|
Step-by-step removal
The following removal instructions should only be attempted by experienced users. The Symantec removal utility should be used by less experienced users and those who desire an automated, safe tool for cleaning a system of a SirCam infection.
- Modify the Registry to:
Delete the key HKLM\Software\SirCam
Remove the value Driver32 from:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
Reset the value to:
"%1" %*
in HKCR\exefile\shell\open\command
Registry edits can also be done automatically using the F-Secure Registry Fix.
- Modify the Autoexec.bat to:
Remove the line:
"@win \recycled\sirc32.exe"
- Rename RUN32.EXE
In the event of an infection via the network, search for the file RUN32.EXE and rename it back to RUNDLL32.EXE (both files are located in the \Windows\ directory).
- Scan and delete infected files
Use an updated antivirus scanner to search for any instances of the SirCam worm and delete them from your system. If an infected file cannot be deleted (for example, if you receive a "file is in use" error), reboot into DOS mode and use a DOS-based scanner such as F-Prot to scan and remove any instances of the worm. Conversely, you can search manually for the following files which are related to the SirCam worm: 'SCam32.exe', 'SirC32.exe', 'ScMx32.exe', 'Microsoft Internet Office.exe'and 'sircam.sys'. In either case, the system should be scanned thoroughly with updated antivirus software to ensure all infected files have been removed.
Previous page > Step-by-Step Removal > Page 1, 2, 3
|
