Help to remove Win32/SpyBot.CQ worm

Discussion in 'NOD32 version 2 Forum' started by jose_Sant, Dec 1, 2003.

Thread Status:
Not open for further replies.
  1. jose_Sant

    jose_Sant Registered Member

    Joined:
    Sep 5, 2003
    Posts:
    3
    hello,

    any1 can help me to remove Win32/SpyBot.CQ worm ?

    NOD32 detect it everyday 2 or 3 times .... but don't remove it.

    01/12/2003 19:00:51 - AMON - Antivirus monitor Program Virus Alert triggered on INTERNET01: C:\explorer.exe infected with Win32/SpyBot.CQ worm.
    01/12/2003 19:01:17 - AMON - Antivirus monitor Program Virus Alert triggered on INTERNET01: C:\OPEN_ME.exe infected with Win32/SpyBot.CQ worm.
     
  2. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    From what I have read about it, you need to disable System Restore, then reboot and scan again.

    or Manual Removal:

    Terminate Dlder.exe and ExPlorer.exe using Windows' End Task (CTRL-ALT-DEL) dialogue, if possible.
    Delete the files: dlder.exe (normally in C:\windows) and the phony Explorer file (normally C:\Windows\explorer\Explorer.exe). Be sure you are NOT deleting Windows Explorer, which is located at C:\Windows\Explorer.exe.

    More info http://forums.techguy.org/t155029/s28fe0ab89f9aab1c89f0b435410a207f.html

    When you are all clean again, may I suggest you use/do the following if you aren't already:

    Update Windows http://v4.windowsupdate.microsoft.com/en/default.asp
    Nod32 Anti-virus http://nod32.com/home/home.htm
    ZoneAlarm Firewall http://www.zonelabs.com/store/content/home.jsp
    Spybot Search and Destroy http://www.safer-networking.org/
    Spyware Guard http://www.wilderssecurity.net/spywareguard.html
    Spyware Blaster http://www.javacoolsoftware.com/spywareblaster.html

    Hope this helps...

    Cheers :D
     
  3. anders

    anders Eset Staff Account

    Joined:
    Oct 25, 2002
    Posts:
    410
    My guess is that you have your C:\ drive shared. That is BAD!

    If you DO have it shared, remove the share IMMEDIATELY, since ANYONE can access ANY of your files, and copy/remove/install things as they please. If you really need to share the drive, install a personal firewall that allows you to specify that only the local network has access to your share.

    Best regards,
    Anders
     
  4. Prince_Serendip

    Prince_Serendip Registered Member

    Joined:
    Apr 8, 2002
    Posts:
    819
    Location:
    Canada
Thread Status:
Not open for further replies.