Thread: How to remove Email-Worm.Win32.Rays
View Single Post
Old 10-12-2007, 08:27 AM   #6 (permalink)
Ried
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 26,897
OS: WinXP and Vista


Re: How to remove Email-Worm.Win32.Rays
Hello ahjin,

Please take a look at the folders I highlighted in blue. This is where the infection is, each of those entries listed below. Did you download these yourself? They need to be deleted.

Quote:
C:\Documents and Settings\Administrator\Desktop\SA50\Admin\Admin.exe ------>Email-Worm.Win32.Rays
C:\Documents and Settings\Administrator\Desktop\SA50\Admin\comment.htt ------>Trojan.VBS.Starter.a
C:\Documents and Settings\Administrator\Desktop\SA50\Admin\Staff Matters\Leave Roster\2007\2007.exe ------>Email-Worm.Win32.Rays
C:\Documents and Settings\Administrator\Desktop\SA50\Admin\Staff Matters\Leave Roster\2007\comment.htt ------>Trojan.VBS.Starter.a
C:\Documents and Settings\Administrator\Desktop\SA50\Admin\Staff Matters\Leave Roster\comment.htt ------>Trojan.VBS.Starter.a
C:\Documents and Settings\Administrator\Desktop\SA50\Admin\Staff Matters\Leave Roster\Leave Roster.exe ------>Email-Worm.Win32.Rays
C:\Documents and Settings\Administrator\Desktop\SA50\Auction\Auction.exe ------>Email-Worm.Win32.Rays
C:\Documents and Settings\Administrator\Desktop\SA50\Auction\comment.htt ------>Trojan.VBS.Starter.a
C:\Documents and Settings\Administrator\Desktop\SA50\Auction\may\Auction Letters\Auction Letters.exe ------>Email-Worm.Win32.Rays
C:\Documents and Settings\Administrator\Desktop\SA50\Auction\may\Auction Letters\comment.htt ------>Trojan.VBS.Starter.a
C:\Documents and Settings\Administrator\Desktop\SA50\Auction\may\Auction3\comment.htt ------>Trojan.VBS.Starter.a
C:\Documents and Settings\Administrator\Desktop\SA50\Auction\may\Auction3A\Auction3A.exe ------>Email-Worm.Win32.Rays
C:\Documents and Settings\Administrator\Desktop\SA50\Auction\may\Auction3A\comment.htt ------>Trojan.VBS.Starter.a
C:\Documents and Settings\Administrator\Desktop\SA50\Auction\may\comment.htt ------>Trojan.VBS.Starter.a
C:\Documents and Settings\Administrator\Desktop\SA50\Auction\may\may.exe ------>Email-Worm.Win32.Rays
C:\Documents and Settings\Administrator\Desktop\SA50\comment.htt ------>Trojan.VBS.Starter.a
C:\Documents and Settings\Administrator\Desktop\SA50\Database\comment.htt ------>Trojan.VBS.Starter.a
C:\Documents and Settings\Administrator\Desktop\SA50\Database\Database.exe ------>Email-Worm.Win32.Rays
C:\Documents and Settings\Administrator\Desktop\SA50\Database\WTWY Data\comment.htt ------>Trojan.VBS.Starter.a
C:\Documents and Settings\Administrator\Desktop\SA50\Database\WTWY Data\Thian\comment.htt ------>Trojan.VBS.Starter.a
C:\Documents and Settings\Administrator\Desktop\SA50\Database\WTWY Data\Thian\Thian.exe ------>Email-Worm.Win32.Rays
C:\Documents and Settings\Administrator\Desktop\SA50\Database\WTWY Data\WTWY Data.exe ------>Email-Worm.Win32.Rays
C:\Documents and Settings\Administrator\Desktop\SA50\EstateAgency\comment.htt ------>Trojan.VBS.Starter.a
C:\Documents and Settings\Administrator\Desktop\SA50\EstateAgency\Database\comment.htt ------>Trojan.VBS.Starter.a
C:\Documents and Settings\Administrator\Desktop\SA50\EstateAgency\Database\Database.exe ------>Email-Worm.Win32.Rays
