W32.Unruy!gen1
hi, im having a problem with the worm (Win32.Unruy!gen1) on one of my XP Home Ed computers. ive looked at all the help topics on the internet but it doesnt seem to help. ok, i have norton360 v4 on my computer which is detecting this w32.unruy!gen1 located in "C:\System Volume Information\Microsoft\services.exe, & smss.exe" but cannot remove it. ive tryed spybot, superantispyware, spyware doctor & threatfire. I have also booted into safe mode with cmd and ran the "del /F" command on the files only to find out that they're both running and cant be renamed or deleted. I have even gone as far as to boot up with a Ubuntu USB and manually wipe the smss.exe off the C:\ drive, but when it comes to starting up again it recreates itself. Ive looked at the file properties and it calls itself "Black Internet" version1.0.0.1 and contains 2 bible verses, but was originally named "Loader.exe". Any help, without wiping the drive, would be greatly appreciated. Thanks1 person needs an answerI do too
June 26th, 2010 9:42am

Have you tried Malwarebytes' free scanner?As these are core system files you'd have to delete them using a Live CD, and then replace them with copies from a Windows CD of the same Service-pack level. To convert the compressed files (with an underscore) to standard copies you use the EXPAND utility on the CD. It is important to remove any infected copies in the dllcache or service-pack backup folders, or the infected files may be copied-back.That said, when you have an infection involving modified system core files, I would recommend doing a complete erase (zeroing all bytes) of the disk, including the partition-table and MBR, and starting completely afresh. You can do this erase with Ubuntu tools such as gparted, or with a Windows LiveCD such as UBCDWIn.Either that, or buy a new hard-disk and install from scratch on that. That way you don't need to zap your existing data rightaway.BTW, Norton 360 would not be my choice of security software. The fact that your system was compromised underlines this point.
Free Windows Admin Tool Kit Click here and download it now
June 26th, 2010 11:27am

Try to update your Norton and login in Safemode with Networking and run full system scan in Safemode and also disable system restore in safemode before run full system scan.Also you may try to run full system scan with:http://onecare.live.com/site/en-us/default.htmIf these did NOT resolve the problem, try to contact Symantec support as long as you are using Norton:http://www.symantec.com/support/index.jspFor Virus problem you may also try to contact Microsoft Safety support:https://consumersecuritysupport.microsoft.com/default.aspx?productkey=pcsafetymalware&faq=1&mytask=diagnostics&st=1&wfxredirect=1
June 26th, 2010 12:05pm

Hi Penom29,Here are 13 simple steps that will help you delete services.exe and smss.exe from the System Volume Information. There's no need to re-install the Operating System for now. Try these first. Remember that any malware infection that encapsulates itself from within the System Volume Information will re-create itself after restarting the computer.Try these:1. Open C:\ drive.2. Click Tools menu.3. Click Folder Options.4. Click View tab.5. Scroll down the very buttom and uncheck "Use simple file sharing (Recommended)."6. Right-click "System Volume Information" folder and click Properties.7. Click the "Security" tab.8. Click the "Advanced" tab.9. Check the "Inherit from parent the permission entries that apply to ch ild objects..." check box.10. Click "Appy" button.11. Click "OK" button. Then, click "OK" button again.12. Double-click the "System Volume Information" button.13. Find services.exe and smss.exe from C:\System Volume Information\Microsoft and delete them.If this post helps to resolve your issue, please click the "Propose as Answer" If you find it helpful , mark it as helpful by clicking on "Vote as Helpful" button at the top of this message. By marking a post as Answered, or Helpful you help others find the answer faster.
Free Windows Admin Tool Kit Click here and download it now
June 27th, 2010 1:22pm

hi, im having a problem with the worm (Win32.Unruy!gen1) on one of my XP Home Ed computers. ive looked at all the help topics on the internet but it doesnt seem to help. ok, i have norton360 v4 on my computer which is detecting this w32.unruy!gen1 located in "C:\System Volume Information\Microsoft\services.exe, & smss.exe" but cannot remove it. ive tryed spybot, superantispyware, spyware doctor & threatfire. I have also booted into safe mode with cmd and ran the "del /F" command on the files only to find out that they're both running and cant be renamed or deleted. I have even gone as far as to boot up with a Ubuntu USB and manually wipe the smss.exe off the C:\ drive, but when it comes to starting up again it recreates itself. Ive looked at the file properties and it calls itself "Black Internet" version1.0.0.1 and contains 2 bible verses, but was originally named "Loader.exe". Any help, without wiping the drive, would be greatly appreciated. ThanksTry this:Boot into Safe Mode and try to Flush the System Restore Points:Right click " My Computer" Select Properties. On System Properties click on System Restore Tab.Check this Box:[ ] Turn off system restore on all drives Click [Apply ] your Desktop may take a while to flush the system restores so be patient and then click [OK ]Run disk clean Up then Try to reverse the above by Enabling the System Restore on All Drive By unchecking the Check Box ( also be patient it will take a while to recreate a restore point).Burn this Iso image to a CD and try to boot your System and run a scan using it (make sure to make the CD-ROM your firstBoot device ).http://www.freedrweb.com/livecd/?lng=enLet us know your progress. nass -- http://www.nasstec.co.uk
June 27th, 2010 1:52pm

sorry, on XP Home edition SP3 the security policy feature is unavailable. thankyou anyway.ps. your tag "Propose as Answer" is actually "Mark As Answer"
Free Windows Admin Tool Kit Click here and download it now
June 28th, 2010 4:00am

The virus had already disabled system restore so i just enabled it again with no luck. The cd looks promising for the future as my father just decided to wipe the HDD and do a fresh reinstall. Thankyou anyway
June 28th, 2010 4:05am

yes i did use the latest of mbam anti-malware with no effect and i told my father months ago to delete the "ServicePackFiles" & the uninstall directory of the previous service pack as malware can exploit those files still with the new service pack. It doesnt matter now as he did a fresh reinstall after formatting the drive.what i would like to know is what would be your choice of security software (for future reference - as we recently bought norton)?
Free Windows Admin Tool Kit Click here and download it now
June 28th, 2010 4:10am

thankyou for your reply, however did a format and reinstall of the drive anyway and that fixed it. sorry for any troubles.
June 28th, 2010 4:12am

The virus had already disabled system restore so i just enabled it again with no luck. The cd looks promising for the future as my father just decided to wipe the HDD and do a fresh reinstall. Thankyou anywayHi,This CD not for installing Windows Operating system. It is for using it clean and rescue your machine from an Infection and make you gain access to the machine to either rescue your data or try troubleshooting your machine to fix errors and clean viral infection.Again this not a Windows Installation media for the Operating system! Your Father if he doesn't have installation media he will not be able to reinstall Windows Operating system.Good luck nass -- http://www.nasstec.co.uk
Free Windows Admin Tool Kit Click here and download it now
June 28th, 2010 11:40am

sorry, on XP Home edition SP3 the security policy feature is unavailable. thankyou anyway.ps. your tag "Propose as Answer" is actually "Mark As Answer"You need to Click on the Blue link for Propose As Answer to Mark the post who helped you. nass -- http://www.nasstec.co.uk
June 28th, 2010 11:42am

In case of deep problems contacting support would be the best option , anyway I am glad that problem resolved
Free Windows Admin Tool Kit Click here and download it now
June 28th, 2010 5:47pm

i never said anything about using it to reinstall xp, and yes we do have a genuine copy of xp to use. thankyou anyway
June 29th, 2010 4:11am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics