Avast WEBforum

Other => Viruses and worms => Topic started by: Zyggy on August 22, 2004, 10:19:38 PM

Title: WIn32 Korgo O worm
Post by: Zyggy on August 22, 2004, 10:19:38 PM

I can't seem to get rid of this virus...ant help would be a help!

Title: Re:WIn32 Korgo O worm
Post by: Eddy on August 22, 2004, 10:24:12 PM

Sure, click on the link inmy signature and follow the instructions on that page.

Win32 Korgo O worm aka Worm/Padobot.O, Win32/Korgo.R.worm, W32.Korgo.O, Worm.Win32.Padobot.l, W32/Korgo.worm, Win32.Korgo.W, Worm/Padobot.U

I bet you didn't kept/keep your system up-to-date with all security patches/updates from Microsoft.

More info on the LSASS security issue can be found HERE (http://www.microsoft.com/technet/security/bulletin/MS04-011.mspx)

Title: Re:WIn32 Korgo O worm
Post by: gogogo on August 28, 2004, 02:19:43 PM

what about Win32:Korgo-M [Wrm]? ,i can´t solve that problem im my pc ...

Title: Re:WIn32 Korgo O worm
Post by: Eddy on August 28, 2004, 02:30:31 PM

Yes you can solve it ;) Follow the instructions on the page I gave you and it will be gone.

Korgo-M is a variant of the Korgo-B.

You can also remove it manually. (but that is likely harder to do)
1] Disable system restore
2] reboot
3] reboot in safe mode
4] navigate in the registry to :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
and remove "WinUpdate"="%System%\<random.filename>.exe"
5] navigate in the registry to:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wireless
and remove "Server"="1"
6] reboot
7] run a full system scan and remove all files detected as being infected.
8] install ALL security patches/updates
9] reboot
10] run a full system scan to see if you are still clean.