There's no such thing as a stupid question, but they're the easiest to answer.
JoinTour
Login
Search
 
Windows XP
Tag Cloud
access adobe audio boot bsod computer connection cpu crash css dell driver error excel excel 2003 external hard drive format freeze hard drive hijackthis hotmail internet internet explorer itunes java keyboard lag laptop malware network networking no sound outlook outlook express problem router security slow sound toshiba trojan usb vba virus vista windows windows 7 windows vista windows xp wireless
Search
Search for:
Tech Support Guy Forums > Operating Systems > Windows XP >
W32.Kwbot.F.Worm

Tip: Click here to scan for System Errors and Optimize PC performance
[ Sponsored Link ]

Closed Thread
 
Thread Tools
bmxgj's Avatar
Member with 90 posts.
  
Join Date: Jun 2003
21-Aug-2003, 02:21 PM #1
W32.Kwbot.F.Worm
hi i have the W32.Kwbot.F.Worm and i ran hijackthis.. what do i do?



Logfile of HijackThis v1.95.1
Scan saved at 11:20:18 AM, on 8/21/2003
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Windows\System32\Ati2evxx.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\Windows\wanmpsvc.exe
C:\Windows\System32\atiptaxx.exe
C:\Windows\System32\ltmsg.exe
C:\Program Files\Compaq\EAB\EabServr.exe
C:\Program Files\Compaq\Hotkey Software\hkss.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Winamp3\winampa.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
C:\Program Files\AOL Communicator\ac_secdbm.exe
C:\Program Files\AOL Communicator\ac_abook.exe
C:\Program Files\AOL Communicator\ac_mail.exe
C:\Windows\explorer.exe
C:\Windows\System32\ctfmon.exe
C:\Program Files\AIM95\aim.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\pj\My Documents\HiJackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.compaq.com/2Q00CPT/0409/bF8.asp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_2_3_0.dll
O2 - BHO: (no name) - {029CA12C-89C1-46a7-A3C7-82F2F98635CB} - C:\Program Files\Kontiki\bin\bh304181.dll (file missing)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_2_3_0.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [LTWinModem1] ltmsg.exe 9
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\Compaq\EAB\EabServr.exe /Start
O4 - HKLM\..\Run: [hkss] C:\Program Files\Compaq\Hotkey Software\hkss.exe
O4 - HKLM\..\Run: [Cpqset] c:\compaq\cpqsetup\cpqset.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\Program Files\AIM95\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp3\winampa.exe"
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [ctfmon.exe] C:\Windows\System32\ctfmon.exe
O4 - HKCU\..\Run: [cnet] "C:\Program Files\Kontiki\bin\kontiki.exe" -s cnet -q
O4 - HKCU\..\Run: [FreeRAM XP] "Z:\Documents and Settings\George Jaber\Desktop\FreeRAM XP Pro 1.31.exe" -win
O4 - HKCU\..\Run: [Popup Ad Filter] C:\Program Files\Meaya\Popup Ad Filter\PopFilter.exe
O4 - Global Startup: America Online 8.0 Tray Icon.lnk = C:\Program Files\America Online 8.0a\aoltray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Allow Popups - C:\Program Files\Meaya\Popup Ad Filter\WhiteGetUrl.js
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Real.com (HKLM)
O15 - Trusted Zone: http://*.hp.com
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/s...irector/sw.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinstc.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/downlo...22/wmv9VCM.CAB
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/beta/qdiagcc.cab
O16 - DPF: {597C45C2-2D39-11D5-8D53-0050048383FE} (OPUCatalog Class) - http://office.microsoft.com/productu...ntent/opuc.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as/asinst.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.co...777.7013310185
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/tech...a/SymAData.dll
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/tech...ActiveData.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/is...77/mcfscan.cab
Register for free to hide this ad!
dvk01's Avatar
Moderator with 29,397 posts.
  
Join Date: Dec 2002
Location: Loughton, Essex, UK
21-Aug-2003, 02:57 PM #2
I can see no sign of the Kwbot worm running in your log, how do you Know you have it?


More info about the worm here
http://securityresponse.symantec.com...ot.f.worm.html
bmxgj's Avatar
Member with 90 posts.
  
