Go Back   Computer Forums > General Computing > Cyber Safety and Computer Security
Click Here to Login
Join Computer forums Today


Reply
 
Thread Tools Search this Thread Display Modes
 
Old 05-18-2005, 11:17 AM   #1
Baseband Member
 
Join Date: Feb 2005
Posts: 32
Default Virus Alert!

Hi guys,

i got a virus last night by surfing in the internet. After hard fights i couldnt beat it... so i formated c:\ ... but after reinstall of windows i got the same virus again without surfing in the internet. I connected to the internet, started starcraft and forgot to start ZoneAlarm -.- ... so i got it again ... its name ist W32/Wallz ... can u tell me how to remove it permanently ... thx

Cya
__________________

__________________
Lizard is offline   Reply With Quote
Old 05-18-2005, 12:22 PM   #2
Baseband Member
 
Join Date: Feb 2005
Posts: 32
Default Re: Virus Alert!

kk guys i got it no need for help anymore ^^
__________________

__________________
Lizard is offline   Reply With Quote
Old 05-18-2005, 12:24 PM   #3
Baseband Member
 
AdamAE's Avatar
 
Join Date: May 2005
Posts: 55
Default Re: Virus Alert!

Quote:
Originally Posted by Lizard
Hi guys,

i got a virus last night by surfing in the internet. After hard fights i couldnt beat it... so i formated c:\ ... but after reinstall of windows i got the same virus again without surfing in the internet. I connected to the internet, started starcraft and forgot to start ZoneAlarm -.- ... so i got it again ... its name ist W32/Wallz ... can u tell me how to remove it permanently ... thx

Cya
Hi There

W32.Wallz was discovered on: February 07, 2005.

W32.Wallz is a worm that attempts to exploit the Microsoft Windows Local Security Authority Service Remote Buffer Overflow (described in Microsoft Security Bulletin MS04-011). The worm spreads by randomly scanning IP addresses for computers vulnerable to this threat.

Also Known As:
Net-Worm.Win32.Small.b [Kaspersky Lab]

Type:
Worm

Infection Length:
6,578 bytes

Systems Affected:
Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP

When W32.Wallz is executed, it performs the following actions:

Creates a copy of itself as %System%\winpnp32.exe.

Note: %System% is a variable that refers to the System folder. By default this is C:\Windows\System (Windows 95/98/Me), C:\Winnt\System32 (Windows NT/2000), or C:\Windows\System32 (Windows XP).

Creates a service with the following properties:

Service Name: winpnp32
Display Name: Windows 32-bit PnP Driver
Image Path: %System%\winpnp32.exe
Startup type: Automatic

Creates the following registry subkeys:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\R oot\LEGACY_WINPNP32
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\winpnp32

to run itself as a service.


Adds the value:
"EnableDCOM" = "Y"

to the registry subkey:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole

to enable DCOM.

Adds the value:
"restrictanonymous" = "dword:00000001"

to the registry subkey:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\Lsa

to restrict anonymous access to network shares.

Creates the following file, which is not malicious:
%Windir%\Debug\dcpromo.log

Note: %Windir% is a variable that refers to the Windows installation folder. By default, this is C:\Windows or C:\Winnt.

Scans random IP addresses for vulnerable computers, and attempts to exploit the Microsoft Windows Local Security Authority Service Remote Buffer Overflow (described in Microsoft Security Bulletin MS04-011). using TCP port 445. If the worm successfully exploits this vulnerability on a remote computer, it will send shellcode that creates and runs a copy of the worm on the remote computer.

Connects to an IRC server on the owjgp.game2max.net domain to log the IP address of each successfully exploited computer.



The following instructions pertain to all current and recent Symantec antivirus products, including the Symantec AntiVirus and Norton AntiVirus product lines.

HOW TO KILL IT:
~~~~~~~~~~

1) Install Norton AntiVirus 2002 or higher http://www.symantec.com
2) Disable System Restore (Windows Me/XP).
3) Update the virus definitions.
4) Run a full system scan and delete all the files detected as W32.Wallz.
Delete the value that was added to the registry.

That should do the trick !.
__________________
AdamAE
AdamAE is offline   Reply With Quote
Old 07-05-2005, 12:09 PM   #4
Beta Member
 
Join Date: Jul 2005
Posts: 1
Default same problem

I have the same virus. W32.Wallz , however, the steps listed above dont seem to work. I ran Norton Live update, tells me im as up-to-date as I can be. I run scan...it finds it, but can not delete it. Once it finishes, it states that I still have a Virus on my computer. I run regedit, but none of the reg entries that im supposed to delete are there. Possible they are there under different names than the ones listed?
__________________
Stratblues24 is offline   Reply With Quote
Old 07-05-2005, 03:18 PM   #5
Fully Optimized
 
technoman's Avatar
 
Join Date: Dec 2004
Posts: 3,382
Default Re: Virus Alert!

just download AVG free
__________________
~~~ tEcHnOmAn ~~~
technoman is offline   Reply With Quote
Old 07-07-2005, 07:56 AM   #6
Daemon Poster
 
RewtGuy's Avatar
 
Join Date: Dec 2004
Posts: 595
Send a message via AIM to RewtGuy
Default Re: Virus Alert!

