Problem solve Get help with specific problems with your technologies, process and projects.

SirCam remedy

My virus software found sircam.worm@mm and now when I try to open any program I get a window called "real time protector for windows," and my access is denied. It appears I am missing something called Sirc32.exe. Any prompt advice for a solution is greatly appreciated!

I checked with one of my friends who has taken this little nasty apart. He passed on the info you need to fix this.

When the SirCam virus infects your machine, the default value of the registry key:
is set to
C:\recycled\sirc32.exe "%1" %*"

This change to the registry ensures that the virus runs first each time you try to run any executable. If the removal process used eliminates the sirc32.exe file but does not correct the registry, then no executables will be able to run, as the file no longer exists.

To get around this, the file regedit.exe will need to be renamed to regedit.com and the key corrected to read:
@= "%1" %*"

There is a batch file that will make this fix available here.
This was last published in July 2001

Dig Deeper on Information security policies, procedures and guidelines

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.