Hi, I am trying to get rid of the WIN32.DREF worm. Does anyone have any experience with this one? Thanks in advance.
Hello and Welcome to the forum
First off how do you know you are infected?
What is your Operating System ?
What Antivirus are you using ?? (Avast ?)
Those are some basic question to be able to help you
Al968
Yeah it came up in a Anti Virus scan. I am using Windows XP Home. Currently I am using ClamWin Portable Anti Virus. Thanks in advance.
Well, we still need some information to try to help.
What file is infected - please post the full path and file name. What error do you get when you try to remove it? I assume since you mention XP Home that the infection is on a computer rather than some other device (like an iPod) but can you confirm this?
If you are trying to clean a computer download the free version of AVG Antispyware and scan with that
http://free.grisoft.com/doc/20/lng/us/tpl/v5
Also keep in mind that ClamWin doesn’t provide any real time protection so your chances of getting infected are pretty high if this is your only antivirus. Here’s a link to the free version of avast! if you want to try it
http://www.avast.com/eng/download-avast-home.html
There’s a U3 version here if you need it
Hi nick1245,
This is the technical info on this worm infection:
http://www.sophos.com/virusinfo/analyses/w32drefc.html
also here:
http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=60515
I also use ClamWin Free antivirus, but as a non-residental additional service. The best policy to go is one resident anti virus solution, and several additional non-residental solution. I combine avast with ClamWin and DrWebCureIt and the DrWeb browser av link checker plug-in, and additional scanning with stinger.exe.
polonus
Windows NT/2000/XP/2003
In Windows NT/2000/XP/2003 you will also need to edit the following registry entries. The removal of these entries is optional in Windows 95/98/Me. Please read the warning about editing the registry.
At the taskbar, click Start|Run. Type ‘Regedit’ and press Return. The registry editor opens.
Before you edit the registry, you should make a backup. On the ‘Registry’ menu, click ‘Export Registry File’. In the ‘Export range’ panel, click ‘All’, then save your registry as Backup.
Locate the HKEY_LOCAL_MACHINE entry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\
and remove any reference to any file you deleted.
Each user has a registry area named HKEY_USERS[code number indicating user]. For each user locate the entry:
HKU[code number]\Software\Microsoft\Windows
CurrentVersion\Run\
and remove any reference to any file you deleted.
Close the registry editor.
from http://www.sophos.com/virusinfo/analyses/w32drefc.html