Home

10 Nov, 2008

Sircam virus

Posted In: Hot Topics

share this

  • Technorati
  • del.icio.us
  • StumbleUpon

Because the sircam virus can spread through shared network drives, you should first disconnect your computer from any local area network.

You can download and run the automatic cleaning tool for SIRCAM, or follow the directions below to manually remove it.

  1. First, rename REGEDIT.EXE to REGEDIT.COM. If you want to use the fix tool, there is no need to rename the file
  2. Click Start, Run, type REGEDIT and then press Enter.
  3. In the left panel, click the (+) left of each of the below:
    HKEY_LOCAL_MACHINE
    Software
    Microsoft
    Windows
    CurrentVersion
    RunServices
  4. In the right panel, look for and then delete the registry value called Driver32.
  5. In the left panel, click the (+) left of each of the below:
    HKEY_LOCAL_MACHINE
    Software
    SirCam
  6. Click SirCam and then press the Delete key.
  7. In the left panel, click the (+) left of each of the below:
    HKEY_CLASSES_ROOT
    exefile
    shell
    open
    command
  8. In the right panel, right-click the (Default) value, then choose Modify.
  9. Change “C:\Recycled\SirC32.exe””%1”%* to “%1” %*. In other words, remove “C:\Recycled\SirC32.exe”.

Remove the dropped files:

  1. Open an MS-DOS box or Command Prompt
  2. Go to the System directory (C:\Windows\System or C:\Winnt\System32).
  3. Type ATTRIB -S -H -R SCAM32.EXE to unhide the Trojan file.
  4. Type DEL SCAM32.EXE to delete the Trojan file.
  5. Go to the Recycled folder (C:\Recycled folder)

Note: Emptying the recycle bin does not effectively delete the dropped Trojan files in the folder. It is suggested that the command prompt be used when deleting the dropped files.

  1. Type ATTRIB -S -H -R SIRC32.EXE.
  2. Type DEL SIRC32.EXE to delete the Trojan file.

Remove the Worm reference from AUTOEXEC.BAT:

  1. Look for the AUTOEXEC.BAT file.
  2. Search and remove the string "@win \recycled\Sirc32.exe"

Restore your RUNDLL32.EXE:

  1. Search for RUN32.EXE in your WINDOWS folder. If not found, then the worm did not overwrite your RUNDLL32.EXE.
  2. If found, delete RUNDLL32.EXE and rename RUN32.EXE to RUNDLL32.EXE.
  3. Restart your system

Note: If you found the worm entry in the AUTOEXEC.BAT file or if you found the RUN32.EXE file in the Windows directory, this means that other computers in your network are also infected. For protection, minimize giving full access to your drives and as much as possible DO NOT share your Windows and System folder.

Tags:
  • Digg
  • Reddit
  • del.icio.us
  • StumbleUpon
  • TwitThis
  • E-mail this story to a friend!

No Responses to "Sircam virus"

Subscribe to Comment follow up

Comment Form

Spam protection: Sum of 2 + 7 ?

Trackbacks

Site Structure

  • (Please don't forget to 'Activate' the email subscription from your Inbox!)

  • Increase IE speed
  • Wikipedia going to hit 3 million Articles | 2009
  • How to change the Registered Name and Company in the System Properties dialog Box?
  • Creating Emergency Boot up Rescue Disk
  • Problem on Opening a folder via Right-Clicking
  • Shop Smart Buy or Sell Shopping Products Smartly | Teach Shopping to Children
  • Windows XP Problem | System will close after a countdown of 50 Seconds



    • Hot Discussion is proudly powered by WordPress

    e Hot Discussion | Brings you the Hot Topics

    No future events scheduled.

    Follow me on Twitter