AntiSirc icon

AntiSirc

3.3/5 6
Certified 100% FREE Freeware   

Permanently remove the Sircam worm from your computer. #Sircam worm  #Remove Sircam  #Removal tool  #Sircam  #AntiSirc  #Virus  

Description

Free Download

The purpose of the AntiSirc utility is to help users easily remove the Sircam worm from their computers. The removal process is rather complex since the worm places multiple copies of itself to the system and modifies several registry keys.

The following steps are done to remove the worm completely:

1. All the possible copies of the worm are deleted: '[windows_drive]:|recycled|SirC32.exe' '[windows_system_dir]|SCam32.exe' '[windows_dir]|ScMx32.exe' 'Microsoft Internet Office.exe' from all user's |Start Menu|Programs|Startup| folder

2. '[windows_dir]|rundll32.exe' is restored if it was overwritten by the worm. When infecting trough network shares it renames 'rundll32.exe' to 'run32.exe' and places itself to 'rundll32.exe'. This copy of the worm is removed and 'run32.exe' is renamed back to 'rundll32.exe'.

3. '[windows_drive]|recycled|SirCam.sys' is removed. This file is filled with a text string with the purpose of exhausting the disk space. It is part of the worm's payload.

4. Registry is restored '[HKCR|exefile|shell|open|command]' key is restored to ""%1" %*" '[HKLM|Software|Microsoft|Windows|CurrentVersion|RunServices|Driver32]' sub-key is zeroed - set to "" '[HKLM|Software|SirCam]' is removed with all the sub-keys it has

5. Protection against further infection trough network shares is installed The system can be protected against (re)infection through the network if there is a dummy '|recycled|SirC32.exe' file with read-only attributes.

After these a reboot might be required to ensure that all the settings get updated and the possibly locked infected files are deleted.

User Comments
This enables Disqus, Inc. to process some of your data. Disqus privacy policy
add to watchlist add to download basket send us an update REPORT
  runs on:
Windows All
  file size:
152 KB
  filename:
antisirc.exe
  1 screenshot:
AntiSirc - The purpose of the tool is to help the removal of the Sircam worm
  main category:
Antivirus
  developer:
  visit homepage