Virus : win32\Deborm.Q
Results 1 to 7 of 7

Thread: Virus : win32\Deborm.Q

  1. #1
    Junior Member
    Join Date
    Jan 2004
    Posts
    25

    Thumbs down Virus : win32\Deborm.Q

    Hi Ppl
    Suddenly I get this message (dos message )
    Messegener : from "MycompNo" to "MYCompNo"
    Virus win32\Debrm.Q detected in your comp

    How to get rid of it ?
    How could it make it way thru to me? (I didnt get any mail with some attachments which could result in this )
    \"I\'d hate to have a kid like me\"

  2. #2
    Senior Member
    Join Date
    Nov 2003
    Posts
    285
    why don't you try useing a antivirus

    i don't understand you got a dos message . are you using a antivirus? was this a antivirus alert?

    How could it make it way thru to me? (I didnt get any mail with some attachments which could result in this )
    virus spreads in many ways except mail attechments. it could have come through some infected floppy you have brought or from some infected software you might have installed

    i would suggest use a good antivirus software to get rid of it . you can try AVG which i use ( its free)

  3. #3
    The Doctor Und3ertak3r's Avatar
    Join Date
    Apr 2002
    Posts
    2,744
    Messegener : from "MycompNo" to "MYCompNo"
    Virus win32\Debrm.Q detected in your comp
    Sounds like Netsend Messenger..

    some one playing a joke.. here I am assuming that your OS is Win XP.. a google of the name brought up nothing.. is that the correct spelling? (I searched on Debrm and Debrm.Q)

    If you havent got AV software like w0lverine has commented.. you are playing Russian Roulette..
    Also to stop this kind of message.. dissable "Messenger" Service this will not affect MSN Messenger (shock horror if it should fall of the face of the earth)

    So don't panic


    any more questions please post back..


    Cheers
    "Consumer technology now exceeds the average persons ability to comprehend how to use it..give up hope of them being able to understand how it works." - Me http://www.cybercrypt.co.nr

  4. #4
    Junior Member
    Join Date
    Jan 2004
    Posts
    25
    Well I am sorry for the typo error its called win32\Deborm.Q virus , and yes the message was a Netsend messenger , but the sender was with the same name as that of my comp.
    The message , file ~2.exe detected on a user's folder on my comp, but that user has never used my comp ( I am talking of the comp I used in office ). And I havent used a floppy either . That is why I am puzzeled as to how can the worm get into my comp.
    Anti virus has repaired the file, but the questions that are baffaling me are :
    1. How can the messenger service reported that a user's folder was infected when infact that user has never used my comp.
    2. I havent used folppy since a year on my comp , my mails are scanned by antivirus s/w so what else can be the way in which worm sneak into my comp.
    \"I\'d hate to have a kid like me\"

  5. #5
    Banned
    Join Date
    Jun 2003
    Posts
    927
    Removal Instructions:
    Removal using the W32.HLLW.Nebiwo Removal Tool
    This is the easiest way to remove this threat. Symantec Security Response has created a W32.HLLW.Nebiwo Removal Tool.

    Manual Removal
    As an alternative to using the removal tool, you can manually remove this threat.

    The following instructions pertain to all current and recent Symantec antivirus products, including the Symantec AntiVirus and Norton AntiVirus product lines.

    1. Update the virus definitions.
    2. Run a full system scan and delete all the files detected as W32.HLLW.Nebiwo.
    3. Delete the value that was added to the registry.

    For specific details on each of these steps, read the following instructions.

    1. Updating the virus definitions
    Symantec Security Response fully tests all the virus definitions for quality assurance before they are posted to our servers. There are two ways to obtain the most recent virus definitions:

    * Running LiveUpdate, which is the easiest way to obtain virus definitions: These virus definitions are posted to the LiveUpdate servers once each week (usually on Wednesdays), unless there is a major virus outbreak. To determine whether definitions for this threat are available by LiveUpdate, refer to the Virus Definitions (LiveUpdate).
    * Downloading the definitions using the Intelligent Updater: The Intelligent Updater virus definitions are posted on U.S. business days (Monday through Friday). You should download the definitions from the Symantec Security Response Web site and manually install them. To determine whether definitions for this threat are available by the Intelligent Updater, refer to the Virus Definitions (Intelligent Updater).

    The Intelligent Updater virus definitions are available: Read "How to update virus definition files using the Intelligent Updater" for detailed instructions.


    2. Scanning for and deleting the infected files

    1. Start your Symantec antivirus program and make sure that it is configured to scan all the files.
    * For Norton AntiVirus consumer products: Read the document, "How to configure Norton AntiVirus to scan all files."
    * For Symantec AntiVirus Enterprise products: Read the document, "How to verify that a Symantec Corporate antivirus product is set to scan all files."
    2. Run a full system scan.
    3. If any files are detected as infected with W32.HLLW.Nebiwo, click Delete.


    3. Deleting the value from the registry

    CAUTION: Symantec strongly recommends that you back up the registry before making any changes to it. Incorrect changes to the registry can result in permanent data loss or corrupted files. Modify the specified keys only. Read the document, "How to make a backup of the Windows registry," for instructions.

    1. Click Start, and then click Run. (The Run dialog box appears.)
    2. Type regedit

    Then click OK. (The Registry Editor opens.)

    3. Navigate to the key:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

    4. In the right pane, delete the value:

    NAV Live Update <path to worm>

    5. Exit the Registry Editor.

    Wrom: NVWWCUFPEGAUTFJMVRESKPNKMBIPBARHDMNNSKVFVWRKJVZCMHVIBGDADRZFSQHYUCDDJBLVLMHA
    cheers

  6. #6
    Banned
    Join Date
    Jun 2003
    Posts
    927
    /am really sorry for posting twice but wtf is this...i did this link http://securityresponse.symantec.com...lw.nebiwo.html
    and it shows up as...
    NVWWCUFPEGAUTFJMVRESKPNKMBIPBARHDMNNSKVFVWRKJVZCMH
    VIBGDADRZFSQHYUCDDJBLVLMHA
    in my previous post

    are we havin problems with AO?



    i did this in my previous post... from http://securityresponse.symantec.com...lw.nebiwo.html
    so why does it show up in some random letters?


    edit: i included ( after the from and the space and link...whats that mean anyways?

  7. #7
    Senior Member
    Join Date
    Nov 2001
    Posts
    4,786
    ( I am talking of the comp I used in office ). And I havent used a floppy either . That is why I am puzzeled as to how can the worm get into my comp.
    you're kidding right?


    i have to assume (because it looks like your never going to fuggen tell us) that this computer is in a networked environment....am i getting warm?

    once somebody brings a network aware virus into the average small network there really isn't much to stop it. most defenses are setup to keep things from the internet out. once its inside, depending on the type of worm and how the network is configured, its pretty much found nirvana and could take many man hours to get rid of it.

    if you go to all these sites and do whatever they tell you to get it off of your computer your going to get re-infected threw the network before your finished getting rid of it. i hope you discribed this to your network administrator and not just here on ao.
    Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •