Virus : win32\Deborm.Q

[Desolation_Jam]

Hi Ppl
Suddenly I get this message (dos message )
Messegener : from "MycompNo" to "MYCompNo"
Virus win32\Debrm.Q detected in your comp

How to get rid of it ?
How could it make it way thru to me? (I didnt get any mail with some attachments which could result in this )

[w0lverine]

why don't you try useing a antivirus

i don't understand you got a dos message . are you using a antivirus? was this a antivirus alert?

How could it make it way thru to me? (I didnt get any mail with some attachments which could result in this )

virus spreads in many ways except mail attechments. it could have come through some infected floppy you have brought or from some infected software you might have installed

i would suggest use a good antivirus software to get rid of it . you can try AVG which i use ( its free)

[Und3ertak3r]

Messegener : from "MycompNo" to "MYCompNo"
Virus win32\Debrm.Q detected in your comp

Sounds like Netsend Messenger..

some one playing a joke.. here I am assuming that your OS is Win XP.. a google of the name brought up nothing.. is that the correct spelling? (I searched on Debrm and Debrm.Q)

If you havent got AV software like w0lverine has commented.. you are playing Russian Roulette..
Also to stop this kind of message.. dissable "Messenger" Service this will not affect MSN Messenger (shock horror if it should fall of the face of the earth)

So don't panic


any more questions please post back..


Cheers

[Desolation_Jam]

Well I am sorry for the typo error its called win32\Deborm.Q virus , and yes the message was a Netsend messenger , but the sender was with the same name as that of my comp.
The message , file ~2.exe detected on a user's folder on my comp, but that user has never used my comp ( I am talking of the comp I used in office ). And I havent used a floppy either . That is why I am puzzeled as to how can the worm get into my comp.
Anti virus has repaired the file, but the questions that are baffaling me are :
1. How can the messenger service reported that a user's folder was infected when infact that user has never used my comp.
2. I havent used folppy since a year on my comp , my mails are scanned by antivirus s/w so what else can be the way in which worm sneak into my comp.

[scriptkiddie18]

Removal Instructions:
Removal using the W32.HLLW.Nebiwo Removal Tool
This is the easiest way to remove this threat. Symantec Security Response has created a W32.HLLW.Nebiwo Removal Tool.

Manual Removal
As an alternative to using the removal tool, you can manually remove this threat.

The following instructions pertain to all current and recent Symantec antivirus products, including the Symantec AntiVirus and Norton AntiVirus product lines.

1. Update the virus definitions.
2. Run a full system scan and delete all the files detected as W32.HLLW.Nebiwo.
3. Delete the value that was added to the registry.

For specific details on each of these steps, read the following instructions.

1. Updating the virus definitions
Symantec Security Response fully tests all the virus definitions for quality assurance before they are posted to our servers. There are two ways to obtain the most recent virus definitions:

* Running LiveUpdate, which is the easiest way to obtain virus definitions: These virus definitions are posted to the LiveUpdate servers once each week (usually on Wednesdays), unless there is a major virus outbreak. To determine whether definitions for this threat are available by LiveUpdate, refer to the Virus Definitions (LiveUpdate).
* Downloading the definitions using the Intelligent Updater: The Intelligent Updater virus definitions are posted on U.S. business days (Monday through Friday). You should download the definitions from the Symantec Security Response Web site and manually install them. To determine whether definitions for this threat are available by the Intelligent Updater, refer to the Virus Definitions (Intelligent Updater).

The Intelligent Updater virus definitions are available: Read "How to update virus definition files using the Intelligent Updater" for detailed instructions.


2. Scanning for and deleting the infected files

1. Start your Symantec antivirus program and make sure that it is configured to scan all the files.
* For Norton AntiVirus consumer products: Read the document, "How to configure Norton AntiVirus to scan all files."
* For Symantec AntiVirus Enterprise products: Read the document, "How to verify that a Symantec Corporate antivirus product is set to scan all files."
2. Run a full system scan.
3. If any files are detected as infected with W32.HLLW.Nebiwo, click Delete.


3. Deleting the value from the registry

CAUTION: Symantec strongly recommends that you back up the registry before making any changes to it. Incorrect changes to the registry can result in permanent data loss or corrupted files. Modify the specified keys only. Read the document, "How to make a backup of the Windows registry," for instructions.

1. Click Start, and then click Run. (The Run dialog box appears.)
2. Type regedit

Then click OK. (The Registry Editor opens.)

3. Navigate to the key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

4. In the right pane, delete the value:

NAV Live Update <path to worm>

5. Exit the Registry Editor.

Wrom: NVWWCUFPEGAUTFJMVRESKPNKMBIPBARHDMNNSKVFVWRKJVZCMHVIBGDADRZFSQHYUCDDJBLVLMHA
cheers

[scriptkiddie18]

/am really sorry for posting twice but wtf is this...i did this link http://securityresponse.symantec.com...lw.nebiwo.html
and it shows up as...

NVWWCUFPEGAUTFJMVRESKPNKMBIPBARHDMNNSKVFVWRKJVZCMH
VIBGDADRZFSQHYUCDDJBLVLMHA

in my previous post

are we havin problems with AO?



i did this in my previous post... from http://securityresponse.symantec.com...lw.nebiwo.html
so why does it show up in some random letters?


edit: i included ( after the from and the space and link...whats that mean anyways?

[Tedob1]

( I am talking of the comp I used in office ). And I havent used a floppy either . That is why I am puzzeled as to how can the worm get into my comp.

you're kidding right?


i have to assume (because it looks like your never going to fuggen tell us) that this computer is in a networked environment....am i getting warm?

once somebody brings a network aware virus into the average small network there really isn't much to stop it. most defenses are setup to keep things from the internet out. once its inside, depending on the type of worm and how the network is configured, its pretty much found nirvana and could take many man hours to get rid of it.

if you go to all these sites and do whatever they tell you to get it off of your computer your going to get re-infected threw the network before your finished getting rid of it. i hope you discribed this to your network administrator and not just here on ao.