Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations gkittelson on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

~~~~~^~~~~\o/~~~~~~ HELP ( VIRUS ) NEW WORM TANKED.12.P2P 1

Status
Not open for further replies.
LoganAve

LoganAve

Technical User
Aug 30, 2002
3
US
I am infected with the worm/tanked.12.p2p sometimes anti v
calls it worm/tanked.12.p2p can only find info on .10; .11,
when the few times my anti v. called it tanked.11 the registrys I was to look for were'nt there. ;13. but no 12.

I have it cornered in sytem restore. It has locked me out, I cant disable it. there is about 3+ G. of files and about
1/3 are infected EX. AA0062491.cpy contains sign of the
worm worm/tanked.12.p2p they wont delete. and anti virus has failed to get them out.

I use windows me ANYONE FAMILIAR WITH THIS.


It is similar to the worm W32HLLW.Reckus and all the tanked family. I discoverd it while adjusting the my share folder
in winmx and it was changed to C:\Kernell loaded with zips in UPX.



thanks if you can help

Logan
 
Sort by date Sort by votes
What do you mean by you cannot disable it? What happens?
Got the below instructions off a website, give it a shot, and run a full scan in safe mode when you're done.


Time to fire up the Registry Editor (Start>Run>Regedit).

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\PerUser_PCHealth

Drill down to that PerUser_PCHealth key. Inside (click on it to highlight it) you'll see the following value:

"IsInstalled"=hex:01,00,00,00

Or, at least that's what it really looks like. You won't see the quotes, or the '=hex', in the regedit-modified view. It will look more like this:

IsInstalled 01 00 00 00

Right-click on the key, and select 'Modify'. This will bring up the Registry hex editor. Hit your delete key twice (removing the 01), and then type two '0's (zeros) and hit 'OK'. You should now see:

IsInstalled 00 00 00 00

Close Regedit and reboot.

When your system comes back up, you should be able to delete the '_Restore' folder just fine.

Matt J.
 
Upvote 0 Downvote
Hey, Thanks alot Matt. the info was right on. it enabled me to disable system restore in safe mode. I then was able to delete approx 5Gb including the infected files. antivirus
says I am clean.

I have been in several forums. others have sent me on a wild goose chase. they obviosly didn't understand my situation. thanks for you're time to research and help me.

You are a good man. thanks again
logan ^~..~^
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

iambob
  • Locked
  • Question
Avast Anti-Virus is.. a virus?! 3
Replies
5
Views
287
Oorde
Oorde
DrB0b
  • Locked
  • Question
Curious network activity over port 445
Replies
8
Views
337
DrB0b
DrB0b
Olumighty
  • Locked
  • Question
BIOS PASSWORD WIPE OR CLEAR ON COMPUTER LAPTOP 1
Replies
1
Views
178
SamBones
SamBones
andyv2011
  • Locked
  • Question
Looking at Virus Actions
Replies
0
Views
122
andyv2011
andyv2011
shivajiboss
  • Locked
  • Question
I am getting a problem while opening up my windows
Replies
1
Views
261
2ffat
2ffat

Part and Inventory Search

Sponsor

Back
Top