CANNOT REMOVE WORM.VB.DW

Discussion in 'ewido anti-spyware forum' started by badboybennyg, Jul 2, 2006.

Thread Status:
Not open for further replies.
  1. badboybennyg

    badboybennyg Registered Member

    Joined:
    Jul 2, 2006
    Posts:
    6
    Hi

    I am running ewido anti-spyware 4.0 and to be fair it has got rid of loads of rubbish. However it finds the worm.vb.dw but when I try to quarantine or delete it I get "Error while quarantining"


    Please please help me get rid of this vicious worm.
     
  2. zopzop

    zopzop Registered Member

    Joined:
    Apr 6, 2006
    Posts:
    632
    did you try restarting windows in safe mode and running ewido then?
     
  3. vinzenz.ewido

    vinzenz.ewido former ewido team

    Joined:
    Dec 9, 2005
    Posts:
    425
    Location:
    Brno, Czech Republic
    Yes this is a good idea, try to run ewido in safe mode.

    It is often easier to remove a threat in safe mode.

    If you still have a problem removing this threat feel free to tell us. We'll help you to remove it.

    regards,
     
  4. badboybennyg

    badboybennyg Registered Member

    Joined:
    Jul 2, 2006
    Posts:
    6
    Thanks Guys

    I thought I had managed to remove it late last night by following the path that the ewido programme was telling me in the message....

    "cannot remove X because the folder X is embedded in X, do you want to delete X" (something like that)

    So I followed that path in explorer and deleted the folder. Re-ran the scan in ewido and yipee no traces. However the sympton of the worm still remains. I cannot install any antivirus software as the worm has attacked my administrator rights etc.


    In your opinion is the worm still there? If so why wont ewido pick it up now? Will running the programme in Safe Mode still helpo_O?


    Appreciate your help.......
     
  5. karl.ewido

    karl.ewido former ewido team

    Joined:
    Dec 9, 2005
    Posts:
    236
    Location:
    Germany
    Please post here your scan log of the ewido scanner and a report log of the startup module.
    Send me also a pm (private message) with a hijackthis log (tutorial site: http://www.evilissimo-softdev.de/hjt_en.html) of your infected system. Do NOT post the log here.
     
  6. badboybennyg

    badboybennyg Registered Member

    Joined:
    Jul 2, 2006
    Posts:
    6
    Many thanks Karl.Ewido.

    Here is the scan log. Please excuse my ignorance but how do I provide the "report log of the startup module".

    I will also PM you shortly with the "hijackthis log". I still feel the worm is on there somewhere as I cant install anything still.....


    ewido anti-spyware - Scan Report
    ---------------------------------------------------------

    + Created at: 18:09:55 03/07/2006

    + Scan result:



    C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
    C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@atdmt[2].txt -> TrackingCookie.Atdmt : No action taken.
    C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@clickbank[1].txt -> TrackingCookie.Clickbank : No action taken.
    C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@com[1].txt -> TrackingCookie.Com : No action taken.
    C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@doubleclick[1].txt -> TrackingCookie.Doubleclick : No action taken.
    C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@mediaplex[2].txt -> TrackingCookie.Mediaplex : No action taken.
    C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@serving-sys[2].txt -> TrackingCookie.Serving-sys : No action taken.
    C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@statcounter[1].txt -> TrackingCookie.Statcounter : No action taken.


    ::Report end
     
  7. karl.ewido

    karl.ewido former ewido team

    Joined:
    Dec 9, 2005
    Posts:
    236
    Location:
    Germany
    Your ewido scan log and hijackthis log do not list really any suspicious entries. Are you sure that you still have the problems with this Worm?
     
  8. badboybennyg

    badboybennyg Registered Member

    Joined:
    Jul 2, 2006
    Posts:
    6
    Very sure, although the only symptom remaining is the fact I cannot install 95% of antivirus software I have tried to download. Reading up on this worm indicates that this is a classic symptom of this particular Worm. Various error messages relating to logging on as Administrator, incorrect user rights etc occur......
     
