I believe my laptop have been affected by W32/Hakaglan.worm (Mcafee), resulted from the scan using Norton Antivirus Online Scan. My Mcafee Antivirus (Scan Engine: 5100.0194 DAT version: 5086.0000) failed to detect this worm.

Therefore I tried to manually clean this worm according to removal instructions from Symantec.com. However, my Regedit is unable to open even after I installed UnHookExec provided by Symantec.

Now, everytime I plug in my Pendrive, an error message (Autolt v3: RVHOST.exe - Write Protect Error) will pop up. The error message will keep appearing regardless of which options I choose ("Cancel"/"Try Again"/"Continue"). The only way to make this error disappear is to unplug my Pendrive.

Attached herewith is the reports from AVG Anti-Spyware, SUPERAntiSpyware and Hijackthis on my laptop.

What should I do to clean off this worm?

Thank you

Best regards
Herman

Attached Files

	Report-Scan-20070801-140030.txt (1.4 KB, 2 views)
	SUPERAntiSpyware Scan Log - 08-01-2007 - 14-41-22.log (2.6 KB, 4 views)
	hijackthis.log (7.9 KB, 4 views)

Hi Herman,
Apologies about the delay in one of The Security Team getting back to you.

I have PM'd a Team Member to take a look at you reports as soon as they can.

Thank you

Cart

Hi..


Please download the OTMoveIt by OldTimer.

• Save it to your desktop.
• Please double-click OTMoveIt.exe to run it.
• Copy the file paths below to the clipboard by highlighting ALL of it and pressing CTRL + C (or, after highlighting, right-click and choose copy):
• 
  C:\WINDOWS\system32\RVHOST.exe

• Return to OTMoveIt, right click on the "Paste List of Files/Folders to be moved" window and choose Paste.
• Click the red Moveit! button.
• Close OTMoveIt

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


Reboot and run HJT and remove these entries
F2 - REG:system.ini: Shell=Explorer.exe RVHOST.exe
O4 - HKCU\..\Run: [Yahoo Messengger] C:\WINDOWS\system32\RVHOST.exe
O4 - HKUS\S-1-5-18\..\Run: [Yahoo Messengger] C:\WINDOWS\system32\RVHOST.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Yahoo Messengger] C:\WINDOWS\system32\RVHOST.exe (User 'Default user')
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Pol icies\System, DisableRegedit=1

Reboot and post a new HJT log

Hi,

My laptop is working well after the fix....

Thank you.


Best regards
Hermanyap

Attached Files

hijackthis.log (6.4 KB, 1 views)

Looking good.You should be fine now...