[Virus] Help! (W32.Beagle.F@mm)

Glamour_Maai · **30-05-2004, 19:34**

Kan iemand mij soms helpen met mijn virus.

Weet iemand hoe ik het virus W32.Beagle.F@mm verwijder?!

Alvast bedankt!

Enlightenment · **30-05-2004, 20:08**

Met een virusscanner.

flamez · **30-05-2004, 20:09**

virusscanner

of zoeken

**30-05-2004, 20:11**

*kijkt op symantec site*

W32.Beagle.F@mm is a mass-mailing worm that opens a backdoor on TCP port 2745 and uses its own SMTP engine to spread through email. W32.Beagle.F@mm also attempts to spread across file-sharing networks, such as Kazaa and iMesh, by dropping itself into the directories that contain "shar" in their names.

From: <spoofed>
Subject: <variable>
Attachment: <random characters>.zip, containing an executable <random characters>.exe

The worm is similar in functionality to W32.Beagle.E@mm and is packed with PeX.

--------------------------------------------------------------------------------
Notes:
This worm does not have a static MD5 hash value.
Symantec Security Response has developed a removal tool to clean the infections of W32.Beagle.F@mm.

bron

**30-05-2004, 20:12**

Available command-line switches for this tool:

Switch

Description

/HELP, /H, /?
Displays the help message.

/NOFIXREG
Disables the registry repair (We do not recommend using this switch).

/SILENT, /S
Enables the silent mode.

/LOG=<path name>
Creates a log file where <path name> is the location in which to store the tool's output. By default, this switch creates the log file, FxBeagle.log, in the same folder from which the removal tool was executed.

/MAPPED
Scans the mapped network drives (We do not recommend using this switch. See the following Note).

/START
Forces the tool to immediately start scanning.

/EXCLUDE=<path>
Excludes the specified <path> from scanning (We do not recommend using this switch. See the following Note).

/NOFILESCAN
Prevents scanning of the filesystem.

freyk · **30-05-2004, 20:24**

Reversing the changes that the worm made to the registry and restart computer
WARNING: Symantec strongly recommends that you back up the registry before making any changes to it. Incorrect changes to the registry can result in permanent data loss or corrupted files. Modify the specified keys only. Read the document, "How to make a backup of the Windows registry," for instructions.

Click Start, and then click Run. (The Run dialog box appears.)
Type regedit
Then click OK. (The Registry Editor opens.)
Navigate to the key: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
In the right pane, delete the value:
"rate.exe"="%System%\i1ru54n4.exe"
Navigate to and delete the key:
HKEY_CURRENT_USER\SOFTWARE\winword
Exit the Registry Editor.
Restart the computer.

Warsocket · **31-05-2004, 11:06**

hier zou je em wel ermee af kunnen halenn als je geen virii scanner hebt

http://housecall.antivirus.com/house...tart_frame.asp

is online gratis virusscanner

30-05-2004, 19:34
Glamour_Maai	Kan iemand mij soms helpen met mijn virus. Weet iemand hoe ik het virus W32.Beagle.F@mm verwijder?! Alvast bedankt! __________________ ~...oOo...~ I do believe that God above, created you for me to love ~...oOo...~

30-05-2004, 20:08
Enlightenment	Met een virusscanner. __________________ Per undas adversas (tegen de stroom in)

30-05-2004, 20:09
flamez	virusscanner of zoeken __________________ wie niet waagt, die heerscht niet

31-05-2004, 11:06
Warsocket	hier zou je em wel ermee af kunnen halenn als je geen virii scanner hebt http://housecall.antivirus.com/house...tart_frame.asp is online gratis virusscanner __________________ 01110100011001010111011001100101011001010110110000100000011101000 11010010110101001100100001000000011111100111111001000000011101001010000

Advertentie