  9. vinzenz.ewido

    vinzenz.ewido former ewido team

    Joined:
    Dec 9, 2005
    Posts:
    425
    Location:
    Brno, Czech Republic
    But you've tried to install those antivirus software as admin?

    This is needed in the most cases.

    Regards,
     
  10. badboybennyg

    badboybennyg Registered Member

    Joined:
    Jul 2, 2006
    Posts:
    6
    Yes I am def logged in as admin when installing.


    This is what i know of this particular worm...

    http://www.k7computing.com/virusinfo/WormVBDW.htm

    and....

    "...is a mass mailing worm that has its own SMTP engine but also tries to spread via P2P networks. It tries to download and execute files from the Internet. It kills antivirus related processes and modifies the host file to make its detection and removal harder.

    This is what it says to me when I try and install most things...

    Error creating Registry key

    RegCreateKey Ex Failed; code 5
    Access is denied

    Also it seems have done something to my System Restore. it basically wont let me restore to more than a week ago.
     
    Last edited: Jul 5, 2006
  11. pardner_

    pardner_ Registered Member

    Joined:
    Jul 7, 2006
    Posts:
    1
    hello ... I am also having trouble deleting this worm using ewido ... it finds the worm.vb.dw but when I try to quarantine or delete it I get "Error while quarantining" while in "safe mode" .... I have done this several times.

    .... any info much appreciated
     
  12. MikeW2

    MikeW2 Registered Member

    Joined:
    Jun 25, 2006
    Posts:
    14
    Location:
    Bedfordshire - UK
  13. badboybennyg

    badboybennyg Registered Member

    Joined:
    Jul 2, 2006
    Posts:
    6
    Hi Pardner

    I am not recommending this and I bare no responsibility if anything goes wrong on your PC, but this is what worked for me...

    When my computer was starting/booting I did an F10 for system recovery. I then let it reinstall a former state from the partition drive. I must point out at this stage that I didnt lose any files or document but had to reinstall the software for things like my broadband modem, printer etc. Then I re-ran Ewido. This time it found the worm as befofe but this time I was able to delete it. Once deleted I could actually install other anti-virus software. These found other Trojans etc. I then re-ran Ewido and no signs of the worm. Fingers crossed PC been ok since.


    Cheers
    BBBG
     
  14. r1ft

    r1ft Registered Member

    Joined:
    Sep 30, 2006
    Posts:
    1
    CANNOT REMOVE WORM.VB.DW [Help #2]

    Hey guys, I am having the same exact problem ~link not needed....thread merged into existing thread....Bubba~
    I read through the whole thread but never found the best specific way to remove worm.vb.dw.

    My basic problem is when I run ewido then it catches many rubbish and tons of worm.vb.dw and when I try to remove them I get an error and it quits out without deleting any of it. I am trying to fully install my AntiVirus but I keep getting the same errors saying stuff like you need to be an administrator bla bla bla...

    If anyone has figured out the best way to fix this please let me know!

    Thanks,
    r1ft
     
    Last edited by a moderator: Sep 30, 2006
  15. TopperID

    TopperID Registered Member

    Joined:
    Oct 1, 2004
    Posts:
    1,527
    Location:
    London
    Re: CANNOT REMOVE WORM.VB.DW [Help #2]

    Try the following:-

    D/L and install CCleaner:-

    http://www.filehippo.com/download_ccleaner/

    Go into safe mode, run CCleaner (you will need to configure it to delete Windows temp files less than 48 hours old and also prefetch items). Now run an ewido memory scan, if it picks anything up you need to go to the analysis section and terminate (simultaneously) all the processes concerned (you will know these 'cos of the numbers in square brackets which are the PIDs). If you reboot, make sure you come back into 'safe'. Persevere with trying to terminate bad running processes; then do a full system scan with ewido.

    I can't promise anything, but at least try.
     
  16. Toby75

    Toby75 Registered Member

    Joined:
    Mar 10, 2006
    Posts:
    480
    Re: CANNOT REMOVE WORM.VB.DW [Help #2]

    If that doesn't work...boot into safe mode (with networking)...run an online scan here: http://www.bitdefender.com/scan8/ie.html

    This should remove all traces of the worm.
     
Thread Status:
Not open for further replies.