randomania3, on Jun 19 2007, 01:14 AM, said:
ok I had 3 worms. two i were able to delete because they were added to the computer as regular files so by using the serch function I was ale to find them and then delete them. The root of the problem though is a worm that attached to a file I can't delete and has been on my computer since the date it was set up in November '04. I can't find the name of the worm but it is infecting C:\WINDOWS\system32\tswulcsquh.exe. I'd have a hard timerestoring my entire system because it'd take a lot to back up all the files and programs on my computer. and if its attached to the registry, that'll be a problem. The virus was sent by someone to me in a link back in like may but I didn't detect it til lnow but then email addresses were hacked and my computer kept getting trojans till i finally detected the worms today... x.x I have all my antivirus software installed according to the provider's website and it can't delete this worm (whoever mad eit is extremely crafty. 0.o)
Use Windows XP's backup utiliity. It's very easy to use. It is not installed with Windows XP by default, but it's located in the Windows XP installation disc in the i386 folder. The ntbackup.exe file in the folder is the setup program to install the backup utility. Use the wizard mode to backup all the data or just selected files. It only took me about 18 minutes to back about 12 GB of data when I first had my notebook computer.
Next up, you should NEVER touch the registry by yourself unless directly told by a trained professional or documentation/webpage from the Anti-virus software or provider.
If your email address is affected, it's probably a worm, not a virus or trojan. (the link may link to a trojan though). The worm has a scanning ability to scan opened ports and then keep the ports open to launch more attacks. Try closing all the ports especially the email ports: SMTP (25), POP3 (110), IMAP (150), and perhaps HTTP (80).
Use a free utility such as Port Detective to find all which ports are open.
Note that not all anti-virus software can detect all viruses. Different AV software have different capabilities to detect viruses.
There are three main ways viruses can hide itself from the computer user and Anti-virus software.
They are:
Polymorphic- the virus changes its distinguishing characterisitics as it replicates. anti-virus softwares rely on virus signatures saved as .that files. (some viruses even have the ability to disable the AV software or delete the AV software's .that file that stores its virus signature)
Encrypting- Some AV software checks files for replicating programs that viruses use to replicate themselves. Viruses generally hide themselves into a non-replicating program to avoid detection. However viruses must revert back to replicate themselves. Some viruses make an extra copy of itself and then hides the other one. Therefore if you delete the virus, it will appear again. Luckily just hope the AV software detectes the replicating program as well. Autoscan for viruses should be on.
Stealth viruses: AV(anti-virus) software also detects viruses by noting differences between a program's file size before the virus affects it. Some viruses alters the operating system to mask the size of the file it hides it. I bet you have this kind of virus as it is located in the Windows folder (system files are well-known enough for viruses to infect). Windows File Protection or Data Execution Preventation prevents viruses from affecting system files. So it's probably that the virus created a hidden program inside the system folder.
tswulcsquh.exe is not a required system file. I don't believe there is a .exe file in the system folder either.
Also be aware the bigger the changes you make, the more likely you will damage the system as well. So always backup your data before you make major changes especially the registry. Make an Automated System Recovery (ASR) disk in advanced mode of Windows Backup Utility. If not, all your data may be lost!
0
