Virus on Gamesurge.

This is used for general discussion that is not necessarily server-related.
Post Reply
|dC|2bit
This is my homepage
This is my homepage
Posts: 144
https://www.youtube.com/channel/UC40BgXanDqOYoVCYFDSTfHA
Joined: Wed Oct 01, 2003 6:09 pm
Location: Eugene, OR

Virus on Gamesurge.

Post by |dC|2bit »

If your friend says you said "u wanna see my site? http://private.a123sdsdssddddgfg.com"(THIS SITE WILL INFECT YOUR COMPUTER DONT CLICK!) then below is what you need to do.

NOTE: IF you click the link above then you WILL have to follow these instructions. DONT CLICK THE ABOVE LINK!

I wrote these myself so dont bash my spelling. Be happy you have removal instructions.

1.Open taskmgr by pressing ctrl+alt+delete
2.Click on the "Processes"
3.CLick "wsz32.exe" and end the process
4.Then delete "wsz32.exe" in the "c:\windows\system32"
5.Delete any files starting with "wsz32.exe" in "c:\windows\prefetch" if any
6.Then click on run and type in regedit
7.Click on my "my computer" on the left side of the Registry Editor
8.Then click "edit" then "find..." and search for wsz32.exe
9.It will start searching the registry
10.When it hightlights an entry on the right side delete it
11.Once the entry is deleted press "F3" to continue the search
12.Repeat steps 10-11 until it says "finished searching the registry"
13.Then restart the computer and make sure that it does not show in the task manager again in the "processes" tab

I would recommend deleting Mirc and reinstalling it again after this virus. Not clear on what scripts if any where load by it. The above instructions only remove the virus from your OS.

If you get an error saying it cant find or load wsz32.exe then you did not get all the registry entries.

If you need help msg me on irc. Im |dC|2bit-NF0 or |dC|2bit-NFo|Sleep or |dC|2bit-NFo|Work.

NOTE: I was infected with this virus and this is how I removed it. I DO work an antivirus company, I will not say which one. Im not responsible for any negative effects this has on your computer. These steps have been done on my computer with no side effects and the virus is gone.
Top
Freyden-GRC
New to forums
New to forums
Posts: 1
Joined: Thu Apr 01, 2004 1:48 am

Post by Freyden-GRC »

:D The exact reg places are:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce


Looks like someone made a removal tool also - ircbottrojanremover.exe
Top
|dC|2bit
This is my homepage
This is my homepage
Posts: 144
Joined: Wed Oct 01, 2003 6:09 pm
Location: Eugene, OR

Post by |dC|2bit »

Yeah. I was just to lazy to post them. Also some viruses will change the load points depending on OS so I just said to search.
Top
Post Reply

Return to “General”