After the infection I unplugged my machine from the network and
connected only to go to Windows update site which was not successful.
I would appreciate any any advice in removing the worm.
Thanks
Format C: /s should do it. (Just kidding!)
Have you researched the worm at other AV software companies' web sites?
Often there are 'custom' removal tools available. Also, run the scans from
safe mode so you are disconnected from the network and Internet with most
other non-essential services running. Be sure the scans are set to check all
files, not just specific locations and/or extensions, and set to scan within
compressed files.
I don't use W2K anymore, so I don't remember for sure if msconfig.exe is
part of that OS. But check and see - it will list the programs that your
computer is starting up with. You can disable any/all of them and see if you
can then access the Control Panel Add/Remove programs.
I went to these sites and ran their scans
http://housecall.trendmicro.com/housecall/start_corp.asp
http://www.kaspersky.com/remoteviruschk.html
http://security.symantec.com/sscv6/default.asp
http://www.pandasoftware.com/activescan/activescan.asp
http://commandondemand.com/eval/index.cfm
http://www.ravantivirus.com/scan/
http://www.bitdefender.com/scan/licence.php
http://www.pcpitstop.com/antivirus/default.asp
http://scan.sygatetech.com/prestealthscan.html
but that could not help me. Now the worm has disabled even my going to
those sites. I cannot go to any such site and start the Active X
control to start a scan.
I ran the scans in normal and safe mode,connected and disconnected from
the network but of no help.
The scans are set for all files,compressed and also to decode MIME
files. Msconfig does not work for me. Sysedit does not show anything
suspicious. But going to registry I removed the suspicious program
entries in safe mode. Also using the Advanced mode of Spybot search and
destroy I inspected the programs in startup but everything seems
normal. I still dont know where the worm may be hidden. I selected the
option of showing all files(even the operating system files) but cannot
still find the reason.
Thanks for your help.
I will try one more method. Restoring the registry to a week or month
back and see if that helps me(I know it is very faint since the
problems is not by faulty registry entries but a worm so I doubt it
will work). If it does not I think what you have told me is the only
option. But then I need to be careful that the infected drive does not
infect another clean machine with the worm and cause me more problems.
Thanks for your help.