Sircam Virus Information and Removal Help

What is Sircam Virus and How Did I Get It?
The Sircam worm is a high-level program created in Delphi that propagates via email and shared network drives. It sends copies of itself to all addresses listed in an infected user's address book and in temporary Internet cached files. It arrives with a random subject line, and an attachment by the same name.

How to Clean/Delete the SIRCAM Virus?

Because the sircam virus can spread through shared network drives, you should first disconnect your computer from any local area network.

You can download and run the automatic cleaning tool for SIRCAM, or follow the directions below to manually remove it.

  1. First, rename REGEDIT.EXE to REGEDIT.COM. If you want to use the fix tool, there is no need to rename the file
  2. Click Start, Run, type REGEDIT and then press Enter.
  3. In the left panel, click the (+) left of each of the below:
    HKEY_LOCAL_MACHINE
    Software
    Microsoft
    Windows
    CurrentVersion
    RunServices
  4. In the right panel, look for and then delete the registry value called Driver32.
  5. In the left panel, click the (+) left of each of the below:
    HKEY_LOCAL_MACHINE
    Software
    SirCam
  6. Click SirCam and then press the Delete key.
  7. In the left panel, click the (+) left of each of the below:
    HKEY_CLASSES_ROOT
    exefile
    shell
    open
    command
  8. In the right panel, right-click the (Default) value, then choose Modify.
  9. Change “C:\Recycled\SirC32.exe””%1”%* to “%1” %*. In other words, remove “C:\Recycled\SirC32.exe”.

Remove the dropped files:

  1. Open an MS-DOS box or Command Prompt
  2. Go to the System directory (C:\Windows\System or C:\Winnt\System32).
  3. Type ATTRIB -S -H -R SCAM32.EXE to unhide the Trojan file.
  4. Type DEL SCAM32.EXE to delete the Trojan file.
  5. Go to the Recycled folder (C:\Recycled folder)

Note: Emptying the recycle bin does not effectively delete the dropped Trojan files in the folder. It is suggested that the command prompt be used when deleting the dropped files.

  1. Type ATTRIB -S -H -R SIRC32.EXE.
  2. Type DEL SIRC32.EXE to delete the Trojan file.

Remove the Worm reference from AUTOEXEC.BAT:

  1. Look for the AUTOEXEC.BAT file.
  2. Search and remove the string "@win \recycled\Sirc32.exe"

Restore your RUNDLL32.EXE:

  1. Search for RUN32.EXE in your WINDOWS folder. If not found, then the worm did not overwrite your RUNDLL32.EXE.
  2. If found, delete RUNDLL32.EXE and rename RUN32.EXE to RUNDLL32.EXE.
  3. Restart your system

Note: If you found the worm entry in the AUTOEXEC.BAT file or if you found the RUN32.EXE file in the Windows directory, this means that other computers in your network are also infected. For protection, minimize giving full access to your drives and as much as possible DO NOT share your Windows and System folder.

Next, reboot your computer into Windows and do one of the following:

or

  • Log onto the Internet and run an online virus check of your complete system. You can find an excellent online antivirus scanner at the Trend Micro Housecall site listed below. Although this may be the quickest way to clean the system, please purchase antivirus software and install it on your system to remain uninfected. Remember, you are only as safe as your current antivirus update.

Click Here to go to
Trend Micro's Housecall
Online Virus Scanner

 

space.gif (58 bytes)

 

Search PCHell.com



 




Tools for Removing Spyware, Adware, and Malware


PC HELL
Other Pages

Spyware/Adware Removal Help

MSBlast.exe Worm Removal

Welchia (Dllhost.exe and SVCHost.exe) Worm Removal

Uninstall McAfee Instructions

Uninstall Norton Instructions

Uninstall Avast Instructions

Uninstall AVG Instructions

Uninstall Antivir Instructions

Uninstall Panda Instructions

How to Manually Run the Microsoft Malicious Software Removal Tool

Bloodhound.Exploit.6 Virus Removal

MyDoom Virus Removal

MiMail.C Virus Removal

Swen Worm Virus Removal

SoBig.F Worm Removal

Dumaru Virus Removal

BugBear.B Worm Removal

SoBig.E Worm Removal

Pop Up Ad Removal Info

KAK Worm Removal

MiMail.A Worm Removal

W95.MTX Virus Removal

Snow White Virus Removal

BadTrans Trojan Removal

Wininit Virus (Bymer Trojan)

Happy99 Worm Removal

VBS Netlog Worm Removal

Pretty Park Worm Removal

Sasser Worm Virus Removal

Backdoor SDBot.H Trojan Removal

VBS.Loveletter Help

Computer Security Information

Back Orifice Information

PC HELL Main Page

 






iPadastic - News, Tutorials, Help, Tips, and Hints for the iPad



Download Hoyle Games
including Casino 3D, Card, Board, and Solitaire games.



Written by Mark Hasting

Recommended Software for PC Hell Visitors
Malwarebytes Anti-Malware
Malwarebytes Anti-Malware
iolo System Mechanic® - Fix, Speed Up Your PC
iolo System Mechanic®
Emsisoft Anti Malware
Emsisoft Anti Malware
space.gif (58 bytes)

Search PCHELL.COM

Return to PC Hell
Return to PC Hell

Google