HELP! Need cure for Worm!

Discussion in 'Archived Threads 2001-2004' started by Ushabye, Oct 7, 2002.

  1. Ushabye

    Ushabye Projectionist

    Joined:
    Mar 31, 1999
    Messages:
    185
    Likes Received:
    45
    Trophy Points:
    110
    Location:
    Dublin, Ireland.
    Real Name:
    Paul
    I have just discovered a worm on my system, but cannot find a solution to removing it. I would be grateful If someone could help me out. It seems to be preventing my Norton anti-virus program from running (shuts it down after 30 secs or so when I try to open it.) It came in an email titled: "A gift" , there's an attatchment: advantages.ppt.exe (49kb) Even when I re-install Norton it still will only remain open for 30secs then shuts down.

    This may be the I. GIFT worm but I'm not sure. Can anybody help?
     
  2. Glenn Overholt

    Glenn Overholt Producer

    Joined:
    Mar 24, 1999
    Messages:
    4,203
    Likes Received:
    0
    Trophy Points:
    0
    Ouch! This morning the news mentioned the 'bugbear' worm. Go to http://www.symantec.com for more info.
    I did hear that you can catch it without even opening it up. I do hope you didn't open it, in any case. Best of luck.
    Glenn
     
  3. Brian E

    Brian E Screenwriter

    Joined:
    Aug 12, 2000
    Messages:
    1,636
    Likes Received:
    0
    Trophy Points:
    0
    See if you can run an online scan using House Call. Maybe that will run for you and kill your virus. Go to http://www.antivirus.com and look for the free tools area.
     
  4. Kevin P

    Kevin P Screenwriter

    Joined:
    Jan 18, 1999
    Messages:
    1,439
    Likes Received:
    0
    Trophy Points:
    0
    You can download a Bugbear removal tool from this link on Symantec's website.
    For more information on Bugbear, click here.
    If you do a Ctrl-Alt-Del and kill the worm process, you should be able to run Norton. You'll need to update to the latest definitions.
    Bugbear is spreading faster than Klez spread during its peak earlier in the year, according to various news sites I've read.
     
  5. Ushabye

    Ushabye Projectionist

    Joined:
    Mar 31, 1999
    Messages:
    185
    Likes Received:
    45
    Trophy Points:
    110
    Location:
    Dublin, Ireland.
    Real Name:
    Paul
    Thanks Fellas, that did the trick!
     
  6. Mike LS

    Mike LS Supporting Actor

    Joined:
    Jun 29, 2000
    Messages:
    838
    Likes Received:
    0
    Trophy Points:
    0
    Just for info, www.pandasoftware.com has a free removal tool that seems to work better than the symantec tool. I've used both (that frigging worm is running amok here at my company).
    Has anyone else had any experience with this? We have a small network set up and this worm (as well as the opaserv worm) have completely fouled up all network settings on our 95/98 machines. NT based are OK, but all network shares have been changed to file servers so the virus can spread over the network. None of this is resolved by only removing and cleaning the virus. Any ideas on how to resolve?
     
  7. Kevin P

    Kevin P Screenwriter

    Joined:
    Jan 18, 1999
    Messages:
    1,439
    Likes Received:
    0
    Trophy Points:
    0
    Mike, that sounds like something the Opaserv worm might do. Check this text excerpt from Symantec's website:
     
  8. Mike LS

    Mike LS Supporting Actor

    Joined:
    Jun 29, 2000
    Messages:
    838
    Likes Received:
    0
    Trophy Points:
    0
    Yeah, it's definitely the opaserv worm. I've removed it from all affected machines, but still haven't found a fix for the network and print share problem......other than reformat that is.
     
  9. Kevin P

    Kevin P Screenwriter

    Joined:
    Jan 18, 1999
    Messages:
    1,439
    Likes Received:
    0
    Trophy Points:
    0
    What kind of problem are you having with your file and printer shares? If the worm created shares you can delete them from Explorer easily.
     
  10. Mike LS

    Mike LS Supporting Actor

    Joined:
    Jun 29, 2000
    Messages:
    838
    Likes Received:
    0
    Trophy Points:
    0
    I think I found the problem late yesterday. It seems that the worm was affecting some emulation software that we use here and was creating NFS shares that we couldn't get rid of until the software was uninstalled and reinstalled.
     

Share This Page