Virus: W32.Friendgreet.worm 
Author Message
 Virus: W32.Friendgreet.worm

Symantec shows Win98 instructions for removal <and I did
these> but does not relate specific steps for correcting
registry in XP. The registry is some serious files that I
really do not want to mess with but they give the
following steps for correcting in Win98 do you all have
an alternative to the following:

To delete the other files that the program added to the
system:
Use Windows Explorer to locate and delete these files:
C:\Program Files\Common Files\Media\Install.log
C:\Program Files\Common Files\Media\Otdock.dll
C:\Program Files\Common Files\Media\Otglove.dll
C:\Program Files\Common Files\Media\Otms.exe
C:\Program Files\Common Files\Media\Otupdate.exe
C:\Program Files\Common Files\Media\Uninstal.exe
C:\Program Files\Common Files\Media\Winsrvc.dat
C:\Program Files\Common Files\Media\Winsrvc.exe

To reverse the changes that the program made to the
registry:

CAUTION: Symantec strongly recommends that you back up
the registry before you make any changes to it. Incorrect
changes to the registry can result in permanent data loss
or corrupted files. Modify only the keys that are
specified. Read document How to make a backup of the
Windows registry for instructions.

1. Click Start, and click Run. The Run dialog box appears.
2. Type regedit and then click OK. The Registry Editor
opens.
3. Navigate to the following key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersi
on\Run

4. In the right pane, delete the following value:

PMedia C:\Program Files\Common Files\Media\winsrvc.exe

5. Navigate to the following key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\
CurrentVersion\Uninstall\WinSrv Reg

6. In the right pane, delete the following values:

DisplayName WinSrv Reg

UninstallString C:\Program Files\Common
Files\Media\UNINSTAL.EXE C:\Program Files\
                    Common Files\Media\INSTALL.LOG WinSrv
Reg Uninstall

7. Navigate to the following key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\
CurrentVersion\explorer\Browser Helper Objects

8. In the left pane, delete the following key:

{7011471D-3F74-498E-88E1-C0491200312D}

9. Navigate to the following key:

HKEY_LOCAL_MACHINE\Software\CLASSES

10. In the left pane, delete the following keys:

IEEvtCatcher.IEEvtCatcherObj.1

IEEvtCatcher.IEEvtCatcherObj

11. Navigate to the following key:

HKEY_LOCAL_MACHINE\Software\CLASSES\CLSID

12. In the left pane, delete the following keys:

{7011471D-3F74-498E-88E1-C0491200312D}
{7677C920-9CC3-4621-AF8C-AD45402DC2FD}

13. Navigate to the following key:

HKEY_LOCAL_MACHINE\Software\CLASSES\TypeLib

14. In the left pane, delete the following key:

{3972ADCE-8737-45DE-A6E2-A253348E5A1E}

15. Navigate to the following key:

HKEY_LOCAL_MACHINE\Software\CLASSES\Interface

16. In the left pane, delete the following key:

{059D8C85-A00F-40AF-8078-7692A0A79F19}

17. Exit the Registry Editor.

Additional information:

November 8, 2002.

Symantec Security Response now provides detection for an
updated version of W32.Friendgreet.worm. The new
installer is approximately 300 KB in size. It was
discovered that this new installer modifies the taskbar
in such a way that during installation you cannot switch
to another program. This also results in icons
disappearing from the taskbar. This does not result in
any permanent loss of information. Upon rebooting the
system the taskbar will function normally.
Additionally, the following Web sites have been reported
to host the installation package for
W32.Friendgreet.worm. This has not been confirmed by
Security Response at this time. Also note that other,
similarly-named sites may exist.
www.friend-card.com
www.friend-card.net
www.friend-cards.com
www.cool-downloads.com
www.cool-downloads.net
www.friend-greet.com
www.friend-greeting.com
www.friend-greeting.net
www.friend-greetings.com
www.friend-greetings.net
www.friend-cards.net



Sun, 01 May 2005 01:52:00 GMT  
 Virus: W32.Friendgreet.worm
Does anyone have experience with Windows XP on this
removal issue for Virus:W32.Friendgreet.worm.

