help to remove a worm 2

[springboks]

I recently lost my browser and was able to retreive it, i then ran a virus scan and it found a worm called "worm/ Alcra.B" the scan says that it could not delete this worm because it was in an archive file. Please help as i am worried that if i send any emails it would send the virus to another computer.Thank you.

 

[eyec]

if you are running ME or XP, boot into Safe Mode, turn off System Restore Point, use virus scan to remove the virus, then reboot.

 

[pechenegs]

where does it say the virus is, where's it's location?

Ewido is for W2k and Xp, i'm assuming you have that.


Download the pocket killbox for later!

http://www.bleepingcomputer.com/files/killbox.php

* Download the trial version of Ewido Security Suite here

http://www.ewido.net/en/

* Install ewido.
* During the installation, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
* Launch ewido
* It will prompt you to update click the OK button and it will go to the main screen
* On the left side of the main screen click update
* Click on Start and let it update.
* DO NOT run a scan yet. You will do that later in safe mode.


*Download Cleanup from Here

http://www.stevengould.org/software...p/download.html

* A window will open and choose SAVE, then DESKTOP as the destination.
* On your Desktop, click on Cleanup40.exe icon.
* Then, click RUN and place a checkmark beside "I Agree"
* Then click NEXT followed by START and OK.
* A window will appear with many choices, keep all the defaults as set when the Slide Bar to the left is set to Standard Quality.
* Click OK
* DO NOT RUN IT YET



* Click here for info on how to boot to safe mode if you don't already know
how.


How to boot to safe mode

http://service1.symantec.com/SUPPOR...src=sec_doc_nam

* Now copy these instructions to notepad and save them to your desktop. You
will need them to refer to in safe mode.


* Restart your computer into safe mode now. Perform the following steps in
safe mode:




* Run Ewido:

* Click on scanner
* Click Complete System Scan and the scan will begin.
* During the scan it will prompt you to clean files, click OK
* When the scan is finished, look at the bottom of the screen and click the Save report button.
* Save the report to your desktop


* Run Cleanup:

* Click on the "Cleanup" button and let it run.
* Once its done, close the program.



Run ActiveScan online virus scan here

http://www.pandasoftware.com/activescan/

When the scan is finished, anything that it cannot clean have it delete it.
Make a note of the file location of anything that cannot be deleted so you
can delete it yourself.
- Save the results from the scan!



post another hijack this log, the ewido and active scan logs

 

[pechenegs]

Double-click on Killbox.exe to run it. Now put a tick by Standard File Kill.
In the Full Path of File to Delete box, copy and paste each of the following lines one at a time then click on the button that has the red circle with theX in the middle after you enter each file. It will ask for confirmation to delete the file. Click Yes. Continue with that same procedure until you havecopied and pasted all of these in the Paste Full Path of File to Delete box.



Note: It is possible that Killbox will tell you that one or more files do not exist. If that happens, just continue on with all the files. Be sure you don't miss any.


C:\Program Files\winupdates\winupdates.exe

Find and delete this folder.


C:\Program Files\winupdates