| Computing.Net: Over 1,000,000 posts about all things technology related! Over 90% answered within 24 hours! Click here to sign up now, it's free! |
Worm.Korgo in Reg
|
Original Message
|
Name: stingrae
Date: February 10, 2005 at 06:51:46 Pacific
Subject: Worm.Korgo in RegOS: XP home SP 2CPU/Ram: Pent 4/1.7ghz/128mb |
Comment: I've got TDS-3 Professional and it has detected the Worm.Korgo in my Registry, i.e., HKEY_Local_MAchine\Software\Microsoft\Windows\CurrentVersion\Run[Update Service=winu32.exe].
The 'winu32.exe' is the infected regvalue.
Now I've tried all sorts of removal tools, Stinger, FixKorgo, AVG and some others, but they don't detect it.
So can I just delete the entry 'winu32.exe' which would mean deleting the "update service". ? If I create a restore point and then delete that value, could it be restored later? or would it be deleted permanently?
Thanks.
Report Offensive Message For Removal
|
|
Response Number 1
|
Name: Wombat
Date: February 10, 2005 at 11:17:56 Pacific
|
Reply: (edit)Go here and read the instructions... http://www.bitdefender.com/html/virusinfo.php?menu_id=1&v_id=276 Modo vincis modo vinceris
 Report Offensive Follow Up For Removal
|
|
Response Number 2
|
Name: OrionCA
Date: February 14, 2005 at 15:38:13 Pacific
|
Reply: (edit)What may have happened is that the removal tools sometimes overlook *one* trace even though they kill the main process and program files. As long as that trace exists the AVGs will detect it, though. If you back up your registry before you delete this you won't risk anything. If you delete it, everything works, and the entry doesn't reappear you're most likely OK. Rerun your AVG and see if it still detects the virus.
Report Offensive Follow Up For Removal
|
Post Locked
This post is quite old and has been locked from receiving new replies. Please create a new posting instead.
Go to Security and Virus Forum Home
