Search
Home » Computers » Computer Troubleshooting » PC Troubleshooting » How to Manually Remove the SIRCAM Worm Virus
More Articles Like This
More by This Author
How To

How to Manually Remove the SIRCAM Worm Virus

Contributor
By Diana Monda Dill
eHow Contributing Writer
(0 Ratings)

The Sircam virus is a malicious worm created in Delphi that spreads through email and shared network drives. The worm then sends copies of itself to all the email addresses listed in the infected computer’s address book and in temporary Internet cached files. The infected email messages have a random subject line and an attachment with the same name. Read on to learn how to remove the SIRCAM worm virus.

Difficulty: Moderate
Instructions

    Manually Remove the SIRCAM Worm Virus

  1. Step 1

    Disconnect your computer from any local area network. This is important because the Sircam virus can spread through shared network drives.

  2. Step 2

    Rename regedit.exe to regedit.com. Open the Search function in the Start menu to find regedit.exe. Click on START and then click SEARCH. Perform a search for "regedit.exe" Right-click the file once you find it, and click on RENAME. Rename the file to "regedit.com."

  3. Step 3

    Click on the START button in the bottom-left corner of your desktop. Click RUN in the Start menu. Type "regedit" and then click "OK." This will open the Registry Editor.

  4. Step 4

    Use the plus signs to navigate to the following registry entry: HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsCurrentVersion\RunServices. Look in the right panel and locate the following registry value: "Driver32." Click on this value and delete it.

  5. Step 5

    Navigate to the following registry entry: HKEY_LOCAL_MACHINE\Software\SirCam. Select SirCam. Click on this value and delete it.

  6. Step 6

    Use the plus signs again to navigate to the following registry entry: HKEY+CLASSES_ROOT\exefile\shell\open\command. In the right-hand panel, right click the "DEFAULT" value and select MODIFY. Change "C:\Recycled\SirC32.exe""%1”%* to "%1" %*. This will remove remove “C:\Recycled\SirC32.exe”.

  7. Step 7

    Click on the START button and then click RUN and type in "cmd." Go to the following system directory: C:\Windows\System or C:\Winnt\System32. *Type in ATTRIB -S -H -R SCAM32.EXE. This will unhide the Trojan horse. *Type in DEL SCAM32.EXE. This deletes the file.

  8. Step 8

    Go to C:\Recycled folder. *Type in ATTRIB -S -H -R SIRC32.EXE. *Type in DEL SIRC32.EXE. This will delete the Trojan file

  9. Step 9

    Remove all References from AUTOEXEC.BAT: Use the Search function to look for autoexec.bat. Open the file and remove the following string: "@win \recycled\Sirc32.exe".

    10. Restore the RUNDLL32.EXE File

  10. Step 1

    Do a search for run32.exe in the Windows folder.

  11. Step 2

    Rename this file to rundll32.exe once you find it. (If it is not found, then it means that the worm didn't overwrite the RUNDLL32.EXE)

  12. Step 3

    Reboot your computer after you have completed all of these steps.

  13. Step 4

    Run an up-to-date antivirus program to make sure your computer has been completely cleaned of the SIRCAM virus.

Tips & Warnings
  • The SIRCAM worm is also called I-Worm.SirCam, W32.Sircam, TROJ_SCAM.A and SCAM.A
Who Can Help:

Post a Comment

Post a Comment

eHow Article: How to Manually Remove the SIRCAM Worm Virus

Have you done this? Click here to let us know.

I Did This

Related Ads

Computers
Alexia Petrakos,

Meet Alexia Petrakos eHow’s Computers Expert.

Copyright © 1999-2009 eHow, Inc. Use of this web site constitutes acceptance of the eHow Terms of Use and Privacy Policy.   en-US

Partner Sites
eHow Computers
eHow_eHow Technology and Electronics