Join Date: Jun 2003
21-Aug-2003, 04:00 PM #3
because i ran an online norton scan and these were my results

C:\System Volume Information\_restore{5B942C52-3EC6-4393-ADAF-2DA421A20CCE}\RP48\A0009766.exe is infected with Backdoor.Sdbot
C:\System Volume Information\_restore{5B942C52-3EC6-4393-ADAF-2DA421A20CCE}\RP48\A0009777.exe is infected with W32.Kwbot.F.Worm
C:\System Volume Information\_restore{5B942C52-3EC6-4393-ADAF-2DA421A20CCE}\RP48\A0009778.exe is infected with W32.Kwbot.F.Worm
C:\System Volume Information\_restore{5B942C52-3EC6-4393-ADAF-2DA421A20CCE}\RP48\A0009779.exe is infected with W32.Kwbot.F.Worm
C:\System Volume Information\_restore{5B942C52-3EC6-4393-ADAF-2DA421A20CCE}\RP48\A0009780.exe is infected with W32.Kwbot.F.Worm
C:\System Volume Information\_restore{5B942C52-3EC6-4393-ADAF-2DA421A20CCE}\RP48\A0009781.exe is infected with W32.Kwbot.F.Worm
C:\System Volume Information\_restore{5B942C52-3EC6-4393-ADAF-2DA421A20CCE}\RP48\A0009782.exe is infected with W32.Kwbot.F.Worm
C:\System Volume Information\_restore{5B942C52-3EC6-4393-ADAF-2DA421A20CCE}\RP48\A0009783.exe is infected with W32.Kwbot.F.Worm
C:\System Volume Information\_restore{5B942C52-3EC6-4393-ADAF-2DA421A20CCE}\RP48\A0009784.exe is infected with W32.Kwbot.F.Worm
C:\System Volume Information\_restore{5B942C52-3EC6-4393-ADAF-2DA421A20CCE}\RP48\A0009785.exe is infected with W32.Kwbot.F.Worm
C:\System Volume Information\_restore{5B942C52-3EC6-4393-ADAF-2DA421A20CCE}\RP48\A0009786.exe is infected with W32.Kwbot.F.Worm
C:\System Volume Information\_restore{5B942C52-3EC6-4393-ADAF-2DA421A20CCE}\RP48\A0009787.exe is infected with W32.Kwbot.F.Worm
C:\System Volume Information\_restore{5B942C52-3EC6-4393-ADAF-2DA421A20CCE}\RP48\A0009788.exe is infected with W32.Kwbot.F.Worm
C:\System Volume Information\_restore{5B942C52-3EC6-4393-ADAF-2DA421A20CCE}\RP48\A0009789.exe is infected with W32.Kwbot.F.Worm
C:\System Volume Information\_restore{5B942C52-3EC6-4393-ADAF-2DA421A20CCE}\RP48\A0009790.exe is infected with W32.Kwbot.F.Worm
C:\System Volume Information\_restore{5B942C52-3EC6-4393-ADAF-2DA421A20CCE}\RP48\A0009791.exe is infected with W32.Kwbot.F.Worm
C:\System Volume Information\_restore{5B942C52-3EC6-4393-ADAF-2DA421A20CCE}\RP48\A0009792.exe is infected with W32.Kwbot.F.Worm
C:\System Volume Information\_restore{5B942C52-3EC6-4393-ADAF-2DA421A20CCE}\RP48\A0009793.exe is infected with W32.Kwbot.F.Worm
C:\System Volume Information\_restore{5B942C52-3EC6-4393-ADAF-2DA421A20CCE}\RP48\A0009794.exe is infected with W32.Kwbot.F.Worm
C:\System Volume Information\_restore{5B942C52-3EC6-4393-ADAF-2DA421A20CCE}\RP48\A0009795.exe is infected with W32.Kwbot.F.Worm
C:\System Volume Information\_restore{5B942C52-3EC6-4393-ADAF-2DA421A20CCE}\RP48\A0009796.exe is infected with W32.Kwbot.F.Worm
C:\System Volume Information\_restore{5B942C52-3EC6-4393-ADAF-2DA421A20CCE}\RP48\A0009797.exe is infected with W32.Kwbot.F.Worm
C:\System Volume Information\_restore{5B942C52-3EC6-4393-ADAF-2DA421A20CCE}\RP48\A0009798.exe is infected with W32.Kwbot.F.Worm
C:\System Volume Information\_restore{5B942C52-3EC6-4393-ADAF-2DA421A20CCE}\RP48\A0009799.exe is infected with W32.Kwbot.F.Worm
C:\System Volume Information\_restore{5B942C52-3EC6-4393-ADAF-2DA421A20CCE}\RP48\A0009800.exe is infected with W32.Kwbot.F.Worm
C:\System Volume Information\_restore{5B942C52-3EC6-4393-ADAF-2DA421A20CCE}\RP48\A0009801.exe is infected with W32.Kwbot.F.Worm
C:\System Volume Information\_restore{5B942C52-3EC6-4393-ADAF-2DA421A20CCE}\RP48\A0009802.exe is infected with W32.Kwbot.F.Worm
C:\System Volume Information\_restore{5B942C52-3EC6-4393-ADAF-2DA421A20CCE}\RP48\A0009803.exe is infected with W32.Kwbot.F.Worm
