Financial Daily from THE HINDU group of publications
Monday, Aug 23, 2004
eWorld
Features
Stocks
Port Info
Archives

Group Sites

 eWorld - Computer Usage
Columns - Tip Off


Removing worm

I recently copied a set of files from a friend's computer onto a blank floppy. When I opened the 3.5-inch floppy folder, apart from the other files, I found a file titled "Recycle" and it was displayed with the Win 98 Recycle Bin logo. I tried to open this file by double-clicking it. Nothing happened. But now, much to my dismay, I find that this file gets created in every floppy disk that I open — even on a brand new floppy. When I check in "Properties", I find that it is a read-only file; the Archive check box is checked too. From the version tab, I find that the `company name' is "SSR", `internal name' is "service" and the `original name' is "service.exe". Even when I delete this file, it gets recreated. I searched my entire system for "service.exe", but to no avail. This file occupies 28KB space. Is this a virus file? If yes, please suggest a solution to remove this. My system runs Win XP Pro, with a 2400+ AMD Athlon XP processor. It also has Norton Antivirus 2004 installed.

Sesh N. Kumar

The characteristics comply with that of a worm known as W32.HLLW.Flopcopy. Once the system is infected, the worm copies itself to the system32 folder of the Windows directory as service.exe, and adds an entry in the registry which enables it to run at Windows start-up. When a floppy is inserted and accessed, this worm — running at the background — copies itself to a: as Recycle.exe.

To have the worm removed, please update your virus definition to the latest and run a complete system scan in safe mode. However, you can also remove it manually. Please start the system in safe mode, click on start -{gt} run, type in regedit and press enter. In the editor, navigate to the following location:

HKEY_LOCAL_MACHINE\SOFTWARE\

Microsoft\Windows\CurrentVersion\Run.

In the right pane, please delete the value "SYS_CLEAN"="windir\

system32\Service.exe time".

Next, go the Windows directory, open the folder system32, and you should find "service.exe" there. Please delete it and restart the system. Don't delete "services.exe" as it is a genuine and important system file.

Please e-mail us at eworld@thehindu.co.in

if you have queries on computer usage or if you find an interesting way of using a computer.

Solution by G. Rajah

Article E-Mail :: Comment :: Syndication :: Printer Friendly Page

Stories in this Section
Timing the catch

Set off with your laptop
More on the home front
Keep it going
A special letter
Confusing picture
Where's the money?
A fair start
Might is right
Trouble staying connected to the Net
Removing worm
New rules in this pool
Quiz
System attack starts with a ping sweep
Both sides of the story

The Hindu Group: Home | About Us | Copyright | Archives | Contacts | Subscription
Group Sites: The Hindu | Business Line | The Sportstar | Frontline | The Hindu eBooks | Home |

Copyright © 2004, The Hindu Business Line. Republication or redissemination of the contents of this screen are expressly prohibited without the written consent of The Hindu Business Line