W32/Spybot-AD

Category: Viruses and SpywareProtection available since:24 Dec 2003 00:00:00 (GMT)
Type: Win32 wormLast Updated:24 Dec 2003 00:00:00 (GMT)
Prevalence: No Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Aliases

  • Backdoor.SpyBot.gen

Affected Operating Systems

Windows

Recovery Instructions:

Please follow the instructions for removing worms.

Check your administrator passwords and review network security.

Editing the registry

  • Using Windows explorer, browse to the Windows folder (usually C:\Windows or C:\Winnt) right-click Regedit.exe and make a copy of it.
  • Rename the copy of Regedit.exe to Regedit.com.
  • At the taskbar, click Start|Run. Type 'Regedit.com' and press Return. The registry editor opens.

You will also need to edit the following registry entries, if they are present. Please read the warning about editing the registry.

Before you edit the registry, you should make a backup. On the 'Registry' menu, click 'Export Registry File'. In the 'Export range' panel, click 'All', then save your registry as Backup.

Locate the HKEY_LOCAL_MACHINE entry:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\
NvCpl28Deamon

and delete it if it exists.

Each user has a registry area named HKEY_USERS\[code number indicating user]\. For each user locate the entry:

HKU\[code number]\Software\Microsoft\Windows\CurrentVersion\
RunOnce\NvCpl28Deamon

and delete it if it exists.

Close the registry editor and reboot your computer.

Editing Win.ini

At the taskbar, click Start|Run and type Sysedit. Bring Win.ini to the front. In the [windows] section, search for a line beginning with 'Run=' and delete any references to the files you removed. Delete only that reference, not any other text.

Reboot your computer.

download Try Sophos products for free
Download now