C:\System Volume Information\_restore{5B942C52-3EC6-4393-ADAF-2DA421A20CCE}\RP48\A0009804.exe is infected with W32.Kwbot.F.Worm
C:\System Volume Information\_restore{5B942C52-3EC6-4393-ADAF-2DA421A20CCE}\RP48\A0009805.exe is infected with W32.Kwbot.F.Worm
C:\System Volume Information\_restore{5B942C52-3EC6-4393-ADAF-2DA421A20CCE}\RP48\A0009806.exe is infected with W32.Kwbot.F.Worm
C:\System Volume Information\_restore{5B942C52-3EC6-4393-ADAF-2DA421A20CCE}\RP48\A0009807.exe is infected with W32.Kwbot.F.Worm
C:\System Volume Information\_restore{5B942C52-3EC6-4393-ADAF-2DA421A20CCE}\RP48\A0009808.exe is infected with W32.Kwbot.F.Worm
C:\System Volume Information\_restore{5B942C52-3EC6-4393-ADAF-2DA421A20CCE}\RP48\A0009809.exe is infected with W32.Kwbot.F.Worm
C:\System Volume Information\_restore{5B942C52-3EC6-4393-ADAF-2DA421A20CCE}\RP48\A0009810.exe is infected with W32.Kwbot.F.Worm
C:\System Volume Information\_restore{5B942C52-3EC6-4393-ADAF-2DA421A20CCE}\RP48\A0009811.exe is infected with W32.Kwbot.F.Worm
C:\System Volume Information\_restore{5B942C52-3EC6-4393-ADAF-2DA421A20CCE}\RP48\A0009812.exe is infected with W32.Kwbot.F.Worm
C:\System Volume Information\_restore{5B942C52-3EC6-4393-ADAF-2DA421A20CCE}\RP48\A0009813.exe is infected with W32.Kwbot.F.Worm
C:\System Volume Information\_restore{5B942C52-3EC6-4393-ADAF-2DA421A20CCE}\RP48\A0009814.exe is infected with W32.Kwbot.F.Worm
C:\System Volume Information\_restore{5B942C52-3EC6-4393-ADAF-2DA421A20CCE}\RP48\A0009815.exe is infected with W32.Kwbot.F.Worm
C:\System Volume Information\_restore{5B942C52-3EC6-4393-ADAF-2DA421A20CCE}\RP48\A0009816.exe is infected with W32.Kwbot.F.Worm
C:\System Volume Information\_restore{5B942C52-3EC6-4393-ADAF-2DA421A20CCE}\RP48\A0009817.exe is infected with W32.Kwbot.F.Worm
C:\System Volume Information\_restore{5B942C52-3EC6-4393-ADAF-2DA421A20CCE}\RP48\A0009818.exe is infected with W32.Kwbot.F.Worm
C:\System Volume Information\_restore{5B942C52-3EC6-4393-ADAF-2DA421A20CCE}\RP48\A0009819.exe is infected with W32.Kwbot.F.Worm
C:\System Volume Information\_restore{5B942C52-3EC6-4393-ADAF-2DA421A20CCE}\RP48\A0009820.exe is infected with W32.Kwbot.F.Worm
C:\System Volume Information\_restore{5B942C52-3EC6-4393-ADAF-2DA421A20CCE}\RP48\A0009821.exe is infected with W32.Kwbot.F.Worm
C:\System Volume Information\_restore{5B942C52-3EC6-4393-ADAF-2DA421A20CCE}\RP48\A0009822.exe is infected with W32.Kwbot.F.Worm
C:\System Volume Information\_restore{5B942C52-3EC6-4393-ADAF-2DA421A20CCE}\RP48\A0009823.exe is infected with W32.Kwbot.F.Worm
C:\System Volume Information\_restore{5B942C52-3EC6-4393-ADAF-2DA421A20CCE}\RP48\A0009824.exe is infected with W32.Kwbot.F.Worm
C:\System Volume Information\_restore{5B942C52-3EC6-4393-ADAF-2DA421A20CCE}\RP48\A0009825.exe is infected with W32.Kwbot.F.Worm
C:\System Volume Information\_restore{5B942C52-3EC6-4393-ADAF-2DA421A20CCE}\RP48\A0009826.exe is infected with W32.Kwbot.F.Worm
C:\System Volume Information\_restore{5B942C52-3EC6-4393-ADAF-2DA421A20CCE}\RP48\A0009827.exe is infected with W32.Kwbot.F.Worm
C:\System Volume Information\_restore{5B942C52-3EC6-4393-ADAF-2DA421A20CCE}\RP48\A0009828.exe is infected with W32.Kwbot.F.Worm
C:\System Volume Information\_restore{5B942C52-3EC6-4393-ADAF-2DA421A20CCE}\RP48\A0009829.exe is infected with W32.Kwbot.F.Worm
C:\System Volume Information\_restore{5B942C52-3EC6-4393-ADAF-2DA421A20CCE}\RP48\A0009830.exe is infected with W32.Kwbot.F.Worm
C:\System Volume Information\_restore{5B942C52-3EC6-4393-ADAF-2DA421A20CCE}\RP48\A0009831.exe is infected with W32.Kwbot.F.Worm
C:\System Volume Information\_restore{5B942C52-3EC6-4393-ADAF-2DA421A20CCE}\RP48\A0009832.exe is infected with W32.Kwbot.F.Worm
