I gots a virus

Discussion in 'System Security & Infection Support' started by BobbyDigital, Oct 7, 2003.

  1. BobbyDigital

    BobbyDigital

    Joined:
    Sep 25, 2003
    Messages:
    36
    Likes Received:
    0
    Location:
    N.Y.C.
    I couldn't connect to the internet for a couple of days, I called the time warner people and they helped me fix the prob...but the guy said that i had a virus and thats why I couldn't connect. I installed Norton's Antivirus and a couple of minutes later a screen popped up that said that there was a virus in "winmgm32.exe"...It said it couldn't be cleaned so it told me just to delete it and restore it later from my backup files. I tried to delet it but it wont let me. I don't even know where that file is, if I find it imma try to delete it manually. Is that virus some serious ish? Yo im scared I don't want it to delete my files I gots mad songs and they took me mad long to find. Thanks
     
    BobbyDigital, Oct 7, 2003
    #1
    1. Advertisements

  2. BobbyDigital

    undeadpenguin Bang. VIP Member

    Joined:
    Sep 1, 2003
    Messages:
    925
    Likes Received:
    4
    Location:
    US, CT
    Reboot into safe mode (hit F8 (I think) while booting and choose it from the screen that appears). Try and delete it through there.
     
    undeadpenguin, Oct 7, 2003
    #2
    1. Advertisements

  3. BobbyDigital

    James Photojournalist VIP Member

    Joined:
    Dec 24, 2002
    Messages:
    6,662
    Likes Received:
    35
    Location:
    Maine, USA
    Ahh, you have the sobig virus. ;)

    I think it comes from the a version, go here and download the removal tool, try all versions of the sobig tools.

    When run the worm installs itself into the Windows directory as WINMGM32.EXE.

    Two registry hooks are added to hook system startup, for example:
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    "WindowsMGM" = C:\WINDOWS\winmgm32.exe
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
    "WindowsMGM" = C:\WINDOWS\winmgm32.exe

    I'd remove those 2 startup keys before you run the removal tools.
     
    James, Oct 7, 2003
    #3
  4. BobbyDigital

    BobbyDigital

    Joined:
    Sep 25, 2003
    Messages:
    36
    Likes Received:
    0
    Location:
    N.Y.C.
    I have no idea how to remove the startup keys...I'm an illiterate ******* when it comes to computers.
     
    BobbyDigital, Oct 7, 2003
    #4
  5. BobbyDigital

    James Photojournalist VIP Member

    Joined:
    Dec 24, 2002
    Messages:
    6,662
    Likes Received:
    35
    Location:
    Maine, USA
    Ok, sorry I forgot, I'm used to going into the registry a lot. :redface

    Click on Start | Run | type regedit

    Now, navigate HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre
    ntVersion\Run

    and remove only what was posted above.
     
    James, Oct 8, 2003
    #5
  6. BobbyDigital

    BobbyDigital

    Joined:
    Sep 25, 2003
    Messages:
    36
    Likes Received:
    0
    Location:
    N.Y.C.
    Yo, I deleted the registry hooks, and then i ran all the versions of sobig tools...but the removal tools never found the virus.
     
    BobbyDigital, Oct 8, 2003
    #6
  7. BobbyDigital

    James Photojournalist VIP Member

    Joined:
    Dec 24, 2002
    Messages:
    6,662
    Likes Received:
    35
    Location:
    Maine, USA
    You tried a-e? Reboot and try again. Update your definition files for NAV and see if it can remove the virus too.
     
    James, Oct 8, 2003
    #7
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.