Backdoor.Imiserv

Norton said I have a virus, Backdoor.Imiserv. It wasn't able to repair it, quarantine it, nor delete it. It apparently adds the values "Win Server Updt "= "C:\%windir%\wupdt.exe" and "Win Server "= "C:\%windir%\winserv.exe" to the registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run so that it runs each time I start Windows. I followed their removal instructions to Disable System Restore, Update virus definitions, Restart in Safe mode, and scan for and delete the infected files. These steps seemed to go OK, although I still was unable to delete the infected file. The last step was to reverse the changes made to the registry. I first backed up the registry key to my desktop. I was still in Safe mode, as the instructions never said to do differently. I navigated to the above key as directed. The directions said to delete the above added values from the right pane before exiting the Registry Editor. The problem I have is that while there were things listed in the right pane, I could not find the aforementioned keys there.
Any suggestions will be appreciated as usual.

 

Just to be clear.....
After all of this... you've done a subsequent virus scan and it says you're still infected?

 

When I followed the instructions from Norton, the next to last step was to run a full scan again, in Safe mode. It found the virus again and said it was unable to repair, quarantine or delete it. The last step was the registry stuff, when I couldn't find the values to delete.

 

Oops, I see from rereading my original post that the next to last sentence has an error. I meant to say that I couldn't find the aforementioned vaules in the right pane, not aforementioned keys. I don't know if this makes any difference or not.

 

After turning off system restore...did you reboot...and go back to ensure it was indeed turned off?
The next step I'd take would be doing an online scan at Housecall.

 

Norton will report an infection it can't clean, delete, etc. if the infected file is compressed. Actually, it says it's dealing with it then when finished, says you are still infected.

It should give you the location of the compressed file containing the critter and usually just deleting that file finishes up the cleaning process.

 

Norton did give me the location. It said, the compressed file wupdt.exe within C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\UDCRAHQ5\webplugin [1].cab is infected with Backdoor.Imiserv virus. When I go in Windows Explorer to navigate to that, I only get as far as Owner, then I can't find Local Settings.

 

Have you tried cleaning up your temp files?

 

Hello Bucksone,

Local settings is a "Hidden Folder ". To see it, bring up the drive > tools > folder options > View tab > under hidden files and folders, tick the "show hidden file and folders ".

Regards - Charles

 

I deleted my temporary internet files and cookies, ran Norton again, and came up clean! Thanks for the help.

 

Congratulations on getting that one solved Bucksone! Thanks for taking the time to post back and let us know.

 

Hi!
The same thing happened to me that has been posted earlier in this thread. I went to Symantec first, and their solution seemed so draconian, I decided to look elsewhere first, and I'm glad I did. That's how I found this bulletin board. I tried the suggestions here, and successfully deleted the virus. Thank you.
I am wondering, as I have seen others wonder, why didn't Norton Antivirus block this virus from the getgo? It seems like the virus has been around since 2002. Also, why are we getting it now? It seems that I like others, have gotten it just in the last day or two. It got it when I linked to a website looking for lyrics to a Rodger Hammerstein song! I felt like I had my pocket picked it happened so fast.
Any ideas?
Thanks again,
Mike

 

Mikalm, I don't have any answers to your questions, (which is why I post to this site) but I will say that my computer appeared to pick up this virus when my teenage daughter went to some website looking for lyrics as well.
Glad you found this forum. Stick around, the people here are always a big help. They've helped me solve many problems without making me feel stupid.