No AVG is very costly, not to you, but at your system's expence... doesn't preform as well as Nortons. Why try to be frugal and risk havin' your system compromised?
__________________
Windows: A thirty-two bit extension and GUI shell to a sixteen bit patch to an eight bit operating system originally coded for a four bit microprocessor and sold by a two-bit company that can't stand one bit of competition.
RewtGuy is offline   Reply With Quote
Old 07-07-2005, 08:36 AM   #7
Solid State Member
 
hellop's Avatar
 
Join Date: Jul 2005
Posts: 9
Default Re: Virus Alert!

here's a website that might help
http://www.pandasoftware.com/home/default.asp
the company is called panda and you can find it on lime wire or any p2p sever, or you can download the trail verison for free. Then go to lime wire and download the full verison and scan it with the trial one.
__________________
hellop is offline   Reply With Quote
Old 07-09-2005, 09:24 AM   #8
Fully Optimized
 
technoman's Avatar
 
Join Date: Dec 2004
Posts: 3,382
Default Re: Virus Alert!

Quote:
Originally Posted by RewtGuy
No AVG is very costly
no mate AVG has a free version!
__________________
~~~ tEcHnOmAn ~~~
technoman is offline   Reply With Quote
Old 07-11-2005, 09:47 PM   #9
In Runtime
 
extendcradle's Avatar
 
Join Date: Jul 2005
Posts: 276
Default Re: Virus Alert!

AVG is good but McAfee is not a bad investment. Since comparison is odd but sometimes we can't avoid it, I am much happy using McAfee than Norton.
__________________
extendcradle is offline   Reply With Quote
Old 07-12-2005, 06:30 AM   #10
Fully Optimized
 
technoman's Avatar
 
Join Date: Dec 2004
Posts: 3,382
Default Re: Virus Alert!

i think Norton is much better they protect my new college
__________________
~~~ tEcHnOmAn ~~~
technoman is offline   Reply With Quote
Old 07-18-2005, 07:52 AM   #11
Solid State Member
 
hellop's Avatar
 
Join Date: Jul 2005
Posts: 9
Default Re: Virus Alert!

norton has a few prombles and a lot of times it won't tell you if you have a virus but panda will.
__________________
hellop is offline   Reply With Quote
Old 07-19-2005, 01:57 AM   #12
Baseband Member
 
Silvance's Avatar
 
Join Date: Jul 2005
Posts: 30
Send a message via AIM to Silvance Send a message via Yahoo to Silvance
Default

I'm sorry, but Norton is the 3rd worst anti-virus in existance. The second being McAfee, and the 1st being EZArmor. Avast! is the best one I've found when it comes to residential protection(protection while surfing the net) and BitDefender is the best when it comes to scanning and deleting viruses. I have both on my comp. AntiVir is also excellent, as it runs spectacularly in safe mode, and can destroy viruses while their network access is limited. Try the above programs, they're all free, and are all wonderful programs, and I urge you to avoid paying money for a less than useful anti-virus such as Norton. Good luck with your virus, and try searching for the files via Hijack This.
__________________
Silvance is offline   Reply With Quote
Old 07-30-2005, 03:25 PM   #13
Baseband Member
 
Psych0's Avatar
 
Join Date: Apr 2005
Posts: 59
Default

im sorry Silvance but i will hav to dis agree with u there in my experience panda is a much better anti-virus software but i suppose it is what eva works best for u ent it
__________________
Psych0 is offline   Reply With Quote
Old 07-30-2005, 07:29 PM   #14
Fully Optimized
 
Join Date: May 2005
Posts: 1,690
Default Re: Virus Alert!

ok guys let this thread not turn into a fight here..
No AV program is thebest or worst...there are some that are a little better than others but not to the sake of argueing over which is the best....or worst.

As in all protection programs they all have their momments...but not all of them are updated as fast as they should be....some are just too intrusive into a system when there is no need to be and others are just take offs of another program....

Same is true of anti spyware/malware programs.

So make your assesments and purchase or get the one that fits your situation and go with it...If it later proves to be not as well as you though or that it just doesn't work as it should...try another one...

My recommendations when dealing with any virus or spyware or malware issue is to uuse whatever programs that are available to do the jobs and then as a second try to turn of system restore and try to remove it again and if that doesn't work to try it in safe mode and still no good then start backing everything up( which should be done regularly any way) and do a clean reinstall.
__________________

__________________
lurkswithin is offline   Reply With Quote
Reply

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off



All times are GMT -5. The time now is 02:54 AM.


Powered by vBulletin® Version 3.8.8 Beta 4
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
Search Engine Friendly URLs by vBSEO 3.6.0
×