Update: Manually Extracting Worms

 Here are some tips for manually removing the Sobig.F worm, from Global Hauri, which sells something called a ViRobot Expert to filter unwanted emails caused by this virus (sorry, I haven’t tidied up the somewhat eccentric language):
 
 
To repair the virus, install anti-virus software and update to the latest definitions. Once the antivirus update is complete, scan the whole HDD to remove the Sobig.F virus. It is possible to remove the virus manually by searching the virus on the system. Here are the steps to get rid of the critical file called “win32ppr.exe” from infected
systems:
 
1.  Unplug from the network out of your computer.
2.  Boot the computer, then hit F8 Function key above numeric key until it goes through options to choose ‘safe mode’
3.  Wait until boot process completed with ‘safe mode’
4.  Open Task Manager to press simultaneously three keys (Ctrl+Alt+Del) and select ‘Process’ tab.
5.  Find and Highlight ‘winppr32.exe’ from Process tab.
6.  To kill ‘winppr32.exe,’ click ‘End Process’ button in the bottom of Process tab window.
7.  Go to ‘Start’ at button lower left corner of Microsoft Window, select ‘Search’ button.  (It looks slightly different from OS versions between NT, Win2000, and XP)  Choose ‘All files and Folders’ and type ‘winppr32.exe’, and then search it thru the entire Hard Disk Drive.  (If you have more then one Hard Disk Drive, select both)
8.  Delete all ‘winppr32.exe’ from the search window.
9.  Reboot in normal mode and plug to the network (It will not reboot itself since deleting all ‘msblast.exe.)
10. Install Anti-Virus and update the latest anti-virus definition.

21. August 2003 by jeremy
Categories: Uncategorized | Tags: , , , , , , , , , , , , , | Comments Off on Update: Manually Extracting Worms