W32/Hybris-A
Type: Win32 worm
Description: W32/Hybris-A is an internet worm.
Recovery: Please follow the instructions for removing worms in Windows 95/98/Me:

  1. To close the spiral you will have to go into DOS mode and you will need SWEEP for DOS.

  2. Either download the Emergency SAV distribution and unzip it, or create a folder ‘Sophtemp’ and copy the contents of the DOS folder on the CD into it. (http://www.sophos.com/tools/esdz.exe)

  3. Go to the Start menu and select Shut Down. Choose the option “Restart the computer in DOS mode”. Starting a Command Prompt (a DOS window) is not enough.

  4. At the DOS prompt type

C:
CD
CD SOPHTEMP
SWEEP *: -REMOVEF

  1. Say ‘Yes’ when prompted to delete a file (provided it is a W32/Hybris-B file). Make a note of its name.

  2. Reboot to Windows.

  3. In the win.ini file, which can be found in the Windows directory, there will be a run= line that points to the file that you deleted above. Delete the file name from that line.

  4. You will need to replace WSOCK32.DLL. Copy it from your original installation media or a clean computer.