W32/Hybris-F

Category: Viruses and Spyware Protection available since:21 Nov 2000 00:00:00 (GMT)
Type: Win32 worm Last Updated:21 Nov 2000 00:00:00 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Affected Operating Systems

Windows

Recovery Instructions:

Please follow the instructions for removing worms.

Please follow the instructions for removing worms.

Windows NT/2000/XP

To close the spiral in Windows NT/2000/XP press Ctrl-Alt-Del to access the Task Manager, select the relevant process and then click the "End Task" button. The process will have a name consisting of eight random characters, e.g. FHJENJXE. A file with this name (and a .EXE extension) will be in the Windows system directory. This should be deleted. Also, in the win.ini file, which can be found in the Windows directory, there will be a run= line that points to this EXE file. Delete the file name from that line.

Now remove any other worm files using the Windows NT/2000/XP instructions for removing worms.

You will need to replace WSOCK32.DLL. Copy it from your original installation media or a clean computer.

Windows 95/98/Me

To close the spiral you will have to go into DOS mode and you will need SWEEP for DOS.

Either download the Emergency SAV distribution and unzip it, or create a folder 'Sophtemp' and copy the contents of the DOS folder on the CD into it.

a) On Windows 95/98

Go to the Start menu and select Shut Down. Choose the option "Restart the computer in DOS mode". Starting a Command Prompt (a DOS window) is not enough.

b) On Windows Me

You cannot go directly into MS-DOS mode in Windows Me. You must create a startup disk to boot from. At the Windows taskbar, select Start|Settings|Control Panel. Click on "Add/Remove Programs". Select the "Startup Disk" tab and press the "Create Disk" button. When you have created the startup disk, write-protect it. Place it in the A: drive and reboot to a command prompt.

At the DOS prompt type

C:
CD \
CD SOPHTEMP
SWEEP *: -REMOVEF

Say 'Yes' when prompted to delete a file (provided it is a W32/Hybris-B file). Make a note of its name.

Reboot to Windows.

In the win.ini file, which can be found in the Windows directory, there will be a run= line that points to the file that you deleted above. Delete the file name from that line.

You will need to replace WSOCK32.DLL. Copy it from your original installation media or a clean computer.

Other platforms

Please follow the instructions for removing worms.

download Try Sophos products for free
Download now