Computer virus

[drlucian]

I picked up a worm on my most-used computer, a Toshiba notebook, the other day.
Apparently got infected while I was on dial-up, which I very rarely use.
After much hassles, microsoft antispy beta1 identified it as the Korgo worm (a kind of virus). Another scan with Norton antivirus identified Spybot worm. Not certain if these are separate viruses or the same thing with different names.

I'm not using that computer while I try to clean it, I am close to just formating and re-installing system.

Computer started acting strange, pop-up ads every few seconds, it would open dozens in a hour. "intellifind" toolbar added, yahoo companion disabled by the worm. It would terminate downloads of antispyware and antivirus software.
Zonealarm started using 100% of the system resources due to the virus, making everything else not work. This is a 2.6 MHz Pentium IV with 750 MB Ram.

Adaware, PestPatrol, Spybot and Microsoft antispy beta have so far been unable to clean it. Apparently it hides in the buffer (?) so that the anti-spy programs remove it from the usual locations but it reappears again after a little.

Worst of all the computer was communicating, sending large amounts of data out to unknown places (according to network connections monitor).

According to information I found on the web, the worm connects to certain IRC channels where it listens for remote instruction to commit further mischief.

I used to laugh when I heard about computer-virus related problems but now I'm in favor of capitol punishment for whoever invented this. No real irreversible damage that I know of, but I have spent about twenty hours trying to clean system with no success so far.

 

[Monty]

Dude, that sucks. Have you checked Norton's website? Often they will offer special tools for specific viruses. You can download the tool and then it will run specifically for that virus, even if it's hiding out in a funky place. See if you can find one of those and download it to a floppy (on another system) them move it over and let 'er rip.

I feel your pain dawg, that sux.

Keep us updated and hopefully we'll come accross someone that can help out.

Monty



<!--EDIT|Monty
Reason for Edit: None given...|1108771173 -->

 

[nitrousjunkie]

Thats unusual, usually Zone alarm catches everthing! Sorry dude! Reformat time.

 

[busahaya]

You could also try pandasoftware free online virus scanner, It not only sniffs out virus, trojan horses etc., but it fetches out spyware. Hope that works out for ya bro.

 

[rubbersidedown]

B4 spending too much more time or $ on it....

wait for a little help....Thrasherfox or 1 of the other pc guru's.

Next time....wear a condom.... hav a virus-free 1...RSD.

 

[Hackabusa]

looks like symantec has a removal tool for korgo, depending on the variant, worth a shot.  You could also try to look around the registry for entries for korgo(also found at symantec), but very carefully



<!--EDIT|Hackabusa
Reason for Edit: None given...|1108778572 -->

 

[jwcfbd]

that sucks hope you get rid of it soon.

 

[warbrown]

I always have good luck with Webroot's Spysweeper (http://www.webroot.com)

Download the 30 day trial, install and update the definitions. Run it once and let it quarantine what it finds, then reboot into Safe Mode and run it again just in case it couldn't remove some in normal mode. (press the F8 key right after the initial selt test screens and before Windows starts loading)

Also, you may want to download a program called Hijack This to clean up the startup entries, browser plugins etc. This tool is great for cleaning out the junk, but more for the advanced user.

For the viruses, try the Mcafee Stinger removal tool, or the virus specific removal tool on Norton's website.

Hope this helps!

 

[IL_BusaBoy]

looks like symantec has a removal tool for korgo, depending on the variant, worth a shot. You could also try to look around the registry for entries for korgo(also found at symantec), but very carefully

Be careful when messing around the registry. But, since you're already entertaining the idea of reformatting, that is probably what I would do. Unless you have priceless info on your hard drive, which is probably a mistake in the first place. Good luck.

 

[shenoyp]

check out the norton website... they have worm removal tools on their site!

 

[atticdog]

I use Nod32

 

[drlucian]

Ran Norton Antivirus scan for the second time last night (six hours). Virus showed up again after having been previously cleaned on prior scans. Deleted and rebooted; the pop-up started coming every few seconds again.

I copied all my data files to an external USB2 hard drive and I am restoring the system to default with the recovery DVD.

Can someone please recommend a safe way to verify that my data files from the affected computer are virus free and can be used after recovery without re-infecting the system?



<!--EDIT|drlucian
Reason for Edit: None given...|1108825432 -->

 

[Wag]

I second the motion of booting Windows in Safe Mode and then running all the scanners for it.

If you copy your data files to another drive you should be okay. Hackabusa's recommendation on the removal tool should be helpful too. http://securityresponse.symantec.com/avcenter/venc/data/w32.korgo.removal.tool.html

Good luck. And I completely agree with you: People who write that crap should be skinned alive, very slowly.

--Wag--

 

[atticdog]

make sure you turn off system rerstore and it will delete all restore points that can contain the worm

 

[drlucian]

I got the Korgo removal tool suggested above; it doesn't work. The virus hides somewhere in the memory and is reinstalled after the system is supposedly cleaned.

In hindsight it would've been smarter to re-install the system from the beginning instead of fooling around with recovery attempts for five days.