Microsoft KB Archive/308717

= How to Manually Remove the W32/SirCam@MM Virus from Windows 2000 =

Article ID: 308717

Article Last Modified on 3/29/2007

-

APPLIES TO


 * Microsoft Windows 2000 Professional Edition

-



This article was previously published under Q308717



IMPORTANT: This article contains information about modifying the registry. Before you modify the registry, make sure to back it up and make sure that you understand how to restore the registry if a problem occurs. For information about how to back up, restore, and edit the registry, click the following article number to view the article in the Microsoft Knowledge Base:

256986 Description of the Microsoft Windows Registry



SUMMARY
This article describes how to manually remove the W32/SirCam@MM virus from Windows 2000. Use this manual procedure only if you are unable to remove the virus by using the W32/SirCam@MM stand-alone removal tool, Scrmove2.zip, that is available at the following McAfee Web site:

http://www.mcafeeb2b.com/naicommon/avert/avert-research-center/tools.asp



MORE INFORMATION
WARNING: If you use Registry Editor incorrectly, you may cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that you can solve problems that result from using Registry Editor incorrectly. Use Registry Editor at your own risk.

To remove the W32/SirCam@MM virus manually, complete the following steps:  If your computer is on a network, disconnect your computer from the network. If your computer is connected to the Internet, disconnect your computer from the Internet. Start Registry Editor (Regedt32.exe). Locate the following subkey in the registry:

HKEY_CLASSES_ROOT\exefile\shell\open\command

 Double-click the value entry in the right pane of Registry Editor. In the String Editor dialog box, type the following string exactly as follows:

&quot;%1&quot; %*

To ensure accuracy, make sure that the string contains the following: double quotation mark, percent, the number one, double quotation mark, SPACE, percent, asterisk.

</li> Click OK to exit the String Editor dialog box.</li> Locate the following subkey in the registry:

HKEY_LOCAL_MACHINE\SOFTWARE\SirCam

</li> Delete the SirCam key by clicking the key and then clicking Delete on the Edit menu.</li> Locate the following subkey in the registry:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices

</li> In the right pane of Registry Editor, delete the DRIVER32=C:\WINDOWS\SYSTEM\SCAM32.EXE value entry. Click the entry, and click Delete on the Edit menu.</li> Quit Registry Editor.</li></ol>

The third-party products that are discussed in this article are manufactured by companies that are independent of Microsoft. Microsoft makes no warranty, implied or otherwise, regarding the performance or reliability of these products.

Microsoft provides third-party contact information to help you find technical support. This contact information may change without notice. Microsoft does not guarantee the accuracy of this third-party contact information.

Keywords: kbenv kbhowto KB308717

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.