Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations bkrike on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

New Virus/Spyware/worm activity?

Status
Not open for further replies.
NYR

NYR

MIS
Sep 19, 2001
186
US
Has anyone had any virus/spyware/worm activity within the last few days? Our company has been hit hard with a worm/virus which is disabling Norton, not letting task manager or the registry open.

We have found what we think is the culprit, a file or worm with the name of "HPSEBC08.exe" We have found it in the registry and the system32 folder. We have been able to delete it and remove the multiple entries in the registry, but it comes back from other infected machines using TFTP.

We have blocked other ports on the router and now it is mainly inside. We have called Norton and they know nothing of this. Virus defs. have been updated and machines have been patched, spyware scanned, etc. but still having trouble.

If anyone has seen this lately or in the past and have a fix, please post as I could greatly use a fix.
Thxs.
 
Sort by date Sort by votes
Do a Google search for "HPSEBC08.exe". There is information dated 03/21 about it.
 
Upvote 0 Downvote
Hi All,
Thanks for the replies. I have done most of that and have gotten rid of it, but it keeps coming back. Has anyone come across a patch, fix from someone to really fix this?
 
Upvote 0 Downvote
Thanks for all the suggestions. I think I have found the fix. This new "worm" going around looks like a variant of "W32.SPYBOT", which is disabling Norton, regedit, task manager, windows update and a host of other programs not opening (Word, Outlook, Excel), plus the machine is freezing.
What I have found is, if you dont have MS patch "828035 / MS03-043" your machine can become infected. This patch came out in late '04, and even with SP1, you may not have this patch.
To remove this worm, download this patch. Start the machine in safe mode, delete the files named "Hpsebc08.exe" located in the System32 and Prefetch folder. Then scan the registry for "Hpsebc08.exe" and remove all entries, there should be about 8 of them. Next install the patch.
Afterwards, re-enable windows updates( which was disabled by the worm) and download all the latest updates.
I hope this helps!
NYR
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

dik
  • Locked
  • Question
Virus
Replies
15
Views
919
dik
dik
pjw001
  • Locked
  • Question
File Explorer New File Menu (Windows 8)
Replies
1
Views
291
pjw001
pjw001
Thespian
  • Locked
  • Question
Transfer files and applications from a hard drive to a new system
Replies
4
Views
388
gbaughma
gbaughma
jarsek
  • Locked
  • Question
Old game - new computer 😏 1
Replies
7
Views
375
strongm
strongm
Keyboy
  • Locked
  • Question
Dell Studio 1555 new OS
Replies
6
Views
599
AdrianGates
AdrianGates

Part and Inventory Search

Sponsor

Back
Top