How to Manually Remove the W32/SirCam@MM Virus from Windows 2000 (308717)


The information in this article applies to:

  • Microsoft Windows 2000 Professional
This article was previously published under Q308717
IMPORTANT: This article contains information about modifying the registry. Before you modify the registry, make sure to back it up and make sure that you understand how to restore the registry if a problem occurs. For information about how to back up, restore, and edit the registry, click the following article number to view the article in the Microsoft Knowledge Base:

256986 Description of the Microsoft Windows Registry

SUMMARY

This article describes how to manually remove the W32/SirCam@MM virus from Windows 2000. Use this manual procedure only if you are unable to remove the virus by using the W32/SirCam@MM stand-alone removal tool, Scrmove2.zip, that is available at the following McAfee Web site:

http://www.mcafeeb2b.com/naicommon/avert/avert-research-center/tools.asp

MORE INFORMATION

WARNING: If you use Registry Editor incorrectly, you may cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that you can solve problems that result from using Registry Editor incorrectly. Use Registry Editor at your own risk.

To remove the W32/SirCam@MM virus manually, complete the following steps:
  1. If your computer is on a network, disconnect your computer from the network.
  2. If your computer is connected to the Internet, disconnect your computer from the Internet.
  3. Start Registry Editor (Regedt32.exe).
  4. Locate the following subkey in the registry:

    HKEY_CLASSES_ROOT\exefile\shell\open\command

  5. Double-click the value entry in the right pane of Registry Editor.
  6. In the String Editor dialog box, type the following string exactly as follows:

    "%1" %*

    To ensure accuracy, make sure that the string contains the following: double quotation mark, percent, the number one, double quotation mark, SPACE, percent, asterisk.

  7. Click OK to exit the String Editor dialog box.
  8. Locate the following subkey in the registry:

    HKEY_LOCAL_MACHINE\SOFTWARE\SirCam

  9. Delete the SirCam key by clicking the key and then clicking Delete on the Edit menu.
  10. Locate the following subkey in the registry:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices

  11. In the right pane of Registry Editor, delete the DRIVER32=C:\WINDOWS\SYSTEM\SCAM32.EXE value entry. Click the entry, and click Delete on the Edit menu.
  12. Quit Registry Editor.
The third-party products that are discussed in this article are manufactured by companies that are independent of Microsoft. Microsoft makes no warranty, implied or otherwise, regarding the performance or reliability of these products.

Microsoft provides third-party contact information to help you find technical support. This contact information may change without notice. Microsoft does not guarantee the accuracy of this third-party contact information.
Modification Type:MajorLast Reviewed:10/21/2003
Keywords:kbenv kbhowto KB308717
©2003 Microsoft Corporation. All rights reserved.