Virus Serwab

Intro

The virus Serwab is a rogue virus that installed on your computer and forces to buy the anti-virus Winsecure. When browsing on Internet Explorer, if you received a message informing you that your computer get infected by a virus Serwab and forces to buy the antivirus Winsecure. This means that this virus has already installed on your PC.

You may also receive a message under the title Microsoft Customer Support displaying below documentation:

Hello Dear.
In programm maintenance of corporation Microsoft critical
vulnerabilyty has been found in processing wmf files. Programmers
Microsoft have let out critical updating for Windows 98/2000/XP. We
urgently recommend you and to estabilish updating. One copy of
updating packet in attach for this letter.
Detalis: http://support.microsoft.com
With best regards,
Microsoft Customer Support.

The virus is in fact attached to a file named timesrv.exe (53 Ko). Be Careful, do not run this file as this will be copied in your system directory under timesrv.exe. This will modify the registry and will be run at every windows start. This will automatically be sent to windows address book through its SMTP engine.

The virus will then open the port TCP 9999 waiting for instructions.

How to uninstall Serwab

1. Go to Menu Start and select Run�.

Type services.msc

Scroll to the below lines in the Services and disable them.

• Command Service
• Network Monitor

To disable, right-click >Properties and in the Start up type, select Disable.

2.Go to menu Start� and open My Computer In the address bar, type
"C:\", "Program Files", then scroll to the below mentioned file and delete one by one

• Deskbar
• ToolBar888
• TheSearchAccelerator
• Network Monitor

Then click on menu Start and select Search > All files and folders�, then cut and paste the following file names in the search bar. If the file appears, delete one by one

• GIDCAI32.dll
• winlog.exe
• dfndrff_12.exe
• kybrdff_12.exe
• ALCXMNTR.EXE

3. Go to Menu Start > My computer > "C:\", "<gras>Documents and settings" User namer" "My documents" and delete the file

• WinAntiVirusPro2006FreeInstall_fr.exe

Download Smitfraudix

Download Smitfraudix by following below link:

• Restart your PC press F8 to enter Safe Mode

http://www.softpedia.com/get/Antivirus/SmitfraudFix.shtml

Delete from Safe Mode

If a file persists to get uninstall:

Restart your computer and Press F8 to enter Safe Mode

This process might a few minutes to download all files. Then select the specific files and delete it and empty your recycle bin.

Download HighjackThis

Then download HijackThis and make a complete scan of your computer system.

You can download this software on below link:

http://www.filehippo.com/download_hijackthis/

See also

Knowledge communities.

• Forum
• Viruses/security forum
• Hardware forum
• Windows forum

This document entitled « Virus Serwab » from Kioskea (en.kioskea.net) is made available under the Creative Commons license. You can copy, modify copies of this page, under the conditions stipulated by the license, as this note appears clearly.