About CyberScrub
 
CyberScrub Home

Secure Erasure
Password Manager
Data Destruction

CyberScrub Network Products
Compliance Suite

Resource Library
A collection of information
and resources specifically
focused on computer security,
data destruction, document
life-cycle solutions, compliance
and password management

Secure your computer from attack
Destroy viruses, worms and Trojans
Includes 5 Year License
Includes FIREWALL


Order by Phone: 770-951-2080
(Monday-Friday 9-5pm EST)

Free Tools

Ordered by Date Ordered by name
• [01/21/2005] not-a-virus:AdWare.Visiter
• [01/21/2005] Virus.Win32.Implinker.a
• [11/01/2004] I-Worm.Bagle.at,au
• [11/01/2004] I-Worm.Zafi.b
• [05/28/2004] Trojan.Win32.StartPage.fw
• [05/28/2004] Backdoor.Agent.ac
• [05/28/2004] Worm.Win32.Sasser.a-d.f
• [05/28/2004] I-Worm.Bagle.a-j,n-r,z
• [03/02/2004] TrojanDownloader.Win32.Agent.a-j
• [03/02/2004] I-Worm.NetSky.b-d
• [02/20/2004] I-Worm.Torvil.d
• [01/21/2004] Backdoor.Afcore.l-ad
• [12/26/2003] I-Worm.Sober.a,c
• [12/01/2003] Worm.Win32.Opasoft.a-p
• [09/18/2003] I-Worm.Swen
• [09/17/2003] Backdoor.Small.d
• [09/17/2003] Trojan.Win32.SilentLog.a-b
• [09/17/2003] I-Worm.Dumaru.a-m
• [08/25/2003] I-Worm.Sobig.f
• [08/22/2003] Worm.Win32.Welchia
• [08/14/2003] Worm.Win32.Lovesan
• [06/26/2003] I-Worm.Magold.a-e
• [06/17/2003] I-Worm.Tanatos.a,b
• [06/03/2003] I-Worm.LovGate.a-l
• [05/12/2003] I-Worm.Fizzer
• [03/05/2003] I-Worm.Lentin.a-p
• [02/26/2003] I-Worm.Mydoom.a-b,e
• [01/08/2003] I-Worm.Avron.a-e
• [12/17/2002] Worm.Win32.Opasoft.a-h
• [11/26/2002] I-Worm.Winevar
• [11/05/2002] I-Worm.Bridex
• [04/19/2002] Win32.Elkern.c
• [12/05/2001] I-Worm.Goner
• [11/09/2001] I-Worm.Klez.a,e,f,g,h
• [09/17/2001] I-Worm.Nimda
• [07/19/2001] I-Worm.Sircam
• [11/30/2000] I-Worm.Blebla.b
• [11/11/2000] I-Worm.Navidad
• [11/11/1999] Win32.FunLove
Backdoor.Afcore.l-ad
Backdoor.Agent.ac
Backdoor.Small.d
I-Worm.Avron.a-e
I-Worm.Bagle.a-j,n-r,z
I-Worm.Bagle.at,au
I-Worm.Blebla.b
I-Worm.Bridex
I-Worm.Dumaru.a-m
I-Worm.Fizzer
I-Worm.Goner
I-Worm.Klez.a,e,f,g,h
I-Worm.Lentin.a-p
I-Worm.LovGate.a-l
I-Worm.Magold.a-e
I-Worm.Mydoom.a-b,e
I-Worm.Navidad
I-Worm.NetSky.b-d
I-Worm.Nimda
I-Worm.Sircam
I-Worm.Sober.a,c
I-Worm.Sobig.f
I-Worm.Swen
I-Worm.Tanatos.a,b
I-Worm.Torvil.d
I-Worm.Winevar
I-Worm.Zafi.b
Trojan.Win32.SilentLog.a-b
Trojan.Win32.StartPage.fw
TrojanDownloader.Win32.Agent.a-j
Virus.Win32.Implinker.a
Win32.Elkern.c
Win32.FunLove
Worm.Win32.Lovesan
Worm.Win32.Opasoft.a-h
Worm.Win32.Opasoft.a-p
Worm.Win32.Sasser.a-d,f
Worm.Win32.Welchia
not-a-virus:AdWare.Visiter

How to remove Worm.Win32.Sasser.a,b,c?