C:\System Volume Information\_restore{5B942C52-3EC6-4393-ADAF-2DA421A20CCE}\RP48\A0009833.exe is infected with W32.Kwbot.F.Worm
C:\System Volume Information\_restore{5B942C52-3EC6-4393-ADAF-2DA421A20CCE}\RP48\A0009834.exe is infected with W32.Kwbot.F.Worm
C:\System Volume Information\_restore{5B942C52-3EC6-4393-ADAF-2DA421A20CCE}\RP48\A0009835.exe is infected with W32.Kwbot.F.Worm
C:\System Volume Information\_restore{5B942C52-3EC6-4393-ADAF-2DA421A20CCE}\RP48\A0009836.exe is infected with W32.Kwbot.F.Worm
C:\System Volume Information\_restore{5B942C52-3EC6-4393-ADAF-2DA421A20CCE}\RP48\A0009837.exe is infected with W32.Kwbot.F.Worm
C:\System Volume Information\_restore{5B942C52-3EC6-4393-ADAF-2DA421A20CCE}\RP48\A0009838.exe is infected with W32.Kwbot.F.Worm
C:\System Volume Information\_restore{5B942C52-3EC6-4393-ADAF-2DA421A20CCE}\RP48\A0009839.exe is infected with W32.Kwbot.F.Worm
C:\System Volume Information\_restore{5B942C52-3EC6-4393-ADAF-2DA421A20CCE}\RP48\A0009840.exe is infected with W32.Kwbot.F.Worm
C:\System Volume Information\_restore{5B942C52-3EC6-4393-ADAF-2DA421A20CCE}\RP48\A0009841.exe is infected with W32.Kwbot.F.Worm
C:\System Volume Information\_restore{5B942C52-3EC6-4393-ADAF-2DA421A20CCE}\RP48\A0009842.exe is infected with W32.Kwbot.F.Worm
C:\System Volume Information\_restore{5B942C52-3EC6-4393-ADAF-2DA421A20CCE}\RP48\A0009843.exe is infected with W32.Kwbot.F.Worm
C:\System Volume Information\_restore{5B942C52-3EC6-4393-ADAF-2DA421A20CCE}\RP48\A0009844.exe is infected with W32.Kwbot.F.Worm
C:\System Volume Information\_restore{5B942C52-3EC6-4393-ADAF-2DA421A20CCE}\RP48\A0009845.exe is infected with W32.Kwbot.F.Worm
C:\System Volume Information\_restore{5B942C52-3EC6-4393-ADAF-2DA421A20CCE}\RP48\A0009846.exe is infected with W32.Kwbot.F.Worm
C:\System Volume Information\_restore{5B942C52-3EC6-4393-ADAF-2DA421A20CCE}\RP48\A0009847.exe is infected with W32.Kwbot.F.Worm
C:\System Volume Information\_restore{5B942C52-3EC6-4393-ADAF-2DA421A20CCE}\RP48\A0009848.exe is infected with W32.Kwbot.F.Worm
C:\System Volume Information\_restore{5B942C52-3EC6-4393-ADAF-2DA421A20CCE}\RP48\A0009849.exe is infected with W32.Kwbot.F.Worm
C:\System Volume Information\_restore{5B942C52-3EC6-4393-ADAF-2DA421A20CCE}\RP48\A0009850.exe is infected with W32.Kwbot.F.Worm
C:\System Volume Information\_restore{5B942C52-3EC6-4393-ADAF-2DA421A20CCE}\RP48\A0009851.exe is infected with W32.Kwbot.F.Worm
C:\System Volume Information\_restore{5B942C52-3EC6-4393-ADAF-2DA421A20CCE}\RP48\A0009852.exe is infected with W32.Kwbot.F.Worm
C:\System Volume Information\_restore{5B942C52-3EC6-4393-ADAF-2DA421A20CCE}\RP48\A0009853.exe is infected with W32.Kwbot.F.Worm
C:\System Volume Information\_restore{5B942C52-3EC6-4393-ADAF-2DA421A20CCE}\RP48\A0009854.exe is infected with W32.Kwbot.F.Worm
C:\System Volume Information\_restore{5B942C52-3EC6-4393-ADAF-2DA421A20CCE}\RP48\A0009855.exe is infected with W32.Kwbot.F.Worm
C:\System Volume Information\_restore{5B942C52-3EC6-4393-ADAF-2DA421A20CCE}\RP48\A0009856.exe is infected with W32.Kwbot.F.Worm
C:\System Volume Information\_restore{5B942C52-3EC6-4393-ADAF-2DA421A20CCE}\RP48\A0009857.exe is infected with W32.Kwbot.F.Worm
C:\System Volume Information\_restore{5B942C52-3EC6-4393-ADAF-2DA421A20CCE}\RP48\A0009858.exe is infected with W32.Kwbot.F.Worm
C:\System Volume Information\_restore{5B942C52-3EC6-4393-ADAF-2DA421A20CCE}\RP48\A0009859.exe is infected with W32.Kwbot.F.Worm
C:\System Volume Information\_restore{5B942C52-3EC6-4393-ADAF-2DA421A20CCE}\RP48\A0009860.exe is infected with W32.Kwbot.F.Worm
dvk01's Avatar
Moderator with 29,397 posts.
  
