Scholieren.com forum

Scholieren.com forum (https://forum.scholieren.com/index.php)
-   Software & Hardware (https://forum.scholieren.com/forumdisplay.php?f=20)
-   -   [Virus] Help! (W32.Beagle.F@mm) (https://forum.scholieren.com/showthread.php?t=855647)

Glamour_Maai 30-05-2004 19:34
[Virus] Help!
 
Kan iemand mij soms helpen met mijn virus.

Weet iemand hoe ik het virus W32.Beagle.F@mm verwijder?!

Alvast bedankt!

Enlightenment 30-05-2004 20:08
Met een virusscanner. :)

flamez 30-05-2004 20:09
virusscanner

of zoeken

superduck 30-05-2004 20:11
*kijkt op symantec site*

W32.Beagle.F@mm is a mass-mailing worm that opens a backdoor on TCP port 2745 and uses its own SMTP engine to spread through email. W32.Beagle.F@mm also attempts to spread across file-sharing networks, such as Kazaa and iMesh, by dropping itself into the directories that contain "shar" in their names.

From: <spoofed>
Subject: <variable>
Attachment: <random characters>.zip, containing an executable <random characters>.exe

The worm is similar in functionality to W32.Beagle.E@mm and is packed with PeX.




--------------------------------------------------------------------------------
Notes:
This worm does not have a static MD5 hash value.
Symantec Security Response has developed a removal tool to clean the infections of W32.Beagle.F@mm.



bron

superduck 30-05-2004 20:12
Available command-line switches for this tool:

Switch

Description

/HELP, /H, /?
Displays the help message.

/NOFIXREG
Disables the registry repair (We do not recommend using this switch).

/SILENT, /S
Enables the silent mode.

/LOG=<path name>
Creates a log file where <path name> is the location in which to store the tool's output. By default, this switch creates the log file, FxBeagle.log, in the same folder from which the removal tool was executed.

/MAPPED
Scans the mapped network drives (We do not recommend using this switch. See the following Note).

/START
Forces the tool to immediately start scanning.

/EXCLUDE=<path>
Excludes the specified <path> from scanning (We do not recommend using this switch. See the following Note).

/NOFILESCAN
Prevents scanning of the filesystem.

freyk 30-05-2004 20:24
Reversing the changes that the worm made to the registry and restart computer
WARNING: Symantec strongly recommends that you back up the registry before making any changes to it. Incorrect changes to the registry can result in permanent data loss or corrupted files. Modify the specified keys only. Read the document, "How to make a backup of the Windows registry," for instructions.
  • Click Start, and then click Run. (The Run dialog box appears.)
  • Type regedit
    Then click OK. (The Registry Editor opens.)
  • Navigate to the key: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
  • In the right pane, delete the value:
    "rate.exe"="%System%\i1ru54n4.exe"
  • Navigate to and delete the key:
    HKEY_CURRENT_USER\SOFTWARE\winword
  • Exit the Registry Editor.
  • Restart the computer.

Warsocket 31-05-2004 11:06
hier zou je em wel ermee af kunnen halenn als je geen virii scanner hebt

http://housecall.antivirus.com/house...tart_frame.asp

is online gratis virusscanner


Alle tijden zijn GMT +1. Het is nu 04:54.

Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2025, Jelsoft Enterprises Ltd.