Sircam Virus Removal Help

T he latest and to say the least, annoying of the viruses to flood the computer internet community is the "Sircam" virus. We have consulted with [ Trend Micro® ] on this matter and below is their reply along with how to eliminate it if you think your system has been infected.

Regarding your concern, I would like to give you these valuable info and available (manual) solutions on this virus. Just be prudent enough in opening your e-mails especially those that have attachments. If you suspect that these are infected, "Do not" open them.

TROJ_SIRCAM.A

Aliases:
SCAM.A, TROJ_SCAM.A, W32.Sircam.Worm@mm

Description: TROJ_SIRCAM.A has now been upgraded to HIGH RISK. This worm propagates via email using SMTP commands. It sends copies of itself to all addresses listed in an infected user's address book, and arrives in an email with a random subject line and an attachment by the same name. It also propagates via shared network drives.

Please refer to this site for more info about the TROJ_SIRCAM.A virus:
[ More Info About The TROJ_SIRCAM.A Virus ]

For technical info about this virus, you may also visit this site:
[ Technical Info ]

For info on Trojan-type infection and other types of viruses, please visit this site:
[ Trojan-type Infection ]

Solution:
Manual Cleaning Instructions:
Restore system configurations via the registry.

If you are connected to the network, remove the connection to the network.
Find and Rename REGEDIT.EXE to REGEDIT.COM.
Click the Start button on the taskbar.
Select Find.... select and click Files or Folders...
On the Named edit box type REGEDIT.EXE and select Find Now
Right click on the REGEDIT.EXE icon and select Rename.
In the Windows Start menu, choose Run, type Regedit, and press Enter.
In the left panel, follow the path:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunServices.
On the right panel, look for the registry value Driver32.
Click this and press the Delete key.
On the left panel, follow the path:
HKEY_LOCAL_MACHINE\Software\SirCam.
Click on SirCam and then press the Delete key.
On the left panel, follow the path:
HKEY_CLASSES_ROOT\exefile\shell\open\command
On the right panel, right-click the (Default) value and then choose Modify.
Change “C:\Recycled\SirC32.exe””%1”%*” to “%1”%*”.
In other words, remove “C:\Recycled\SirC32.exe”.

Remove The Worm's Dropped Files:

Go to the System directory (C:\Windows\system or C:\Winnt\System32).
Delete the SCAM32.EXE file.
Delete the SIRC32.EXE file in the C:\Recycled folder or empty the Recycle Bin.
Note: These two files are detected as TROJ_SIRCAM.A.

Remove Worm Reference From The AutoExec.bat

Look for the AUTOEXEC.BAT file.
Click the Start button on the taskbar.
Select Find.... select and click Files or Folders...
On the Named edit box type AUTOEXEC.BAT and select Find Now
Right click on the AUTOEXEC.EXE icon and select Edit

Search for and remove the string “@win \recycled\Sirc32.exe”

Save and close the file. Restart your system.

Automated Cleaning Instructions:

You may also download and use the tool, [ fix_sircam.com ]. If either of these two links do not display properly, just go to [ TROJ_SIRCAM.A ] to get the latest fix for this. For more information on these tools, please view the [ Readme ]

Scan your system with Trend Micro antivirus and delete all files detected as TROJ_SIRCAM.A. To do this Trend Micro customers must download the latest pattern file and scan their system. Other email users may use HouseCall, Trend Micro’s free online virus scanner.

If you need further assistance with this solution, please send an email to
[ virus_doctor@trendmicro.com ]

Trend Micro offers best-of-breed antivirus and content-security solutions for your corporate network or home PC.

Please don't forget to visit our website at
[ http://www.antivirus.com ]

Also don't forget to subscribe to our virus updates newsletter
[ http://www.antivirus.com/subscriptions/ ]

For the latest pattern file, please visit:
[ http://www.antivirus.com/download/pattern.asp ]

For the latest scan engine, please visit:
[ http://www.antivirus.com/download/engines/ ]

I hope this answers your concern. Should you have further questions regarding this solution, feel free to contact us again. We would be glad to assist you.

Thank you very much! Have a nice day Consigliere™

Regards,

***********************************************

Roy S. Sorongon
Retail Support Team, PSS Department
TrendLabs HQ, Trend Micro Incorporated

[URL / website]    [ http://www.antivirus.com/pc-cillin ]
[email]            [ OEM@support.trendmicro.com ]
[Knowledge Base] [ http://solutionbank.antivirus.com/solutions ]
[US Corp. Support]   +1 949 387 7800
8 am to 5 pm Pacific time US
[ Submit Suspicious Files ]

***********************************************

I f you have any problems with this page or with anything else, feel free to consult our [ FAQ ] and if you can't find the answer there, [ contact us ].
[ Rate This Page ]