How do you notify Microsoft directly? of this issue?
Jimmie

Quote:
>-----Original Message-----
>Symantec shows Win98 instructions for removal <and I did
>these> but does not relate specific steps for correcting
>registry in XP. The registry is some serious files that
I
>really do not want to mess with but they give the
>following steps for correcting in Win98 do you all have
>an alternative to the following:

>To delete the other files that the program added to the
>system:
>Use Windows Explorer to locate and delete these files:
>C:\Program Files\Common Files\Media\Install.log
>C:\Program Files\Common Files\Media\Otdock.dll
>C:\Program Files\Common Files\Media\Otglove.dll
>C:\Program Files\Common Files\Media\Otms.exe
>C:\Program Files\Common Files\Media\Otupdate.exe
>C:\Program Files\Common Files\Media\Uninstal.exe
>C:\Program Files\Common Files\Media\Winsrvc.dat
>C:\Program Files\Common Files\Media\Winsrvc.exe

>To reverse the changes that the program made to the
>registry:

>CAUTION: Symantec strongly recommends that you back up
>the registry before you make any changes to it.
Incorrect
>changes to the registry can result in permanent data
loss
>or corrupted files. Modify only the keys that are
>specified. Read document How to make a backup of the
>Windows registry for instructions.

>1. Click Start, and click Run. The Run dialog box
appears.
>2. Type regedit and then click OK. The Registry Editor
>opens.
>3. Navigate to the following key:

>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVers
i
>on\Run

>4. In the right pane, delete the following value:

>PMedia C:\Program Files\Common Files\Media\winsrvc.exe

>5. Navigate to the following key:

>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\
>CurrentVersion\Uninstall\WinSrv Reg

>6. In the right pane, delete the following values:

>DisplayName WinSrv Reg

>UninstallString C:\Program Files\Common
>Files\Media\UNINSTAL.EXE C:\Program Files\
>                    Common Files\Media\INSTALL.LOG
WinSrv
>Reg Uninstall

>7. Navigate to the following key:

>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\
>CurrentVersion\explorer\Browser Helper Objects

>8. In the left pane, delete the following key:

>{7011471D-3F74-498E-88E1-C0491200312D}

>9. Navigate to the following key:

>HKEY_LOCAL_MACHINE\Software\CLASSES

>10. In the left pane, delete the following keys:

>IEEvtCatcher.IEEvtCatcherObj.1

>IEEvtCatcher.IEEvtCatcherObj

>11. Navigate to the following key:

>HKEY_LOCAL_MACHINE\Software\CLASSES\CLSID

>12. In the left pane, delete the following keys:

>{7011471D-3F74-498E-88E1-C0491200312D}
>{7677C920-9CC3-4621-AF8C-AD45402DC2FD}

>13. Navigate to the following key:

>HKEY_LOCAL_MACHINE\Software\CLASSES\TypeLib

>14. In the left pane, delete the following key:

>{3972ADCE-8737-45DE-A6E2-A253348E5A1E}

>15. Navigate to the following key:

>HKEY_LOCAL_MACHINE\Software\CLASSES\Interface

>16. In the left pane, delete the following key:

>{059D8C85-A00F-40AF-8078-7692A0A79F19}

>17. Exit the Registry Editor.

>Additional information:

>November 8, 2002.

>Symantec Security Response now provides detection for an
>updated version of W32.Friendgreet.worm. The new
>installer is approximately 300 KB in size. It was
>discovered that this new installer modifies the taskbar
>in such a way that during installation you cannot switch
>to another program. This also results in icons
>disappearing from the taskbar. This does not result in
>any permanent loss of information. Upon rebooting the
>system the taskbar will function normally.
>Additionally, the following Web sites have been reported
>to host the installation package for
>W32.Friendgreet.worm. This has not been confirmed by
>Security Response at this time. Also note that other,
>similarly-named sites may exist.
>www.friend-card.com
>www.friend-card.net
>www.friend-cards.com
>www.cool-downloads.com
>www.cool-downloads.net
>www.friend-greet.com
>www.friend-greeting.com
>www.friend-greeting.net
>www.friend-greetings.com
>www.friend-greetings.net
>www.friend-cards.net

>.



Tue, 03 May 2005 23:03:22 GMT  
 
 [ 2 post ] 

 Relevant Pages 

1. W32.Friendgreet.worm

2. W32 Friendgreet.worm

3. Worm virus: W32/opaserv.worm.f

4. Antigen found W32/Ska.A.Worm virus

5. W32/Pate.b.worm Virus

6. W32.Opaserv.Worm virus

7. W32.Opaserv.Worm Virus

8. W32.Supova Worm Virus

9. W32 Opaserv.worm a/k/a Opasoft.A Worm

10. Friendgreet.worm

11. just recieved a new virus W32/Bugbear@MM Virus Found

12. W32.Kwbot.C.Worm

 

 
Powered by phpBB® Forum Software