  1. Download clrav.com utilityand save it into root folder of drive C:\. Use this utility only in case the virus is detected in files different from e-mail files/data bases.
  2. Run clrav.com. If the program shows message "Nothing to clean" - run this utility from command line with parameter /s. Go to menu Start -> Run and type C:\clrav.com /s then press Enter.
  3. Run CyberScrub AntiVirus Scanner to make sure no virus bodies are left.

How to delete I-Worm.Mydoom.a-b,e?

  1. Download clrav.com utility and save it into root folder of drive C:\. Use this utility only in case the virus is detected in files different from e-mail files/data bases.
  2. Run clrav.com. If the program shows message "Nothing to clean" - run this utility from command line with parameter /s. Go to menu Start -> Run and type C:\clrav.com /s then press Enter.
  3. Run CyberScrub AntiVirus Scanner to make sure no virus bodies are left.

How to remove the virus I-Worm.NetSky.b-d?

  1. Download clrav.com utility and save it into root folder of drive C:\. Use this utility only in case the virus is detected in files different from e-mail files/data bases.
  2. Run clrav.com. If the program shows message "Nothing to clean" - run this utility from command line with parameter /s. Go to menu Start -> Run and here type C:\clrav.com /s then press Enter.
  3. Run CyberScrub AntiVirus Scanner to make sure no virus bodies are left.

How to remove TrojanDownloader.Win32.Agent.j?

  1. Download clrav.com utility and save it into root folder of drive C:\. Use this utility only in case the virus is detected in files different from e-mail files/data bases.
  2. Run clrav.com. If the program shows message "Nothing to clean" - run this utility from command line with parameter /s. Go to menu Start -> Run and type c:\clrav.com /s then press Enter.
  3. Run CyberScrub AntiVirus Scanner to make sure no virus bodies are left.

How to remove I-Worm.MTX?
This is a worm virus spreading under the Win32 systems. The virus infects the Win32 executable files, attempts to send e-mail messages with attached infected files, as well as installs a backdoor component to download and spawn "plugins" on an affected system. The virus has an unusual structure consisting of three different components that are run as stand-alone programs (Virus, e-mail Worm and Backdoor.
Disinfecting and deleting:

  1. Open system registry (Start>Run> regedit) and press OK.
  2. Then select: HKLM\Software\Microsoft\Windows\CurrentVersion\Run and delete SystemBackup=%WinDir%\MTX_.EXE, where %WinDir% is your Windows directory.
  3. Reboot your PC.
  4. Start CyberScrub AntiVirus Scanner and delete files:
    IE_PACK.EXE
    WIN32.DLL
    MTX_.EXE

How to get rid of WScript.KakWorm?
WScript.KakWorm is written in JavaScript. For spreading it uses MS Outlook Express. The worm does not attach itself to messages as regular worm viruses do, but embeds its body into message as a script program. The worm works under English and French Windows versions only. It does not work in case Windows is installed in directory other than "C:\WINDOWS".
The worm is fully compatible with MS Outlook Express only. In MS Outlook the worm is activated and infects the system, but it can not spread itself further because it targets MS Outlook Express only to spread its copies. Under other email systems the worm functionality depends on that system features. While infecting the system the worm creates three additional files with its copy. First two of them are used to infect the system, the last one is used to spread worm code in infected emails:

  1. KAK.HTA in Windows startup folder
  2. random named .HTA file in Windows system folder
  3. KAK.HTM file in Windows folder

Deleting:
If your PC is not infected with KakWorm you should do the following:

  1. Temporarily disable your CyberScrub AntiVirus Monitor;
  2. Delete the infected message(s) from all of your mailboxes manually using your mail program, but be warned DO NOT OPEN THIS MAIL AND DO NOT TURN THE PREVIEW PANE ON, this virus is embedded in message text so you'll be infected just after you open an infected message;
  3. Compact all folders;
  4. Enable CyberScrub AntiVirus Monitor again.