Join Date: Dec 2002
Location: Loughton, Essex, UK
21-Aug-2003, 04:12 PM #4
Ok they are in your restore folder

follow instructions here to disable restore, do a full scan then when clean re-enable restore

you will lose all previous restore points but it's the only way to clean them out. NO antivirus can clean the system restore folder

http://service1.symantec.com/SUPPORT...01111912274039
__________________
Derek Microsoft MVP/Windows - Security | Thespykiller | Security & Privacy
I am helping you, please help me by donating to help keep the Hedgehog Rescue Centre running
bmxgj's Avatar
Member with 90 posts.
  
Join Date: Jun 2003
24-Aug-2003, 12:37 AM #5
could i delete these files manually
bmxgj's Avatar
Member with 90 posts.
  
Join Date: Jun 2003
24-Aug-2003, 10:14 AM #6
or would it mess up the system restore..
dvk01's Avatar
Moderator with 29,397 posts.
  
Join Date: Dec 2002
Location: Loughton, Essex, UK
24-Aug-2003, 11:25 AM #7
You cannot delete or remove individual files in system restore safely


The idea of system restore is a safe secure folder that cannot be altered in any way except by the system restore application itself either adding a new restore point or restoring from those points

you can only delete the entire restore folder in the way described in the symantec link
__________________
Derek Microsoft MVP/Windows - Security | Thespykiller | Security & Privacy
I am helping you, please help me by donating to help keep the Hedgehog Rescue Centre running
Email  Print  Favorites  | More
Closed Thread

THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy


« Previous Thread | Windows XP | Next Thread »

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
WELCOME TO TECH SUPPORT GUY! Are you looking for the solution to your computer problem? Join our site today to ask your question -- for free! Our site is run completely by volunteers who want to help you solve your computer problems. See our Welcome Guide to get started.



Twitter Twitter! | TechGuy.TV | Mobile | Advertise
Contact Us - HelpOnThe.Net - Archive - Terms of Service - Top
You Are Using:
Server ID
Advertisements do not imply our endorsement of that product or service.
All times are GMT -4. The time now is 11:16 PM.
Copyright © 1996 - 2010 TechGuy, Inc. All rights reserved.

 Powered by Cermak Technologies, Inc.