format the HDD, almost every virus is stored within the SYSTEM32 folder.

Best thing to do is (which will kepp all of your files and folders) is to do a system recovery. To do this boot the os from your CD Rom drive as u would if you were to do a fresh install whengiven the option to press "r" for the system recovery do so just follow the very simple steps i.e selectin which drive or what partition you have your current os installed to. this will re-install windows from scratch but however will kepp all of your remaining programmes ect.

Good Luck

Collapse -

by BorgInva In reply to w32.xabot virus

Some links from my personal collection:


4/23/05

To completely avoid spyware and viruses, turn PC off. Truthfully.
If you really want to use it, prevention with running programs are best. Read their docs on how to use them and update them. All these are FREE.
Oh, yes! KEEP WINDOWS UP TO DATE! Use the AUTOMATIC UPDATE feature.

ONLINE VIRUS CHECKS, no software install required other than an Active X component if required (some do removals):
Symantec Security Check
http://security.symantec.com/sscv6/home.asp?langid=ie&venid=sym&plfid=23&pkj=QQWRORVWHFHMFNZMBBX
BitDefender
http://www.bitdefender.com/scan/licence.php
Panda ActiveScan
http://www.pandasoftware.com/activescan/com/activescan_principal.htm
Trend Micro Online Virus Scan
http://housecall.antivirus.com/housecall/start_corp.asp
Trend Micro Housecall
http://housecall.trendmicro.com/
Virus Threat Center Blog
http://virusthreatcenter.com/?tag=zd.ft.fs.vtc
McAfee Virus Removal Tools
http://us.mcafee.com/virusInfo/default.asp?id=vrt

ONLINE SPYWARE CHECKS
ZoneAlarm Spyware Check
http://download.zonelabs.com/bin/promotions/spywaredetector/index3.html

REFERANCE
http://www.download.com/spyware-center/2001-2023-0.html?tag=note

ANTIVIRUS SOFTWARE (again all FREE)
Free avast! 4 Home Edition
http://www.asw.cz/eng/avast_4_home.html
AVG FREE
http://free.grisoft.com/freeweb.php
AntiVir? PersonalEdition Classic
http://www.free-av.com/index.htm
BitDefender Free Edition v7
http://www.bitdefender.com/bd/site/products.php?p_id=24

Collapse -

by BorgInva In reply to

ANTI SPYWARE
About:Buster
http://www.malwarebytes.biz/index.php
Bug Off
http://www.spywareinfo.com/~merijn/downloads.html
CWShredder
http://www.intermute.com/spysubtract/cwshredder_download.html
HijackThis 1.99.1
http://www.spywareinfo.com/~merijn/downloads.html
Ad-Aware SE Personal edition
http://www.lavasoftusa.com/
Microsoft? Windows AntiSpyware (Beta) [I believe updates are done through Windows Update)
http://www.microsoft.com/athome/security/spyware/software/default.mspx
Spybot Search and Destroy 1.3
http://www.safer-networking.org/
SpywareBlaster 3.3
http://www.javacoolsoftware.com/spywareblaster.html
X-RayPC Spyware Process Analyzer 1.001
http://www.x-raypc.com/

TO WATCH YOUR START UP PROGRAMS

MSCONFIG (not on W2k)
Use RUN and type MSCONFIG and then hit ENTER
Use these programs too
Startup Monitor
http://www.mlin.net/index.shtml
StartupRun v1.22
http://www.nirsoft.net/utils/strun.html

FREE FIREWALLS:

ZoneAlarm (one of the BEST, even for free)
http://www.zonelabs.com/store/content/company/products/znalm/freeDownload.jsp?lid=staticcomp_za
Sygate Personal Firewall 5.x (never used myself but it is a good one)
http://smb.sygate.com/products/spf_standard.htm

AND MORE ONLIE FIREWALL TESTS
ShieldsUP!
https://www.grc.com/x/ne.dll?bh0bkyd2
LeakTest
http://www.grc.com/lt/leaktest.htm
Symantec Security Check
http://security.symantec.com/sscv6/home.asp?langid=ie&venid=sym&plfid=23&pkj=QQWRORVWHFHMFNZMBBX

Back to Desktop Forum
5 total posts (Page 1 of 1)  

Related Discussions

Related Forums