View Full Version : Before I start over

09-06-2001, 01:37 PM
I've been hit by the sircam virus,

dilignetly I got the free fix from mcafree.

Now the only things that work is IE and outlook express.

Everything else claims it needs sirc32.exe to run an application.

Can anyone think of anything to do before I format c: and start again?

09-06-2001, 01:54 PM
Ok this might not be any help at all but your pretty much stuck anyway(tough luck)
I would search for files that recently been renamed or changed and see what that gives you. What SirCam probably been doing is to renamed or replaced some vital file. If any of your system files been renamed/modified lately that is were the problem is. Replace it with a clean file from your MS CD. It's a long shot but it have saved me from a reinstalation on one of the office puters at my work.

09-06-2001, 01:57 PM
Was vaguely thinking of that but see the "what are you doing now" thread for the reasons I'm not.

May go out shopping for a whole bunch of Norton software tommorow

09-06-2001, 02:06 PM
you can try the following (no guarantees): the reference to the virus is probably still in the registry - do the following - make a backup of the registry boot to safe mode.

go to HKEY_CLASSES_ROOT\exefile\shell\open\command
the default value may have some reference to sircam - instead change it to: "%1" %*

then in HKEY_LOCAL_MACHINE\Software check there is no sircam folder if there is delete it then go to HKEY_LOCAL_MACHINE\Software\microsoft\windows\curr entversion\runservices if there is a driver32 under this with a data value of \\path\scam32.exe then delete driver32 and delete rundll32.exe if this is also there. then you can close the registry - also check autoexec etc for any references. The find your rundll32.exe file and check whether it is 24Kb - if it is then this file is fine if not delete the file and find the run32.exe file and rename this to rundll32.exe. If you're sure that all the virus files were removed by the macafee thing then you can now reboot.

hope this helps

09-06-2001, 03:12 PM
Hmm, regedit isn't working...

Tried the symantec killer now, it seems to have done the job and fixed the registry by itself though and hopefully everything is working again, looks it so far...

Thanks for all help..