My friend had a email about some worms he had on his pc, i ran a scan on mine and i found these also:
Once it is running, W32.Dalbug.Worm inserts and executes these files:
* %windir%\smss.exe <-- got this one.
* %windir%\csrss.exe
When W32.Randex.R is executed, it performs the following actions:
Copies itself to one of the following locations:
%System%\service.exe <-- got this one.
%System%\svhost.exe
%System%\pointer32.exe
When Backdoor.Queen runs, it does the following:
1. Creates the automatic start service QoSserver
2. Attempts to create a remote thread in "LSASS.EXE" and inject itself into it.
3. Listens on port 8491 and waits for commands from the hacker.
I cant delete any of them!! Any help? (Info comes from Symantec)
Thanks
Full Version: My system is infected by worms!
The removal instructions are on the Symantec page you got this info from.
BTW... damn! This is one old bug. How did you get it?
BTW... damn! This is one old bug. How did you get it?
No idea, i just scanned, when my friend got an email. 
You can try to use online virus scan...that is free...
QUOTE(jonfr @ Feb 27 2004, 22:49)
You can try to use online virus scan...that is free...
Uh. No.
If the system is already infected, it usually means he will have to remove it manually. Try removing the files from a Recovery Console (boot from XP cd) and replace the files.
QUOTE(MkNawabi @ Feb 27 2004, 21:46)
QUOTE(jonfr @ Feb 27 2004, 22:49)
You can try to use online virus scan...that is free...
Uh. No.
If the system is already infected, it usually means he will have to remove it manually. Try removing the files from a Recovery Console (boot from XP cd) and replace the files.
some online scanners do remove them like Trend Micro
QUOTE
If HouseCall finds a virus:
If HouseCall finds a virus on your PC, it means that your current antivirus solution is not working properly.
When HouseCall finds a virus, it will list the name of the virus as well as the name of the infected file. Click on the virus name to learn more about it.
Click on the "Clean" button to remove the virus.
Certain viruses, such as Trojans, scripts, overwriting viruses, and joke programs which are identified as "uncleanable", should simply be deleted.
To keep your PC virus-free by blocking viruses in real time,download a free 30-day trial version of PC-cillin, Trend Micro's antivirus solution for home PC users. HouseCall can only detect viruses after they have infected your PC. PC-cillin provides complete protection by blocking viruses at every entry point before they can get into your PC and delete your files or spread to everyone in your address book.
If HouseCall finds a virus on your PC, it means that your current antivirus solution is not working properly.
When HouseCall finds a virus, it will list the name of the virus as well as the name of the infected file. Click on the virus name to learn more about it.
Click on the "Clean" button to remove the virus.
Certain viruses, such as Trojans, scripts, overwriting viruses, and joke programs which are identified as "uncleanable", should simply be deleted.
To keep your PC virus-free by blocking viruses in real time,download a free 30-day trial version of PC-cillin, Trend Micro's antivirus solution for home PC users. HouseCall can only detect viruses after they have infected your PC. PC-cillin provides complete protection by blocking viruses at every entry point before they can get into your PC and delete your files or spread to everyone in your address book.
No, because in windows, you cannot edit files while theyre running. In his case, these files are vital windows services, csrss? Yeah.
Not working, trying some other options. 
Ok, you've got an XP CD.... so ... I have 1 word......
FORMAT!
hehe....
no but seriously thats what I'd do... just back up all your stuff on CD and then format.
Should you have too much stuff to fit on 2 CDs, then just create a partition thats a couple of GBs and copy it to that partition. When you reinstall windows just be sure not to delete the partition you saved your stuff onto. I think partition magic 7 handles partitions really well.
FORMAT!
hehe....
no but seriously thats what I'd do... just back up all your stuff on CD and then format.
Should you have too much stuff to fit on 2 CDs, then just create a partition thats a couple of GBs and copy it to that partition. When you reinstall windows just be sure not to delete the partition you saved your stuff onto. I think partition magic 7 handles partitions really well.
or buy a DVD burner 
QUOTE(MkNawabi @ Feb 28 2004, 04:23)
No, because in windows, you cannot edit files while theyre running. In his case, these files are vital windows services, csrss? Yeah.
you win
Usually REMOVAL TOOLS helps a lot... Only if they PC is infected by worm - need some more action - like use of at least MS integrated firewall, turning off System restore and so on..., but removal tools are helpfull if you use them in proper way.
wow that sucks
hope you got rid of them all
hope you got rid of them all
QUOTE(Fod @ Feb 28 2004, 23:53)
or buy a DVD burner
Got one.... guess i'll have to format it.... cant get rid off them!
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.