Go Back   Computer Forums > General Computing > Cyber Safety and Computer Security
Click Here to Login
Join Computer forums Today


Reply
 
Thread Tools Search this Thread Display Modes
 
Old 05-18-2005, 12:17 PM   #1
Baseband Member
 
Join Date: Feb 2005
Posts: 32
Default Virus Alert!

Hi guys,

i got a virus last night by surfing in the internet. After hard fights i couldnt beat it... so i formated c:\ ... but after reinstall of windows i got the same virus again without surfing in the internet. I connected to the internet, started starcraft and forgot to start ZoneAlarm -.- ... so i got it again ... its name ist W32/Wallz ... can u tell me how to remove it permanently ... thx

Cya
__________________

Lizard is offline   Reply With Quote
Old 05-18-2005, 01:22 PM   #2
Baseband Member
 
Join Date: Feb 2005
Posts: 32
Default Re: Virus Alert!

kk guys i got it no need for help anymore ^^
__________________

Lizard is offline   Reply With Quote
Old 05-18-2005, 01:24 PM   #3
Baseband Member
 
AdamAE's Avatar
 
Join Date: May 2005
Posts: 55
Default Re: Virus Alert!

Quote:
Originally Posted by Lizard
Hi guys,

i got a virus last night by surfing in the internet. After hard fights i couldnt beat it... so i formated c:\ ... but after reinstall of windows i got the same virus again without surfing in the internet. I connected to the internet, started starcraft and forgot to start ZoneAlarm -.- ... so i got it again ... its name ist W32/Wallz ... can u tell me how to remove it permanently ... thx

Cya
Hi There

W32.Wallz was discovered on: February 07, 2005.

W32.Wallz is a worm that attempts to exploit the Microsoft Windows Local Security Authority Service Remote Buffer Overflow (described in Microsoft Security Bulletin MS04-011). The worm spreads by randomly scanning IP addresses for computers vulnerable to this threat.

Also Known As:
Net-Worm.Win32.Small.b [Kaspersky Lab]

Type:
Worm

Infection Length:
6,578 bytes

Systems Affected:
Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP

When W32.Wallz is executed, it performs the following actions:

Creates a copy of itself as %System%\winpnp32.exe.

Note: %System% is a variable that refers to the System folder. By default this is C:\Windows\System (Windows 95/98/Me), C:\Winnt\System32 (Windows NT/2000), or C:\Windows\System32 (Windows XP).

Creates a service with the following properties:

Service Name: winpnp32
Display Name: Windows 32-bit PnP Driver
Image Path: %System%\winpnp32.exe
Startup type: Automatic

Creates the following registry subkeys:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\R oot\LEGACY_WINPNP32
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\winpnp32

to run itself as a service.


Adds the value:
"EnableDCOM" = "Y"

to the registry subkey:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole

to enable DCOM.

Adds the value:
"restrictanonymous" = "dword:00000001"

to the registry subkey:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\Lsa

to restrict anonymous access to network shares.

Creates the following file, which is not malicious:
%Windir%\Debug\dcpromo.log

Note: %Windir% is a variable that refers to the Windows installation folder. By default, this is C:\Windows or C:\Winnt.

Scans random IP addresses for vulnerable computers, and attempts to exploit the Microsoft Windows Local Security Authority Service Remote Buffer Overflow (described in Microsoft Security Bulletin MS04-011). using TCP port 445. If the worm successfully exploits this vulnerability on a remote computer, it will send shellcode that creates and runs a copy of the worm on the remote computer.

Connects to an IRC server on the owjgp.game2max.net domain to log the IP address of each successfully exploited computer.



The following instructions pertain to all current and recent Symantec antivirus products, including the Symantec AntiVirus and Norton AntiVirus product lines.

HOW TO KILL IT:
~~~~~~~~~~

1) Install Norton AntiVirus 2002 or higher http://www.symantec.com
2) Disable System Restore (Windows Me/XP).
3) Update the virus definitions.
4) Run a full system scan and delete all the files detected as W32.Wallz.
Delete the value that was added to the registry.

That should do the trick !.
__________________
AdamAE
AdamAE is offline   Reply With Quote
Old 07-05-2005, 01:09 PM   #4
Beta Member
 
Join Date: Jul 2005
Posts: 1
Default same problem

I have the same virus. W32.Wallz , however, the steps listed above dont seem to work. I ran Norton Live update, tells me im as up-to-date as I can be. I run scan...it finds it, but can not delete it. Once it finishes, it states that I still have a Virus on my computer. I run regedit, but none of the reg entries that im supposed to delete are there. Possible they are there under different names than the ones listed?
Stratblues24 is offline   Reply With Quote
Old 07-05-2005, 04:18 PM   #5
Fully Optimized
 
technoman's Avatar
 
Join Date: Dec 2004
Posts: 3,382
Default Re: Virus Alert!

just download AVG free
__________________
~~~ tEcHnOmAn ~~~
technoman is offline   Reply With Quote
Old 07-07-2005, 08:56 AM   #6
Daemon Poster
 
RewtGuy's Avatar
 
Join Date: Dec 2004
Posts: 595
Send a message via AIM to RewtGuy
Default Re: Virus Alert!

No AVG is very costly, not to you, but at your system's expence... doesn't preform as well as Nortons. Why try to be frugal and risk havin' your system compromised?
__________________
Windows: A thirty-two bit extension and GUI shell to a sixteen bit patch to an eight bit operating system originally coded for a four bit microprocessor and sold by a two-bit company that can't stand one bit of competition.
RewtGuy is offline   Reply With Quote
Old 07-07-2005, 09:36 AM   #7
Solid State Member
 
hellop's Avatar
 
Join Date: Jul 2005
Posts: 9
Default Re: Virus Alert!

here's a website that might help
http://www.pandasoftware.com/home/default.asp
the company is called panda and you can find it on lime wire or any p2p sever, or you can download the trail verison for free. Then go to lime wire and download the full verison and scan it with the trial one.
hellop is offline   Reply With Quote
Old 07-09-2005, 10:24 AM   #8
Fully Optimized
 
technoman's Avatar
 
Join Date: Dec 2004
Posts: 3,382
Default Re: Virus Alert!

Quote:
Originally Posted by RewtGuy
No AVG is very costly
no mate AVG has a free version!
__________________
~~~ tEcHnOmAn ~~~
technoman is offline   Reply With Quote
Old 07-11-2005, 10:47 PM   #9
In Runtime
 
extendcradle's Avatar
 
Join Date: Jul 2005
Posts: 276
Default Re: Virus Alert!

AVG is good but McAfee is not a bad investment. Since comparison is odd but sometimes we can't avoid it, I am much happy using McAfee than Norton.
extendcradle is offline   Reply With Quote
Old 07-12-2005, 07:30 AM   #10
Fully Optimized
 
technoman's Avatar
 
Join Date: Dec 2004
Posts: 3,382
Default Re: Virus Alert!

i think Norton is much better they protect my new college
__________________

__________________
~~~ tEcHnOmAn ~~~
technoman is offline   Reply With Quote
Reply

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off



All times are GMT -5. The time now is 12:53 PM.


Powered by vBulletin® Version 3.8.8 Beta 4
Copyright ©2000 - 2017, vBulletin Solutions, Inc.
Search Engine Friendly URLs by vBSEO 3.6.0