Author Topic: WIn32 Korgo O worm (Read 4054 times)

Zyggy · « **on:** August 22, 2004, 10:19:38 PM »

I can't seem to get rid of this virus...ant help would be a help!

Eddy · « **Reply #1 on:** August 22, 2004, 10:24:12 PM »

Sure, click on the link inmy signature and follow the instructions on that page.

Win32 Korgo O worm aka Worm/Padobot.O, Win32/Korgo.R.worm, W32.Korgo.O, Worm.Win32.Padobot.l, W32/Korgo.worm, Win32.Korgo.W, Worm/Padobot.U

I bet you didn't kept/keep your system up-to-date with all security patches/updates from Microsoft.

More info on the LSASS security issue can be found HERE

gogogo · « **Reply #2 on:** August 28, 2004, 02:19:43 PM »

what about Win32:Korgo-M [Wrm]? ,i can´t solve that problem im my pc ...

Eddy · « **Reply #3 on:** August 28, 2004, 02:30:31 PM »

Yes you can solve it

Follow the instructions on the page I gave you and it will be gone.

Korgo-M is a variant of the Korgo-B.

You can also remove it manually. (but that is likely harder to do)
1] Disable system restore
2] reboot
3] reboot in safe mode
4] navigate in the registry to :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
and remove "WinUpdate"="%System%\<random.filename>.exe"
5] navigate in the registry to:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wireless
and remove "Server"="1"
6] reboot
7] run a full system scan and remove all files detected as being infected.
8] install ALL security patches/updates
9] reboot
10] run a full system scan to see if you are still clean.

Author Topic: WIn32 Korgo O worm (Read 4054 times)

Zyggy

WIn32 Korgo O worm

Eddy

Re:WIn32 Korgo O worm

gogogo

Re:WIn32 Korgo O worm

Eddy

Re:WIn32 Korgo O worm