PDA

View Full Version : virus trouble



27-07-2001, 03:13 PM
having trouble with a computer at work, the boss opened an attachment and it had a virus, I've disconnected it from the network, and have tried to backup files but everything I try to run fails to work with an error of unable to locate a file needed to run this application. The missing file is supposedly 'SirC32.exe'. Even when rebooting into DOS to try to run antivirus software from there, fails to work. The bosses main concern is her Outlook contacts and diary appointments, any help, before formating becomes the only option?

27-07-2001, 04:19 PM
SirC32.exe is the latest Outlook worm going around, although slightly more creative than most, it would have also sent a random document from her machine to everyone her address book.

http://www.symantec.com/avcenter/venc/data/w32.sircam.worm@mm.html
has a write up on it, and includes a remover for it.

This sounds like a good time to stop using outlook and shooting people who open executable attachments.

27-07-2001, 08:37 PM
May need to rename Regedit.exe to Regedit.com
and then use regedit.com to edit:
HKEY_CLASSES_ROOT\exefile\shell\open\command
to
HKEY_CLASSES_ROOTexefile\shell\open\command

and modify the [Default] value to:

'%1' %*

to get back programs to run.



As said in above post,,,,,,,W32.SirCam.worm@mm attempts to send itself and random documents to all users found in various
email address books, including Outlook,' Symantec said in a statement...
as well as emailing out via any other found URL addresses in any cache in infected computer.

Also spreads rapidly through open file shares on Networks.

If left undetected,a possibility is ,it can delete all files on C: drive in October payload.

More info and a quick and easy removal tool here:
Read the Readme.txt.
(http:http://www.woram.com/zips/surkam.zip)


Also:
Note: If you found the worm entry in the AUTOEXEC.BAT file or if you found the RUN32.EXE file in the Windows directory, this means that other computers in your network are also infected. For protection, minimize giving full access to your drives and as much as possible DO NOT share your Windows and System folder.

More info here:
(http://www.antivirus.com/vinfo/virusencyclo/default5.asp?Vname=TROJ_SIRCAM.A) and then click on:
'to remove the trojan completely' link.

28-07-2001, 12:43 PM
yeah, stop using Outlook, in fact get a commodore 64 as that will stop most viruses running. A bad workman blames his tools.