SELaplana >> Security >> How To Remove Worm@W32.Resik From Your PC and Flash Drive

How To Remove Worm@W32.Resik From Your PC and Flash Drive

Posted by Sustines Laplana, 23 March 2007 at Category/ies: Security
6 Comments »

My USB Flash drive is infected by Worm@W32.Resik. That’s definitely sure because of these reasons:

  1. When I checked my USB Flash drive, it already contains a folder named “Recycled” which also contains two hidden files: Voinfo.dll and Driveinfo.exe.
  2. When I used this drive during my blogging job today, the updated Norton anti-virus warned me that an infected file was found at the Flash drive.

So, how did I know that the said drive is infected by Worm@W32.Resik?

Well, Worm@W32.Resik is the worm that creates the two hidden files: Voinfo.dll and Driveinfo.exe and placed it into the hidden folder it created in flash drive named “Recycled”, including the Driveinfo.sdc. The autorun.inf is also created and placed at the root directory of the flash drive. In the Windows system folder, it also creates inetsrv.exe.

All these files are all found in my PC and flash drive.

I also checked the Windows registry if it was altered by this worm. And I found out that the HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRuninetsrv entry was added. This entry makes sure that eveytime the Windows system is rebooted, the inetsrv.exe found in the Windows system will be automatically activated.

How to remove this worm from our PC system?

We have two approaches in removing this worm from our PC system. (1) Using PC Security software like Norton of Symantec, PC Security Shield, or any updated software. (2) Removing Manually.

In manually removing this worm:

  1. first we need to boot the PC to a safemode of Windows.
  2. Open the registry (click START, then click RUN, type REGEDIT and click OK.
  3. On the Registry Editor, look for the entry which contains “inetsrv” (press ctl-f, type inetsrv and clickOK)
  4. Delete all entries that contains inetsrv.ex.
  5. Repeat step 3 and 4 until it will prompt you that the files are not found, which means that the entries that contain “inetsrv” are all deleted.
  6. Change the View option of the Windows explorer to “View All”, for us to view hidden files.
  7. Search for the files created by this worm as mentioned above and delete them all.
  8. After these, restart the PC and boot it to normal.

Note: This kind of worm according to the Symantec was discovered last January 2007 and is called by Symantec as W32.Resik.A.

Automatically receive updates via email...
Enter your email address:
Tweet This
Bookmark and Share
Tweet This!

Comments

6 Responses to “How To Remove Worm@W32.Resik From Your PC and Flash Drive”

  1. jiggscgr5truth says:
    February 20, 2008 at 4:59 pm

    i still cannot delete the hidden files in my flash drive but i managed to delete the inetsrv in C:..HELP!

    Reply
  2. Princess Lowstetter says:
    January 22, 2009 at 4:42 pm

    Great article! I’m loving your website.

    Reply

Trackbacks/Pingbacks

  1. How to View the Hidden Files of Worm@W32.Resik Worm? » SELaplana says:
    March 26, 2007 at 5:20 pm

    [...] New Era University) asking me how to view the hidden files of the worms. I read your post on how to How To Remove Worm@W32.Resik From Your PC and Flash Drive and I immediately checked my PC’s regedit and I found the inetsrv entry. But when I checked [...]

    Reply
  2. How To Delete the Hidden Files of the Resik Worm? » SELaplana says:
    March 27, 2007 at 1:28 pm

    [...] is actually part of my post on how to remove the Worm@W32.Resik worm from your PC or Flash Drive. Our visitor who send us an email yesterday, sent us again an [...]

    Reply
  3. Beware of Key Logger residing on your Flash Drive » SELaplana says:
    August 9, 2007 at 6:23 pm

    [...] How To Remove Worm@W32.Resik From Your PC and Flash Drive [...]

    Reply
  4. How to Remove Worm From Flash Drive | News Blog says:
    May 24, 2010 at 2:26 am

    [...] wrote before a blogpost that talks about removing the worm in a flash drive. Read that article by following the link and follow the instruction I wrote. However, newbies might [...]

    Reply

Leave a Reply

CommentLuv badge
«
»

Pinay Scandal

Actually, this terms refer to the photos, videos or any stories that reveal shameful, sxeperience, and secrets of some individuals or celebrities.

How to Remove Worm From Flash Drive

Question Just want to ask if you know how to remove the worm from the Flash Drive. If you know about this, please tell me how

How To Delete the Hidden Files of the Resik Worm?

This is actually part of my post on how to remove the Worm@W32.Resik worm from your PC or Flash Drive. Our visitor who send us

How to View the Hidden Files of Worm@W32.Resik Worm?

I receive an email from a co-ERAIANs (Students of the New Era University) asking me how to view the hidden files of the worms. I read

Beware of Key Logger residing on your Flash Drive

Last Sunday, I was forced to use the computer of one of the computer café (Iantech Cafe) here in Maasin City because Reems Cafe

What is bootex.log?

Question: What is Bootex.Log? Answer: Bootex.Log is a file created by the chkdsk.exe, a tool that check for errors on the harddrives, floppy disks or flash drives.

How to Clean the Silk Screen After Screen Printing

The video below teaches us how to clean the silk screen after using it in screen printing t-shirts and other posters. There are two processes

How do I remove a Friend from my Facebook?

Question Actually, there are lots of people asking me how to remove or delete friends from their facebook. Their questions are: Some one is following me and

Blog’s that Loads Fast, Rank High Up in Google SERP

Few days ago, Google announced that they now consider the speed of the website or blog in loading when ranking it at the Google search

Apple MacBook Air for Philippine Users

Macuha recently asked if Apple Macbook Air is already available in the Philippines. Jehzlau on his blog answered Macuha that Apple Macbook Air is not

Avoiding Invalid Clicks on Adsense

Google Adsense Team posted today at the Google Adsense official blog a post that tells us a very important tip on how to avoid invalid

Is Your Daughter a Hyper-texter?

After reading the title of this post, you might tell me: So what if my daughter is hyper-texter texting hundreds of text messages to someone

Are You an IM User? Beware of An Spyware Spying You!

Did you know that lot of spywares nowadays have the ability to record IM conversation, email information and even the users web surfing info? One of

Naruto Anime Episode 186

Watch the Naruto Anime Episode 186 here. You don't have to download anything manually. Just wait for seconds and this episode will be viewed online.

Google Loses From a Studid Game

It was reported that Google lost its battle on the lawsuit filed by a Belgian News company.  Google Inc. lost a copyright lawsuit Tuesday to Belgian

Hey DAVE! What’s DAVE?

I remember my previous boardmate who once told me that passing the Electrical Engineer Licensure Examination is not by intelligence but by wiseness. And that

www.sss.gov.ph static information

sss gov.ph SSS Online Inquiry

Bookmark and Share

Search the Site

Recent Posts

Updates


    Categories
      Recent Entries
      Making Money Online
      Board Examination Results
      Naruto Related
      Anime Episodes Guide
      Our Products
      My Other Posts
      User
      Tag Cloud
      Search Lyrics by Artists: 0-9 - A - B - C - D - E - F - G - H - I - J - K - L - M - N - O - P - Q - R - S - T - U - V - W - X - Y - Z