::: Virus Alert:::
contains its own SMTP
engine, and propagates in a manner similar to the W32.Magistr.Worm. Due to
what appears to be a bug, this worm does not replicate under Windows NT or
This worm propagates via email using SMTP commands by sending
copies of itself to all addresses listed in an infected user's address book.
It arrives in an email with a random subject line and an attachment by the
same name. It also propagates via shared network drives. Here is a
collection of links to various anti virus companies and there information and
Information and removal process from Sophos Anti
Information and removal process from Symantec/Norton: http://www.symantec.com/avcenter/venc/data/w32.sircam.worm@xxxxxxxxxxxxxxxxxxxx
Information and removal process from NAI/Mcafee: http://vil.nai.com/vil/virusRemovalInstructions.asp?virus_k=99141
Information and removal process from F-secure: http://www.f-secure.com/v-descs/sircam.shtml
Information and removal process from Panda software: http://www.pandasoftware.com
Click on the link for
the sircam on the right side of the page as this site is using frames.
Information and removal process from Trend Micro: http://www.antivirus.com/pc-cillin/vinfo/virusencyclo/default5.asp?VName=TROJ_SIRCAM.A
To manually remove Trojan from (Trend Micro) for
experienced users only…
1.Disconnect from the network
On the right panel,
double click on the (Default) value and remove
leaving only “%1” %* (double quote, percent one,
double quote, space,
4.On right panel delete the value
5.Go to HKEY_LOCAL_MACHINE\Software\Sircam and Delete the key
6.Go to MSDOS Prompt and go to Windows\System folder.
(C:\Windows\System or C:\Winnt\System32)
7.Type ATTRIB –S –H
–R SCAM32.EXE to unhide Trojan file.
8.Type DEL SCAM32.EXE to delete
9.Go to the Recycled folder (C:\Recycled) and do steps 7
and 8 to delete the Trojan file hidden in the recycle bin because emptying
this folder may not effectively do so.
10.Go to the Windows folder and
Search for RUN32.EXE.
11.If present delete RUNDLL32.EXE and rename
RUN32.EXE to RUNDLL32.EXE
There are 0
comments Re: W32.Sircam.Worm@mm -- Information and
Thread & Post a Comment
or Send This Page to a Friend