sircam removal
TRANSCRIPT
-
7/28/2019 SirCam Removal
1/2
How to Clean/Delete the SIRCAM Virus?
Because the sircam virus can spread through shared network drives, you should first disconnect yourcomputer from any local area network.
You candownload and run the automatic cleaning tool for SIRCAM, or follow the directions below tomanually remove it.
1. First, rename REGEDIT.EXE to REGEDIT.COM. If you want to use the fix tool, there is noneed to rename the file
2. Click Start, Run, type REGEDIT and then press Enter.
3. In the left panel, click the (+) left of each of the below:HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersion
RunServices
4. In the right panel, look for and then delete the registry value called Driver32.
5. In the left panel, click the (+) left of each of the below:HKEY_LOCAL_MACHINESoftwareSirCam
6. Click SirCam and then press the Delete key.
7. In the left panel, click the (+) left of each of the below:HKEY_CLASSES_ROOTexefileshellopencommand
8. In the right panel, right-click the (Default) value, then choose Modify.
9. Change C:\Recycled\SirC32.exe%1%* to %1 %*. In other words, removeC:\Recycled\SirC32.exe.
Remove the dropped files:
1. Open an MS-DOS box or Command Prompt
2. Go to the System directory (C:\Windows\System or C:\Winnt\System32).
3. Type ATTRIB -S -H -R SCAM32.EXE to unhide the Trojan file.
4. Type DEL SCAM32.EXE to delete the Trojan file.
5. Go to the Recycled folder (C:\Recycled folder)
Note: Emptying the recycle bin does not effectively delete the dropped Trojan files in the folder. It issuggested that the command prompt be used when deleting the dropped files.
1. Type ATTRIB -S -H -R SIRC32.EXE.2. Type DEL SIRC32.EXE to delete the Trojan file.
Remove the Worm reference from AUTOEXEC.BAT:
http://www.antivirus.com/vinfo/security/fix_sircam.comhttp://www.antivirus.com/vinfo/security/fix_sircam.comhttp://www.antivirus.com/vinfo/security/fix_sircam.com -
7/28/2019 SirCam Removal
2/2
1. Look for the AUTOEXEC.BAT file.2. Search and remove the string "@win \recycled\Sirc32.exe"
Restore your RUNDLL32.EXE:
1. Search for RUN32.EXE in your WINDOWS folder. If not found, then the worm did not
overwrite your RUNDLL32.EXE.2. If found, delete RUNDLL32.EXE and rename RUN32.EXE to RUNDLL32.EXE.
3. Restart your system
Note: If you found the worm entry in the AUTOEXEC.BAT file or if you found the RUN32.EXE file inthe Windows directory, this means that other computers in your network are also infected. Forprotection, minimize giving full access to your drives and as much as possible DO NOT share yourWindows and System folder.
Next, reboot your computer into Windows and do one of the following:
Log onto the Internet, update your current antivirus software, and run acomplete scan of all your hard drives
or
Log onto the Internet and run an online virus check of your complete system.You can find an excellent online antivirus scanner at the Trend MicroHousecall site listed below. Although this may be the quickest way to cleanthe system, please purchase antivirus software and install it on your system toremain uninfected. Remember, you are only as safe as your current antivirusupdate.
http://www.pchell.com/virus/virusupdates.shtmlhttp://www.pchell.com/virus/virusupdates.shtml