your computer has [or at least, had] been infected by the W32.Serflog.A worm (also known as W32/Sumom-A ), and you should do the following:
I've located a removal tool for the virus, from Symantec. However, one of the "quirks" of the virus is that it will not let you access the Symantec site :-( Fortunately, upon searching further, I found out that the Symantec tool is also available from MajorGeeks:
Note: This is a very 'resistant' worm. If, for any reason, you cannot go on the internet to perform/complete the download from this site, then you'll have to go to another "clean" PC (a friend's, at work, etc.), download it there, copy it to a floppy (it's a very small file), and then, bring it back to your infected P.C.
2. Save the file to a convenient location, such as your Windows desktop.
3. Close all the running programs.
4. If you are on a network or if you have a full-time connection to the Internet, disconnect the computer from the network and the Internet.
5. Locate the file that you just downloaded.
6. Double-click the FixSflog.exe file to start the removal tool.
7. Click Start to begin the process, and then allow the tool to run.
8. Restart the computer.
9. After rebooting, run the removal tool again to ensure that the system is clean. (Do not be surprised if it finds some entries again.)
10. If you are on a network or if you have a full-time connection to the Internet, reconnect the computer to the network or to the Internet connection.
11. Update your anti-virus definitions, and run a complete virus scan.
****************
now, for your WinFixer problem: Download[but do *NOT* yet run] FixVundo from
Note: If you have previously download this file on another occasion, please download it again, to be absolutely sure you have the most current version.
* Save it to your Desktop * Close all running programs (including your Internet Browser) * Double-click VirtumundoBeGone.exe on the desktop * Follow the directions as indicated
please be advised that this program will generate a "BLUE SCREEN OF DEATH"... this is an expected/necessary part of the process, so don't be surprised when it happens.
just reboot if your system "jams"
*********************
After rebooting, it's now time to run FixVundo (which you had downloaded earlier).
Make sure all other programs, including your Internet Browser, are closed.
Double-click the FixVundo.exefile to start the removal tool.
Click Start to begin the process, and then allow this tool to run.
Important: Do not launch any new applications while the tool is running!
Reboot your computer.
Run the FixVundo removal tool again to ensure that the system is clean.
*********************
It's now time to report back to us:
VirtumundoBeGone generated a "log" file of its own, which it should have placed on your Desktop... please REPLY to this thread, and copy/paste the VirtumundoBeGone log back here, along with your latest HJT log.
ky331
3 Apprentice
•
15.6K Posts
0
November 30th, 2005 15:00
your computer has [or at least, had] been infected by the W32.Serflog.A worm (also known as W32/Sumom-A ), and you should do the following:
http://majorgeeks.com/download4523.html
which, hopefully, has not been blocked. Go there, download the
Symantec W32.Serflog.A Free Removal Tool 1.1.2 : FixSflog.exe
and then follow these directions. You may want to print these out before continuing.
1. Download the FixSflog.exe file from http://majorgeeks.com/download4523.html
Note: This is a very 'resistant' worm. If, for any reason, you cannot go on the internet to perform/complete the download from this site, then you'll have to go to another "clean" PC (a friend's, at work, etc.), download it there, copy it to a floppy (it's a very small file), and then, bring it back to your infected P.C.
2. Save the file to a convenient location, such as your Windows desktop.
3. Close all the running programs.
4. If you are on a network or if you have a full-time connection to the Internet, disconnect the computer from the network and the Internet.
5. Locate the file that you just downloaded.
6. Double-click the FixSflog.exe file to start the removal tool.
7. Click Start to begin the process, and then allow the tool to run.
8. Restart the computer.
9. After rebooting, run the removal tool again to ensure that the system is clean. (Do not be surprised if it finds some entries again.)
10. If you are on a network or if you have a full-time connection to the Internet, reconnect the computer to the network or to the Internet connection.
11. Update your anti-virus definitions, and run a complete virus scan.
****************
now, for your WinFixer problem: Download [but do *NOT* yet run] FixVundo from
http://securityresponse.symantec.com/avcenter/FixVundo.exe
[we'll have you run it later]
Note: If you have previously download this file on another occasion, please download it again, to be absolutely sure you have the most current version.
********************
Next, download VirtumundoBeGone from:
http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe
* Save it to your Desktop
* Close all running programs (including your Internet Browser)
* Double-click VirtumundoBeGone.exe on the desktop
* Follow the directions as indicated
please be advised that this program will generate a "BLUE SCREEN OF DEATH"... this is an expected/necessary part of the process, so don't be surprised when it happens.
just reboot if your system "jams"*********************
After rebooting, it's now time to run FixVundo (which you had downloaded earlier).
Make sure all other programs, including your Internet Browser, are closed.
Double-click the FixVundo.exe file to start the removal tool.
Click Start to begin the process, and then allow this tool to run.
Important: Do not launch any new applications while the tool is running!
Reboot your computer.
Run the FixVundo removal tool again to ensure that the system is clean.
*********************
It's now time to report back to us:
VirtumundoBeGone generated a "log" file of its own, which it should have placed on your Desktop... please REPLY to this thread, and copy/paste the VirtumundoBeGone log back here, along with your latest HJT log.