C:\Documents and Settings\Administrator\Desktop\SA50\EstateAgency\EstateAgency.exe ------>Email-Worm.Win32.Rays
C:\Documents and Settings\Administrator\Desktop\SA50\EstateAgency\Sale by Tender\0256\0256.exe ------>Email-Worm.Win32.Rays
C:\Documents and Settings\Administrator\Desktop\SA50\EstateAgency\Sale by Tender\0256\comment.htt ------>Trojan.VBS.Starter.a
C:\Documents and Settings\Administrator\Desktop\SA50\EstateAgency\Sale by Tender\0264\0264(2)\0264(2).exe ------>Email-Worm.Win32.Rays
C:\Documents and Settings\Administrator\Desktop\SA50\EstateAgency\Sale by Tender\0264\0264(2)\comment.htt ------>Trojan.VBS.Starter.a
C:\Documents and Settings\Administrator\Desktop\SA50\EstateAgency\Sale by Tender\0264\0264.exe ------>Email-Worm.Win32.Rays
C:\Documents and Settings\Administrator\Desktop\SA50\EstateAgency\Sale by Tender\0264\comment.htt ------>Trojan.VBS.Starter.a
C:\Documents and Settings\Administrator\Desktop\SA50\EstateAgency\Sale by Tender\0287\0287.exe ------>Email-Worm.Win32.Rays
C:\Documents and Settings\Administrator\Desktop\SA50\EstateAgency\Sale by Tender\0287\comment.htt ------>Trojan.VBS.Starter.a
C:\Documents and Settings\Administrator\Desktop\SA50\EstateAgency\Sale by Tender\0292\0292(6)\0292(6).exe ------>Email-Worm.Win32.Rays
C:\Documents and Settings\Administrator\Desktop\SA50\EstateAgency\Sale by Tender\0292\0292(6)\comment.htt ------>Trojan.VBS.Starter.a
C:\Documents and Settings\Administrator\Desktop\SA50\EstateAgency\Sale by Tender\0292\0292.exe ------>Email-Worm.Win32.Rays
C:\Documents and Settings\Administrator\Desktop\SA50\EstateAgency\Sale by Tender\0292\comment.htt ------>Trojan.VBS.Starter.a
C:\Documents and Settings\Administrator\Desktop\SA50\EstateAgency\Sale by Tender\0327\0327(3)\0327(3).exe ------>Email-Worm.Win32.Rays
C:\Documents and Settings\Administrator\Desktop\SA50\EstateAgency\Sale by Tender\0327\0327(3)\comment.htt ------>Trojan.VBS.Starter.a
C:\Documents and Settings\Administrator\Desktop\SA50\EstateAgency\Sale by Tender\0327\0327.exe ------>Email-Worm.Win32.Rays
C:\Documents and Settings\Administrator\Desktop\SA50\EstateAgency\Sale by Tender\0327\comment.htt ------>Trojan.VBS.Starter.a
C:\Documents and Settings\Administrator\Desktop\SA50\EstateAgency\Sale by Tender\0345\0345.exe ------>Email-Worm.Win32.Rays
C:\Documents and Settings\Administrator\Desktop\SA50\EstateAgency\Sale by Tender\0345\comment.htt ------>Trojan.VBS.Starter.a
C:\Documents and Settings\Administrator\Desktop\SA50\EstateAgency\Sale by Tender\0354\0354(3)\0354(3).exe ------>Email-Worm.Win32.Rays
C:\Documents and Settings\Administrator\Desktop\SA50\EstateAgency\Sale by Tender\0354\0354(3)\comment.htt ------>Trojan.VBS.Starter.a
C:\Documents and Settings\Administrator\Desktop\SA50\EstateAgency\Sale by Tender\0354\0354(4)\0354(4).exe ------>Email-Worm.Win32.Rays
C:\Documents and Settings\Administrator\Desktop\SA50\EstateAgency\Sale by Tender\0354\0354(4)\comment.htt ------>Trojan.VBS.Starter.a
C:\Documents and Settings\Administrator\Desktop\SA50\EstateAgency\Sale by Tender\0354\0354.exe ------>Email-Worm.Win32.Rays
C:\Documents and Settings\Administrator\Desktop\SA50\EstateAgency\Sale by Tender\0354\03544\03544.exe ------>Email-Worm.Win32.Rays
C:\Documents and Settings\Administrator\Desktop\SA50\EstateAgency\Sale by Tender\0354\03544\comment.htt ------>Trojan.VBS.Starter.a
