Help to remove Win32/SpyBot.CQ worm

hello,

any1 can help me to remove Win32/SpyBot.CQ worm ?

NOD32 detect it everyday 2 or 3 times .... but don't remove it.

01/12/2003 19:00:51 - AMON - Antivirus monitor Program Virus Alert triggered on INTERNET01: C:\explorer.exe infected with Win32/SpyBot.CQ worm.
01/12/2003 19:01:17 - AMON - Antivirus monitor Program Virus Alert triggered on INTERNET01: C:\OPEN_ME.exe infected with Win32/SpyBot.CQ worm.

 

From what I have read about it, you need to disable System Restore, then reboot and scan again.

or Manual Removal:

Terminate Dlder.exe and ExPlorer.exe using Windows' End Task (CTRL-ALT-DEL) dialogue, if possible.
Delete the files: dlder.exe (normally in C:\windows) and the phony Explorer file (normally C:\Windows\explorer\Explorer.exe). Be sure you are NOT deleting Windows Explorer, which is located at C:\Windows\Explorer.exe.

More info http://forums.techguy.org/t155029/s28fe0ab89f9aab1c89f0b435410a207f.html

When you are all clean again, may I suggest you use/do the following if you aren't already:

Update Windows http://v4.windowsupdate.microsoft.com/en/default.asp
Nod32 Anti-virus http://nod32.com/home/home.htm
ZoneAlarm Firewall http://www.zonelabs.com/store/content/home.jsp
Spybot Search and Destroy http://www.safer-networking.org/
Spyware Guard http://www.wilderssecurity.net/spywareguard.html
Spyware Blaster http://www.javacoolsoftware.com/spywareblaster.html

Hope this helps...

Cheers

 

My guess is that you have your C:\ drive shared. That is BAD!

If you DO have it shared, remove the share IMMEDIATELY, since ANYONE can access ANY of your files, and copy/remove/install things as they please. If you really need to share the drive, install a personal firewall that allows you to specify that only the local network has access to your share.

Best regards,
Anders

 

Hello jose_Sant!

Very good advice here. These people can really help you.

I'd like to take this opportunity to say that Wilders bids you:

http://www.gifs.net/animate/welcomeswirl.gif