lies das ma , sollte helfen
Virentypus:_Worm
Destruktiv:_Ja
Aliase:_W32.HLLW.Warpigs, W32/Warpi.worm.gen, Worm/Mumu.B.4
ab Pattern-File:_590
benötigte ScanEngine:_5.400
Overall Risk Rating:
Low
Gemeldete Infektionen:
Low
Schadenspotential:
High
Verbreitungspotential:
High
Beschreibung:
This network worm has backdoor capabilities. It opens a port and listens for IRC commands that allow remote users to do the following:
Manipulate file and directories
Obtain system information
Obtain Windows cached passwords
Perform DOS attack
Ping networks
Execute/Terminate programs
This worm propagates by logging on to remote machines as administrator using its long list of passwords. It drops and executes its copy in the default ADMIN$ share, which should open the Windows installation folder.
This worm, which runs on Windows 95, 98, ME, NT, 2000, and XP, prevents the execution of the following files while it active in memory:
NETSTAT.EXE
MSCONFIG.EXE
REGEDIT.EXE
TASKMGR.EXE
These files are system tools that are installed with Windows.
Lösung:
Terminating the Malware Program
This procedure terminates the running malware process from memory.
Download a third party process viewer, such as Process Explorer from Sysinternals, so you can terminate the malware process.
Open your process viewer.
In the list of running programs, locate the process:
DISCWORLD.EXE
Select the malware process, then terminate or kill it.
Close Task Manager.
Removing Autostart Entries from the Registry
Removing autostart entries from the registry prevents the malware from executing during startup.
Open Registry Editor. To do this, click Start>Run, type REGEDIT, then press Enter.
In the left panel, double-click the following:
HKEY_LOCAL_MACHINE>Software>Microsoft>
Windows>CurrentVersion>Run
In the right panel, locate and delete the entry:
Winsockdriver = "Discworld.exe"
In the left panel, double-click the following:
HKEY_CURRENT_USER>Software>Microsoft>
Windows>CurrentVersion>RunOnce
In the right panel, locate and delete the entry:
Winsockdriver = "Discworld.exe"
On Windows NT, 2000, and XP systems, double-click the following: HKEY_LOCAL_MACHINE>Software>Microsoft>
Windows NT>CurrentVersion>Winlogon
In the right panel, locate the entry:
Shell=explorer.exe Discworld.exe
Right-click the entry and select modify.
Delete the string "Discworld.exe" and click OK.
Close Registry Editor.
Removing Autostart Entries from System Files
A malware modifies system files so that it automatically executes at every Windows startup. These startup entries must be removed before the system can be restarted safely.
Open the SYSTEM.INI file. To do this, click Start>Run, type SYSTEM.INI, then press Enter. This should open the file in your default text editor (usually Notepad).
Under the [boot] section, locate the line that begins with:
Shell=Explorer.exe
From the same line, delete the malware file name:
Discworld.exe
Close the SYSTEM.INI file and click Yes when prompted to save.
Dein problem ist das Malware Programm, der Wurm selbst ist nur das Symthom.
Versuch mal ad-aware von Lavasoft
Hey Chris, ich kann Autos reparieren aber ich hab doch kein Englisch studiert!!!
Was heisst das jetzt für mich? Was muß ich da machen?
sorry, dachte wer englische autos fährt muss auch englisch sprechen 
spass beiseite , such dir den prozess "DISCWORLD.EXE " mit dem taskmanager oder einem anderen prozess-viewer und beende ihn
dann such in der registry mti dem registry-editor (regedit.exe) nach einträgen mit "DISCWORLD.EXE " und lösch sie.
dann öffne in einem text-editor die datei "system.ini" und lösche auch dort den eintrag "DISCWORLD.EXE" , und dann den rechner neu starten, dann sollte es sich erledigt haben.
gruss
chris
und ruh is:D
Du hast noch kein Benutzerkonto auf unserer Seite? Registriere dich kostenlos und nimm an unserer Community teil!