C:\Documents and Settings\Administrator\Desktop\SA50\EstateAgency\Sale by Tender\0354\comment.htt ------>Trojan.VBS.Starter.a
C:\Documents and Settings\Administrator\Desktop\SA50\EstateAgency\Sale by Tender\0397\0397.exe ------>Email-Worm.Win32.Rays
C:\Documents and Settings\Administrator\Desktop\SA50\EstateAgency\Sale by Tender\0397\comment.htt ------>Trojan.VBS.Starter.a
C:\Documents and Settings\Administrator\Desktop\SA50\EstateAgency\Sale by Tender\0398\0398.exe ------>Email-Worm.Win32.Rays
C:\Documents and Settings\Administrator\Desktop\SA50\EstateAgency\Sale by Tender\0398\comment.htt ------>Trojan.VBS.Starter.a
C:\Documents and Settings\Administrator\Desktop\SA50\EstateAgency\Sale by Tender\0399\0399.exe ------>Email-Worm.Win32.Rays
C:\Documents and Settings\Administrator\Desktop\SA50\EstateAgency\Sale by Tender\0399\comment.htt ------>Trojan.VBS.Starter.a
C:\Documents and Settings\Administrator\Desktop\SA50\EstateAgency\Sale by Tender\0400\0400.exe ------>Email-Worm.Win32.Rays
C:\Documents and Settings\Administrator\Desktop\SA50\EstateAgency\Sale by Tender\0400\comment.htt ------>Trojan.VBS.Starter.a
C:\Documents and Settings\Administrator\Desktop\SA50\EstateAgency\Sale by Tender\0401\0401.exe ------>Email-Worm.Win32.Rays
C:\Documents and Settings\Administrator\Desktop\SA50\EstateAgency\Sale by Tender\0401\comment.htt ------>Trojan.VBS.Starter.a
C:\Documents and Settings\Administrator\Desktop\SA50\EstateAgency\Sale by Tender\0402\0402.exe ------>Email-Worm.Win32.Rays
C:\Documents and Settings\Administrator\Desktop\SA50\EstateAgency\Sale by Tender\0402\comment.htt ------>Trojan.VBS.Starter.a
C:\Documents and Settings\Administrator\Desktop\SA50\EstateAgency\Sale by Tender\comment.htt ------>Trojan.VBS.Starter.a
C:\Documents and Settings\Administrator\Desktop\SA50\EstateAgency\Sale by Tender\New Folder\comment.htt ------>Trojan.VBS.Starter.a
C:\Documents and Settings\Administrator\Desktop\SA50\EstateAgency\Sale by Tender\New Folder\New Folder.exe ------>Email-Worm.Win32.Rays
C:\Documents and Settings\Administrator\Desktop\SA50\EstateAgency\Sale by Tender\New Folder (2)\comment.htt ------>Trojan.VBS.Starter.a
C:\Documents and Settings\Administrator\Desktop\SA50\EstateAgency\Sale by Tender\New Folder (2)\New Folder (2).exe ------>Email-Worm.Win32.Rays
C:\Documents and Settings\Administrator\Desktop\SA50\EstateAgency\Sale by Tender\Sale by Tender.exe ------>Email-Worm.Win32.Rays
C:\Documents and Settings\Administrator\Desktop\SA50\Library\comment.htt ------>Trojan.VBS.Starter.a
C:\Documents and Settings\Administrator\Desktop\SA50\Library\free soft\comment.htt ------>Trojan.VBS.Starter.a
C:\Documents and Settings\Administrator\Desktop\SA50\Library\free soft\dc400\comment.htt ------>Trojan.VBS.Starter.a
C:\Documents and Settings\Administrator\Desktop\SA50\Library\free soft\dc400\dc400.exe ------>Email-Worm.Win32.Rays
C:\Documents and Settings\Administrator\Desktop\SA50\Library\free soft\free soft.exe ------>Email-Worm.Win32.Rays
C:\Documents and Settings\Administrator\Desktop\SA50\Library\Library.exe ------>Email-Worm.Win32.Rays
__________________

Member of ASAP since 2005
Member of UNITE since 2006

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline