W32/Hybris-A
Type: Win32 worm
Description: W32/Hybris-A is an internet worm.
Recovery: Please follow the instructions for removing worms in Windows 95/98/Me:
-
To close the spiral you will have to go into DOS mode and you will need SWEEP for DOS.
-
Either download the Emergency SAV distribution and unzip it, or create a folder ‘Sophtemp’ and copy the contents of the DOS folder on the CD into it. (http://www.sophos.com/tools/esdz.exe)
-
Go to the Start menu and select Shut Down. Choose the option “Restart the computer in DOS mode”. Starting a Command Prompt (a DOS window) is not enough.
-
At the DOS prompt type
C:
CD
CD SOPHTEMP
SWEEP *: -REMOVEF
-
Say ‘Yes’ when prompted to delete a file (provided it is a W32/Hybris-B file). Make a note of its name.
-
Reboot to Windows.
-
In the win.ini file, which can be found in the Windows directory, there will be a run= line that points to the file that you deleted above. Delete the file name from that line.
-
You will need to replace WSOCK32.DLL. Copy it from your original installation media or a clean computer.