AntiSirc
Updated on 09 Jul 2011
By Anthony Buckner
By Anthony Buckner
152 KB Safe To Install
Advertising
Specifications
License:
Freeware (Free)
Updated:
Downloads:
286
Platform:
Windows All
Publisher:
F-Secure Corporation(more)
Website:
Unknown
User Reviews:
Other versions:
Do you like
AntiSirc?
AntiSirc?
Publisher's Descriptions
The purpose of the AntiSirc utility is to help users easily remove the Sircam worm from their computers. The removal process is rather complex since the worm places multiple copies of itself to the system and modifies several registry keys.
The following steps are done to remove the worm completely:
1. All the possible copies of the worm are deleted:
'[windows_drive]:|recycled|SirC32.exe'
'[windows_system_dir]|SCam32.exe'
'[windows_dir]|ScMx32.exe'
'Microsoft Internet Office.exe' from all user's |Start Menu|Programs|Startup| folder
2. '[windows_dir]|rundll32.exe' is restored if it was overwritten by the worm. When infecting trough network shares it renames 'rundll32.exe' to 'run32.exe' and places itself to 'rundll32.exe'. This copy of the worm is removed and 'run32.exe' is renamed back to 'rundll32.exe'.
3. '[windows_drive]|recycled|SirCam.sys' is removed. This file is filled with a text string with the purpose of exhausting the disk space. It is part of the worm's payload.
4. Registry is restored
'[HKCR|exefile|shell|open|command]' key is restored to ""%1" %*"
'[HKLM|Software|Microsoft|Windows|CurrentVersion|RunServices|Driver32]' sub-key is zeroed - set to ""
'[HKLM|Software|SirCam]' is removed with all the sub-keys it has
5. Protection against further infection trough network shares is installed
The system can be protected against (re)infection through the network if there is a dummy '|recycled|SirC32.exe' file with read-only attributes.
After these a reboot might be required to ensure that all the settings get
updated and the possibly locked infected files are deleted.
The following steps are done to remove the worm completely:
1. All the possible copies of the worm are deleted:
'[windows_drive]:|recycled|SirC32.exe'
'[windows_system_dir]|SCam32.exe'
'[windows_dir]|ScMx32.exe'
'Microsoft Internet Office.exe' from all user's |Start Menu|Programs|Startup| folder
2. '[windows_dir]|rundll32.exe' is restored if it was overwritten by the worm. When infecting trough network shares it renames 'rundll32.exe' to 'run32.exe' and places itself to 'rundll32.exe'. This copy of the worm is removed and 'run32.exe' is renamed back to 'rundll32.exe'.
3. '[windows_drive]|recycled|SirCam.sys' is removed. This file is filled with a text string with the purpose of exhausting the disk space. It is part of the worm's payload.
4. Registry is restored
'[HKCR|exefile|shell|open|command]' key is restored to ""%1" %*"
'[HKLM|Software|Microsoft|Windows|CurrentVersion|RunServices|Driver32]' sub-key is zeroed - set to ""
'[HKLM|Software|SirCam]' is removed with all the sub-keys it has
5. Protection against further infection trough network shares is installed
The system can be protected against (re)infection through the network if there is a dummy '|recycled|SirC32.exe' file with read-only attributes.
After these a reboot might be required to ensure that all the settings get
updated and the possibly locked infected files are deleted.
Do you like AntiSirc
AntiSirc Disclamer
Please be aware FindMySoft.com accepts no responsibility for the file you are downloading. The same applies to the information provided about the software products listed.
We do not allow the inclusion of any AntiSirc serial, keygen or crack and we disclaim any liability for the inappropriate use of AntiSirc.
FindMySoft advises that AntiSirc should be only used in accordance with the rules of intellectual property and the existing Criminal Code.
For your own protection ALWAYS check downloaded files for viruses.
We do not allow the inclusion of any AntiSirc serial, keygen or crack and we disclaim any liability for the inappropriate use of AntiSirc.
FindMySoft advises that AntiSirc should be only used in accordance with the rules of intellectual property and the existing Criminal Code.
For your own protection ALWAYS check downloaded files for viruses.
Advertising
Popular News
Microsoft recently announced that the parental controls for the upcoming Windows 8 operating system will be even better than what Windows 7 has to offer.
A look at the system requirements needed to run the most popular browsers out there today.
Your Rating
3.0
out
of
5
of
5
Rated By
4 Users
4 Users
Top Downloads
2.
Opera5.
Trillian8.
AIM9.
Skype10.
Ad-Aware12.
Nero13.
Google Earth14.
Picasa15.
Winamp16.
iTunes17.
RealPlayer18.
uTorrent19.
eMule20.
WinRAR21.
BitComet22.
WinZip23.
Shareaza24.
CCleaner25.
Recuva26.
Tweak UI27.
CuteFTP Home29.
Adobe Reader30.
NewsPiperBecome A Fan!
Link To Us!
AntiSirc
HTML Linking Code
HTML Linking Code
Latest Reviews