If your PC is already infected then you should do the following:

  1. Turn the preview pane in your mail client and close your email client.
  2. Delete from your registry "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" key "cAg0u = "C:\WINDOWS\SYSTEM\(name).hta", where the entry "(name)" is an 8 character name (for example 68DAEF80.HTA as it is at you friends PC).
  3. Restart your PC.
  4. Remove the following files (if exist):
    - KAK.HTA from C:\Windows
    - KAK.HTM from C:\Windows\System
    - (name).HTA from C:\Windows\System , where (name) is an 8 character name
    - KAK.HTA from C:\Windows\Start Menu\Programs\Startup
  5. Delete the default email signature.
  6. Delete messages which are not needed and which may contain the embedded script (as it described above).

How to get rid of I-Worm.PrettyPark?
To get rid of I-Worm.PrettyPark you should do the following:

  1. Rename regedit.exe to regedit.com
  2. Run regedit.com
  3. Go to "HKEY_CLASSES_ROOT\exefile\shell\open\command" and set the value of "Default" key to "%1" %*
  4. Run CyberScrub AntiVirus and delete files reported as infected with I-Worm.PrettyPark.
  5. Rename regedit.com to regedit.exe

How to get rid of I-Worm.Happy99?
While installing the worm affects files in the Windows system directory only. It creates the SKA.EXE and SKA.DLL files in there, copies the WSOCK32.DLL to newly created WSOCK32.SKA and patches the original WSOCK32.DLL file to hook email sending calls. If the worm is detected in your system you can easily get rid of it just by deleting SKA.EXE and SKA.DLL files in the system Windows directory. You also should delete the WSOCK32.DLL file and replace it with the WSOCK32.SKA original file. The original HAPPY99.EXE file should be also located and deleted. To protect your computer from re-infection you need just to set Read-Only attribute for the WSOCK32.DLL file. The worm does not pay attention to Read-Only mode, and fails to patch the file.

How do I delete the "Aliz" Virus?

  1. Download the special patch from Microsoft Corporation: http://www.microsoft.com/downloads/details.aspx?FamilyID=e0aa0152-f075-4db2-b2cb-bccfdaa58dd5&displaylang=en
  2. If MS Outlook Express or Internet Explorer in operation, close these application windows.
  3. Install the patch in your PC.
  4. Disable the antivirus Monitor to gain access to mail databases.
  5. Run the CyberScrub AntiVirus Scanner;
  6. Look at the Scanner report, and find the full information provided about infected messages (subject, date of receiving etc.);
  7. Run Outlook Express;
  8. Deactivate the preview pane function: Outlook Express: View>Layout> unmark Show preview pane;
  9. Delete all infected messages manually;
  10. Clean "Deleted Items" folder;
  11. Compact folders: File->Folder->Compact all folders;
  12. Enable the AntiVirus Monitor;
  13. Launch CyberScrub AV Scanner and make the full scanning;
  14. If this virus is detected again on your PC, please contact the CyberScrub Team for further instructions.

How do I delete the Win32.FunLove Virus?
You can download special utility KlAntiFL.exe from our website and then protect your PC from further infection with the help of CAV Monitor. This utility scans memory and can scan hard drives on demand or in case memory is infected, but it will not protect against further infection.
Instructions to cure computers in the network

  1. Infected PC must be disconnected from the network.
  2. Run Anti-FunLove utility.
  3. On the screen you will see a utility window with two buttons "Cancel" and "Deinstall" (deinstall - if you already have some version of this utility) or "Install".
  4. In case if "Deinstall" button is active, when you press this button the utility will deinstall old version and restart the compter. After a restart you will need to run the utility one more time. In this case it will show "Install" button.
  5. If you have button "Install" active, the utility will install onto your computer necessary files, register them and restart the PC.
  6. When computer started the utility will scan memory, hard drives (the scanning process and its result will be visible on the screen).
  7. After computer is successfully cured it is recommended to restart the system.
  8. after restart you will have to reinstall Kaspersky Anti-Virus.
  9. Enable CAV Monitor on the computer and connect it to the network. After this you can cure another computer and this PC will be protected by CAV Monitor.

 

Home | Products | Downloads | Support | Company | Topics | Contact | Affiliates | News | Sitemap
Privacy Suite | KeyChain Password Manager | cyberCide
Refund Policy
© 2014 CyberScrub LLC. All rights reserved. CyberScrub and the CyberScrub logo are  registered trademarks of CyberScrub LLC.
All other trademarks are property of their respective owners.