||||
Symantec.com > Security Response > Threats and Risks > W32.NewApt.Worm
PRINT THIS PAGE

W32.NewApt.Worm - Removal

Risk Level 2: Low

Printer Friendly Page

Discovered: December 14, 1999
Updated: May 1, 2007 11:27:03 AM
Also Known As: I- Worm.NewApt.a [Kaspersky], W32/NewApt.worm.gen@MM [McAfee], WORM_NEWAPT.A [Trend], W32/NewApt-A [Sophos], Win32.NewApt.Family [Computer Associates]
Type: Worm
Infection Length: 69,632 bytes
Systems Affected: Windows 98, Windows 95, Windows XP, Windows Me, Windows NT, Windows 2000

Follow the instructions in each section.

Remove files in Safe mode
Please follow these steps to remove the files that the worm has placed on the computer:
  1. Restart the computer in Safe mode.
    • Windows 95
      1. Exit all programs, and then shut down the computer.
      2. Turn off the power and wait 30 seconds. You must turn off the power to remove the virus from memory. Do not use the reset button.
      3. When you see the "Starting Windows 95" message, press F8.
      4. Type the number for Safe mode, then press Enter.
    • Windows 98
      1. Click Start, and click Run.
      2. Type msconfig and then Click OK. The System Configuration Utility dialog box appears.
      3. Click the General tab, and click Advanced.
      4. Check Enable Startup Menu, click OK, and then OK again.
      5. Exit all programs, and shut down the computer.
      6. Turn off the power, and wait 30 seconds. You must turn off the power to remove the virus from memory. Do not use the reset button.
      7. Immediately press and hold down the Ctrl key.
      8. Type the number for Safe mode, and then press Enter.
  2. Click Start, point to Find, and click Files or Folders.
  3. Make sure that Look In points to the drive on which your Temp folder is located. In most cases, this is the drive C.
  4. In the Named box, type the following and then press Enter:

    *.tmp
  5. In the Results pane, select all of the displayed files and then press Delete. Click Yes to confirm.

    NOTE: If many files have been found, select them all by clicking the File menu and then clicking Select All.
  6. Close the Find All Files window.
  7. Empty the Recycle Bin.

Edit the registry
Please follow these steps to undo the changes that the worm has made to the Windows registry:

CAUTION: We strongly recommend that you back up the system registry before making any changes. Incorrect changes to the registry could result in permanent data loss or corrupted files. Please make sure you modify only the keys specified. Please see How to back up the Windows registry, before proceeding.
  1. Click Start, and click Run. The Run dialog box appears.
  2. Type regedit and then click OK. The Registry Editor opens.
  3. Navigate to the following key:

    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
  4. In the right pane, locate and select the following value:

    tpawen
  5. Press Delete, and then click Yes to confirm.
  6. Exit the Registry Editor.

Restart and scan
  1. Restart the computer and allow it to start Windows. This will likely take longer than it normally would.
  2. Start Norton AntiVirus (NAV), and run LiveUpdate to make sure that you have the most recent definitions.
  3. Run a full system scan and delete any files that NAV finds are infected.
Search by name
Example: W32.Beagle.AG@mm
Limited Time Offers! Save up to 50%
Windows Vista Security
©1995 - 2009 Symantec Corporation
Site Map|
Legal Notices|
Privacy Policy|
|
Contact Us|
Global Sites|
License Agreements|
RSS