WIN32.DREF Worm

Hi, I am trying to get rid of the WIN32.DREF worm. Does anyone have any experience with this one? Thanks in advance.

Hello and Welcome to the forum :wink:

First off how do you know you are infected?
What is your Operating System ?
What Antivirus are you using ?? (Avast ?)

Those are some basic question to be able to help you :slight_smile:

Al968

Yeah it came up in a Anti Virus scan. I am using Windows XP Home. Currently I am using ClamWin Portable Anti Virus. Thanks in advance.

Well, we still need some information to try to help.

What file is infected - please post the full path and file name. What error do you get when you try to remove it? I assume since you mention XP Home that the infection is on a computer rather than some other device (like an iPod) but can you confirm this?

If you are trying to clean a computer download the free version of AVG Antispyware and scan with that

http://free.grisoft.com/doc/20/lng/us/tpl/v5

Also keep in mind that ClamWin doesn’t provide any real time protection so your chances of getting infected are pretty high if this is your only antivirus. Here’s a link to the free version of avast! if you want to try it

http://www.avast.com/eng/download-avast-home.html

There’s a U3 version here if you need it

http://www.avast.com/eng/download-avast-u3.html

Hi nick1245,

This is the technical info on this worm infection:
http://www.sophos.com/virusinfo/analyses/w32drefc.html
also here:
http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=60515

I also use ClamWin Free antivirus, but as a non-residental additional service. The best policy to go is one resident anti virus solution, and several additional non-residental solution. I combine avast with ClamWin and DrWebCureIt and the DrWeb browser av link checker plug-in, and additional scanning with stinger.exe.

polonus

Windows NT/2000/XP/2003

In Windows NT/2000/XP/2003 you will also need to edit the following registry entries. The removal of these entries is optional in Windows 95/98/Me. Please read the warning about editing the registry.

At the taskbar, click Start|Run. Type ‘Regedit’ and press Return. The registry editor opens.

Before you edit the registry, you should make a backup. On the ‘Registry’ menu, click ‘Export Registry File’. In the ‘Export range’ panel, click ‘All’, then save your registry as Backup.

Locate the HKEY_LOCAL_MACHINE entry:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\

and remove any reference to any file you deleted.

Each user has a registry area named HKEY_USERS[code number indicating user]. For each user locate the entry:

HKU[code number]\Software\Microsoft\Windows
CurrentVersion\Run\

and remove any reference to any file you deleted.

Close the registry editor.
from http://www.sophos.com/virusinfo/analyses/w32drefc.html