warezov.xm.m

Deep scan cannot remove win32.warezov.XM.m


It cannot disinfect or move.


No removal tool available


Any advise?

Comments

  • Hi ashevat


    try this boot your pc into safe mode by pressing several times on the f8 button before the windows loadingscreen and choose for safe mode. Then go to start,run,at the run dialog box type cmd then press enter. Type the follow commands each followed by pressing on enter :


    %SystemDrive%


    cd %ProgramFiles%Common FilesSoftwinBitDefender Scan Server


    Here are the commands what you wanted to do with the infected files :


    To disinfect the infected files type the command:


    bdc /files /boot /arc /mail /log=bdcscan.log /fixed /dis


    To quarantine the infected files type the command:


    bdc /files /boot /arc /mail /log=bdcscan.log /fixed /move /moves


    To delete the infected files type the command:


    bdc /files /boot /arc /mail /log=bdcscan.log /fixed /del


    Regards


    Niels


    I will move this topic to a more appropriate forumsection.

  • ashevat
    edited April 2007

    Thanks


    a lot


    Hi ashevat


    try this boot your pc into safe mode by pressing several times on the f8 button before the windows loading screen and choose for safe mode. Then go to start,run,at the run dialog box type cmd then press enter. Type the follow commands each followed by pressing on enter :


    %SystemDrive%


    cd %ProgramFiles%Common FilesSoftwinBitDefender Scan Server


    Here are the commands what you wanted to do with the infected files :


    To disinfect the infected files type the command:


    bdc /files /boot /arc /mail /log=bdcscan.log /fixed /dis


    To quarantine the infected files type the command:


    bdc /files /boot /arc /mail /log=bdcscan.log /fixed /move /moves


    To delete the infected files type the command:


    bdc /files /boot /arc /mail /log=bdcscan.log /fixed /del


    Regards


    Niels


    I will move this topic to a more appropriate forum section.

  • That was gladly done.


    Regards


    Niels

  • pj48
    edited May 2007

    I am having the same problem. I have 2 instances of warezov.xm.m in my eudora files that bitdefender can not remove. It says disinfect failed, rename failed, move failed each time I run the virus scan. I tried your removal instructions but when I go to the cmd dialog box, it can not find the folder BitDefender Scan Server.


    Bitdefender is in this location on my computer:


    C:\Program Files\Softwin\BitDefender10


    And in the folder are these subfolders:


    _enHTML


    Ini


    Lang


    Logs


    NAG


    Quarantine


    ******


    Skin


    Let me know if you have an advice on how I should try to remove this instance of warezov. Thanks for your time.

  • Win32.Warezov.XM.m is the actual mail which carries the Warezov worm. You may not be infected yet; it is however present in one of the mails you have received. Try disabling the virus shield, deleting all unknown/unrequested mails (with attachments) which you have received CAREFUL NOT TO OPEN THE ATTACHMENTS, and then re-enabling the virus shield.

  • Do also this Open outlook and delete the infected mail. Then empty your deleted items folder. After that go to file, data file management ,select the current mail archive,Setting ,Compact Now. Because it could be that the mail is already archived. Normally you don't get any warnings from BitDefender. If you never compacted your mails then it isn't necessary to do.

  • I actually tried doing this but the only reference by Bitdefender is to the email message #, without the email message subject or from address listed. Eudora does not have a way to look at messages by number. I will try to go through and try to delete more emails but I have several thousand.


    Thanks for your help.

  • You can focus on the ones which have an attachment, because the mail should have one.

  • I am having the same problem. I have 2 instances of warezov.xm.m in my eudora files that bitdefender can not remove. It says disinfect failed, rename failed, move failed each time I run the virus scan. I tried your removal instructions but when I go to the cmd dialog box, it can not find the folder BitDefender Scan Server.


    Bitdefender is in this location on my computer:


    C:\Program Files\Softwin\BitDefender10


    And in the folder are these subfolders:


    _enHTML


    Ini


    Lang


    Logs


    NAG


    Quarantine


    ******


    Skin


    Let me know if you have an advice on how I should try to remove this instance of warezov. Thanks for your time.


    The scan server is in this path: C:\program files\common files\softwin\bitdefender scan server. I too had a problem running this command line: cd %ProgramFiles%Common FilesSoftwinBitDefender Scan Server. I had to break things down and change directories one at a time. Try doing this and see if it works:


    Start your PC is safe mode


    Go to start...run...type in cmd in the dialog box and then press enter


    Then type %SystemDrive% and press enter


    Then type cd %ProgramFiles% and press enter


    Now type cd Common Files and press enter


    Type cd Softwin and press enter


    Type cd BitDefender Scan Server and press enter


    type bdc.exe and press enter.


    This should start up the scan module. You can now type in one of the following command lines, depending on what you want to do, and hit enter. This should start a scan in safe mode.


    To disinfect the infected files type the command:


    bdc /files /boot /arc /mail /log=bdcscan.log /fixed /dis


    To quarantine the infected files type the command:


    bdc /files /boot /arc /mail /log=bdcscan.log /fixed /move /moves


    To delete the infected files type the command:


    bdc /files /boot /arc /mail /log=bdcscan.log /fixed /del


    To be prompted on what to do with infected files found type the command


    bdc /files /boot /arc /mail /log=bdcscan.log /fixed /prompt


    Maybe this will save you from having to go through all your emails

  • I have the same problem:


    I'm getting hits for infected portions of my email mailboxes in Outlook and Eudora. These are text/html files and the attached files have been separately scanned and infected one's deleted. Why cant Bitdefender


    strip out or give more location detail so that I can manually remove the text/html section that's triggering the alerts. All it does is say Disinfection failed, Move failed. Eudora and Outlook are both not running so why can't it move them to quarantine. I would delete these, but I have alot of important emails in there going back a couple of years!


    With just the message number if nearly impossible to find them in Outlook or Eudora as they don't seem to number them in the way that Bitdefender is. It would be nice to have a debug view to see what triggers the alerts in the html/text based mailboxes.


    Thanks,


    -Lee


    You can focus on the ones which have an attachment, because the mail should have one.
  • vlad
    edited September 2007

    The messages aren't stored individually, but in something resembling an archive. And the format of the mail inbox "archives" is not officially made public, so removing files from them is risky. It's also pretty difficult to link the files to the mail details (sender, subject, etc.). And of course the numbering doesn't match.


    For Win32.Warezov.XM.m in particular, the mail body should contain the phrase: "Our robot has fixed an abnormal" (without quotes), which should help you find it.

  • pj48
    edited May 2008

    Thanks for your help Vlad. I found a message with that quote in it, it came from a hockey team's media press release. Did not even take a look at the email, just deleted it from the archive. I will do another scan to see if that removed it.


    One more question, I went through my 20100 message email archive and deleted all but 2 of the emails that were popping up BitDefender warnings. One was the Warezov.XM.m that I deleted above, the second is an instance of Generic.Peed.EML.E9F54501. It references message number 19683 on Eudora, which of course I can not find.


    If you have any information about what an email with Generic.Peed.EML.E9F54501 might contain, or any idea of how to remove it, let me know.