How to correct effects of Korga worm?

  johnem 09:43 14 Apr 2005

Hi gang, back for some more information.I have just replaced the hard drive and installed XP pro. During registration period I managed to attract Korga.worm and backdoor AXJ. dll. gen trojan.
The files with these attached have been deleted by McAfee, but I am now left with the situation that as soon as my dial-up connection is made, the computer re-boots.
Any ideas as to what has been adjusted in the registry and what is needed to repair it? Do not realy want to re-format and re-install unless as a lasst resort.

  rawprawn 10:13 14 Apr 2005

Have you tried running Adaware and Spybot?

  johnem 10:26 14 Apr 2005

Rawprawn, I have run Spybot and Spywareblaster, neither of these found anything this time, possible as Mcafee had already deleted the files, but did not repair the damage, possible I had not set it up correctly. Will give adaware a try later.

  rawprawn 12:38 14 Apr 2005

click here Try an online scan here, or download the free version and run it.

  rawprawn 15:44 14 Apr 2005

Also try scanning in safe mode

  johnem 17:23 14 Apr 2005

Thanks for the info, will give that a try this evening.

  rawprawn 18:22 14 Apr 2005

click here]SYMANTEC
click here]SOPHOS
compliments of click here

  rawprawn 18:24 14 Apr 2005

url]click here]W32.Korgo Removal Tool[/url] , this covers from Korgo.F through to KORGO.Z if it is indeed this virus.

  VoG II 18:25 14 Apr 2005

Or Stinger click here

  johnem 14:03 15 Apr 2005

Thanks VoG™, I will give that a try this evening. I have now run Adaware which found a few items amiss, but as yet, has not corrected the problems. I have noticed that when the system is forced into a reboot, via IE6, the "file checker2 is initiated. I presume that this is due to the incorrect shut down procedure. I have looked in th registry for the files suggested by Sophos, but cannot find any with correct titles.
As usual, I am becoming even more confused!!

  cycoze 10:48 16 Apr 2005

You need to turn off System Restore first, Click Start > Programs > Accessories > Windows Explorer
Right-click My Computer, and then click Properties, Click the System Restore tab, Check the "Turn off System Restore" or "Turn off System Restore on all drives" check box (this will have to be turned back on after the problem has been fixed).

Now assuming you have access to the internet from another machine , download Stinger and the Korgo Removal Tool (as above), also download the RPC Patch from Microsoft found click here , you can then install the patch and run the removal tools seperately to see if the problem goes.

If no other access is available switch off System Restore as above, next click Start>Run type in SERVICES.MSC /S in the open line, and then click OK , this will bring up a new window (Services), In the right pane, locate the "Remote Procedure Call (RPC)" service. Now go careful here as there are 2 Remote Procedure Call listed , you want the first one as above , the second has "locator" after it , dont touch that one.

Right-click the Remote Procedure Call (RPC) service, and then click Properties, Click the Recovery tab, Using the drop-down lists, change First failure, Second failure, and Subsequent failures to "Restart the Service." Click Apply, and then click OK, (Once again you will have to make sure that you change these settings back once you have removed the worm).

Now hopefully you should be able to connect to the Internet to access Patches etc.

Removal tool for Backdoor-AXJ can be found click here.

If all this solves your problem dont forget to switch restore back on along with RPC, you then need to update your machines patches and security via MS update .

This thread is now locked and can not be replied to.

Elsewhere on IDG sites

The Evil Within 2 review-in-progress

InVision Studio takes on Adobe XD and Sketch

iPhone X news: Release date, price, new features & specs

Comment transformer un iPhone en borne Wi-Fi ?