What is
Sircam Virus and How Did I Get It?
The Sircam
worm is a high-level program created in Delphi that propagates via
email and shared network drives. It sends copies of itself to all
addresses listed in an infected user's address book and in temporary
Internet cached files. It arrives with a random subject line, and an
attachment by the same name. |
|
How
to Clean/Delete the SIRCAM Virus?
Because
the sircam virus can spread through shared network drives, you should
first disconnect your computer from any local area network.
You can download
and run the automatic cleaning tool for SIRCAM, or follow the
directions below to manually remove it.
- First,
rename REGEDIT.EXE to REGEDIT.COM. If you want to use the fix tool,
there is no need to rename the file
- Click
Start, Run, type REGEDIT and then press Enter.
- In
the left panel, click the (+) left of each of the below:
HKEY_LOCAL_MACHINE
Software
Microsoft
Windows
CurrentVersion
RunServices
- In
the right panel, look for and then delete the registry value called
Driver32.
- In
the left panel, click the (+) left of each of the below:
HKEY_LOCAL_MACHINE
Software
SirCam
- Click
SirCam and then press the Delete key.
- In
the left panel, click the (+) left of each of the below:
HKEY_CLASSES_ROOT
exefile
shell
open
command
- In
the right panel, right-click the (Default) value, then choose Modify.
- Change
“C:\Recycled\SirC32.exe””%1”%*
to “%1” %*. In other words, remove
“C:\Recycled\SirC32.exe”.
Remove
the dropped files:
- Open
an MS-DOS box or Command Prompt
- Go to
the System directory (C:\Windows\System or C:\Winnt\System32).
- Type
ATTRIB -S -H -R SCAM32.EXE to unhide the Trojan file.
- Type
DEL SCAM32.EXE to delete the Trojan file.
- Go to
the Recycled folder (C:\Recycled folder)
Note:
Emptying the recycle bin does not effectively delete the dropped Trojan
files in the folder. It is suggested that the command prompt be used
when deleting the dropped files.
- Type
ATTRIB -S -H -R SIRC32.EXE.
- Type
DEL SIRC32.EXE to delete the Trojan file.
Remove
the Worm reference from AUTOEXEC.BAT:
- Look
for the AUTOEXEC.BAT file.
- Search
and remove the string "@win \recycled\Sirc32.exe"
Restore
your RUNDLL32.EXE:
- Search
for RUN32.EXE in your WINDOWS folder. If not found, then the worm did
not overwrite your RUNDLL32.EXE.
- If
found, delete RUNDLL32.EXE and rename RUN32.EXE to RUNDLL32.EXE.
- Restart
your system
Note:
If you found the worm entry in the AUTOEXEC.BAT file or if you found
the RUN32.EXE file in the Windows directory, this means that other
computers in your network are also infected. For protection, minimize
giving full access to your drives and as much as possible DO NOT share
your Windows and System folder.
Next,
reboot your computer into Windows and do one of the following:
or
- Log onto
the Internet and run an online virus check of your complete system. You
can find an excellent online antivirus scanner at the Trend Micro
Housecall site listed below. Although this may be the quickest way to
clean the system, please purchase antivirus software and install it on
your system to remain uninfected. Remember, you are only as safe as
your current antivirus update.
Click
Here to go to
Trend Micro's Housecall
Online Virus Scanner
|
Tools for Removing Spyware, Adware, and Malware
PC HELL
Other Pages
Spyware/Adware Removal Help
MSBlast.exe Worm Removal
Welchia (Dllhost.exe and SVCHost.exe) Worm Removal
Uninstall McAfee Instructions
Uninstall Norton Instructions
Uninstall Avast Instructions
Uninstall AVG Instructions
Uninstall Antivir Instructions
Uninstall Panda Instructions
How to Manually Run the Microsoft Malicious Software Removal Tool
Bloodhound.Exploit.6 Virus Removal
MyDoom Virus Removal
MiMail.C Virus Removal
Swen Worm Virus Removal
SoBig.F Worm Removal
Dumaru Virus Removal
BugBear.B Worm Removal
SoBig.E Worm Removal
Pop Up Ad Removal Info
KAK Worm Removal
MiMail.A Worm Removal
W95.MTX Virus Removal
Snow White Virus Removal
BadTrans Trojan Removal
Wininit Virus (Bymer Trojan)
Happy99 Worm Removal
VBS Netlog Worm Removal
Pretty Park Worm Removal
Sasser Worm Virus Removal
Backdoor SDBot.H Trojan Removal
VBS.Loveletter Help
Computer Security Information
Back Orifice Information
PC HELL Main Page
iPadastic - News, Tutorials, Help, Tips, and Hints for the iPad
Download Hoyle Games including Casino 3D, Card, Board, and Solitaire games.
|