Stupid Worms

Discussion in 'Windows - Virus and spyware problems' started by semid13, Feb 1, 2006.

  1. semid13

    semid13 Regular member

    Joined:
    Nov 8, 2005
    Messages:
    121
    Likes Received:
    0
    Trophy Points:
    26
    Anybody come across this pair of worms: Bron_Spizaetus & Tok_Cirrhatus. My friend's photolab has a network of 4 PC's were infected by these worms. These PC's were not connected to the Internet & these worms came from customer's media. I use ZoneAlarm initially to scan but couldn't detect anything. AdAware detected 4 similar spyware in all the PC & they all reside in the Registry but couldn't delete them. Norton 2005 detected & remove almost 1000+ virus from each PC but couldn't touch those within the Registry. McAfee ver 7.0 also can delete a lot of virus but also couldn't clean the Registry. I wonder whether Norton 2006 or a later version of McAfee can do a better job.
    In the meantime, these worms keep on multiplying. Anyone have a solution?
     
  2. rav009

    rav009 Active member

    Joined:
    Nov 14, 2005
    Messages:
    2,204
    Likes Received:
    0
    Trophy Points:
    66
    Ok get a HJT log and then we'll sort the reg.

    Bron_Spizaetus and Tok_Cirrhatus will be in the start up so to get rid of that start>run>msconfig and clikc the start up tab and uncheck Bronstab.exe and tok.exe or somthing.

     
    Last edited: Feb 1, 2006
  3. W8m

    W8m Guest

    Hey, download HiJack This from: http://koti.mbnet.fi/pattaya1/HijackThis.exe

    Install it to folder c:\hjt\

    Open it and press the "Do a system scan and save a logfile"

    Copy the log and post it to here and we will check it out.
     
  4. rav009

    rav009 Active member

    Joined:
    Nov 14, 2005
    Messages:
    2,204
    Likes Received:
    0
    Trophy Points:
    66
    Yeh do that if you dont already know about HJT.
     
  5. semid13

    semid13 Regular member

    Joined:
    Nov 8, 2005
    Messages:
    121
    Likes Received:
    0
    Trophy Points:
    26
    I know they are in the Startup program but they already disabled the Regedit. The moment I open msconfig, the system will do a reboot. Anyway I did a reformat of the C drive for all 4 PC's & use Spy Remover to safeguard the Registry - no worm can get in anymore & use Norton to remove all the worms in the other drives.
     
  6. rav009

    rav009 Active member

    Joined:
    Nov 14, 2005
    Messages:
    2,204
    Likes Received:
    0
    Trophy Points:
    66
    Yeh you could do that but it'll be a big job.

     
  7. semid13

    semid13 Regular member

    Joined:
    Nov 8, 2005
    Messages:
    121
    Likes Received:
    0
    Trophy Points:
    26
    What choice do I have? The Registry is under their control. Unless there's a virus scanner that can reach them & cleaned them out.
     

Share This Page