Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virus Found Defiler


  • Please log in to reply
10 replies to this topic

#1 ShaySharon

ShaySharon

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:06 PM

Posted 07 August 2010 - 12:06 PM

Our family computer is used by our children and it appears top have a problem. AVG has detected 'Virus found defiler' and we need some help.

We have used AVG several times to clean it up but we are still getting the same symptome (if not as severe) when we start up.

Thanks!

Edited by hamluis, 07 August 2010 - 01:46 PM.
Moved from XP forum to Am I Infected ~ Hamluis.


BC AdBot (Login to Remove)

 


#2 hamluis

hamluis

    Moderator


  • Moderator
  • 55,232 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:03:06 PM

Posted 07 August 2010 - 12:26 PM

Can we get more info, please?

Saying that the system "is not right" isn't what I would consider to be very descriptive. Desciptions of symptoms are important when seeking advice/suggestions from those who cannot see what you can see...on your system.

System manufacturer and model?

Do you use XP's System Restore function?

Are you saving detected malware items in the AVG virus vault?

What detail does AVG reflect when it presents this notification?

Louis

#3 ShaySharon

ShaySharon
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:06 PM

Posted 07 August 2010 - 12:58 PM

Sorry for the brevity.

The System is a Dell Dimension E521
AMD Athlon64x2 Dual - Core Processor 3800+
1.0GHz 960MB RAM
Winows XP Home Edition Version 2002 SP3

Upon booting up, the systym displays the Windows XP start up then goes to black screen with the mouse pointer in the middle of the screen (regular size). Then nothing. I finally got it back up after several tries. This is not the first time this has happened.

Thanks,

Shay

#4 ShaySharon

ShaySharon
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:06 PM

Posted 07 August 2010 - 01:01 PM

Do you use XP's System Restore function?
No

Are you saving detected malware items in the AVG virus vault?
No

What detail does AVG reflect when it presents this notification?
Virus found defiler - object inexcessable on multiple entries.

Shay

#5 hamluis

hamluis

    Moderator


  • Moderator
  • 55,232 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:03:06 PM

Posted 07 August 2010 - 01:46 PM

Thanks :thumbsup:.

Louis

#6 ShaySharon

ShaySharon
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:06 PM

Posted 07 August 2010 - 01:54 PM

Louis, Here is the AVG Output file if that helps.
Thank you for your help.



Scan "Scan whole computer" completed.
Infections;"80";"40";"40"
Folders selected for scanning:;"Scan whole computer"
Scan started:;"Saturday, August 07, 2010, 11:47:53 AM"
Scan finished:;"Saturday, August 07, 2010, 12:26:57 PM (39 minute(s) 3 second(s))"
Total object scanned:;"251770"
User who launched the scan:;"Girls"

Infections
File;"Infection";"Result"
C:\WINDOWS\system32\wuauclt.exe (2344):\memory_10000000;"Virus found Defiler";"Object is inaccessible."
C:\WINDOWS\system32\wuauclt.exe (2344);"Virus found Defiler";""
C:\WINDOWS\system32\winlogon.exe (616):\memory_10000000;"Virus found Defiler";"Object is inaccessible."
C:\WINDOWS\system32\winlogon.exe (616);"Virus found Defiler";""
C:\WINDOWS\system32\svchost.exe (856):\memory_10000000;"Virus found Defiler";"Object is inaccessible."
C:\WINDOWS\system32\svchost.exe (856);"Virus found Defiler";""
C:\WINDOWS\system32\svchost.exe (288):\memory_10000000;"Virus found Defiler";"Object is inaccessible."
C:\WINDOWS\system32\svchost.exe (288);"Virus found Defiler";""
C:\WINDOWS\system32\svchost.exe (1064):\memory_10000000;"Virus found Defiler";"Object is inaccessible."
C:\WINDOWS\system32\svchost.exe (1064);"Virus found Defiler";""
C:\WINDOWS\system32\spoolsv.exe (1564):\memory_10000000;"Virus found Defiler";"Object is inaccessible."
C:\WINDOWS\system32\spoolsv.exe (1564);"Virus found Defiler";""
C:\WINDOWS\system32\services.exe (668):\memory_10000000;"Virus found Defiler";"Object is inaccessible."
C:\WINDOWS\system32\services.exe (668);"Virus found Defiler";""
C:\WINDOWS\system32\SearchIndexer.exe (988):\memory_10000000;"Virus found Defiler";"Object is inaccessible."
C:\WINDOWS\system32\SearchIndexer.exe (988);"Virus found Defiler";""
C:\WINDOWS\system32\lsass.exe (680):\memory_10000000;"Virus found Defiler";"Object is inaccessible."
C:\WINDOWS\system32\lsass.exe (680);"Virus found Defiler";""
C:\WINDOWS\system32\LEXPPS.EXE (1572):\memory_10000000;"Virus found Defiler";"Object is inaccessible."
C:\WINDOWS\system32\LEXPPS.EXE (1572);"Virus found Defiler";""
C:\WINDOWS\system32\LEXBCES.EXE (1480):\memory_10000000;"Virus found Defiler";"Object is inaccessible."
C:\WINDOWS\system32\LEXBCES.EXE (1480);"Virus found Defiler";""
C:\WINDOWS\system32\ctfmon.exe (4068):\memory_10000000;"Virus found Defiler";"Object is inaccessible."
C:\WINDOWS\system32\ctfmon.exe (4068);"Virus found Defiler";""
C:\WINDOWS\stsystra.exe (3668):\memory_10110000;"Virus found Defiler";"Object is inaccessible."
C:\WINDOWS\stsystra.exe (3668);"Virus found Defiler";""
C:\WINDOWS\Explorer.EXE (3132):\memory_10000000;"Virus found Defiler";"Object is inaccessible."
C:\WINDOWS\Explorer.EXE (3132);"Virus found Defiler";""
C:\Program Files\Windows Desktop Search\WindowsSearch.exe (2604):\memory_10000000;"Virus found Defiler";"Object is inaccessible."
C:\Program Files\Windows Desktop Search\WindowsSearch.exe (2604);"Virus found Defiler";""
C:\Program Files\Real\RealPlayer\RealPlay.exe (3676):\memory_10000000;"Virus found Defiler";"Object is inaccessible."
C:\Program Files\Real\RealPlayer\RealPlay.exe (3676);"Virus found Defiler";""
C:\Program Files\Plaxo\3.23.0.11\PlaxoSysTray.exe (316):\memory_10020000;"Virus found Defiler";"Object is inaccessible."
C:\Program Files\Plaxo\3.23.0.11\PlaxoSysTray.exe (316);"Virus found Defiler";""
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe (3476):\memory_10000000;"Virus found Defiler";"Object is inaccessible."
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe (3476);"Virus found Defiler";""
C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe (3756):\memory_10000000;"Virus found Defiler";"Object is inaccessible."
C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe (3756);"Virus found Defiler";""
C:\Program Files\Hewlett-Packard\hp LaserJet 1160_1320 series\ToolBoxFX\bin\HPTLBXFX.exe (3832):\memory_10000000;"Virus found Defiler";"Object is inaccessible."
C:\Program Files\Hewlett-Packard\hp LaserJet 1160_1320 series\ToolBoxFX\bin\HPTLBXFX.exe (3832);"Virus found Defiler";""
C:\Program Files\Hewlett-Packard\hp LaserJet 1160_1320 series\HP Software Update\HPWuSchd2.exe (3844):\memory_10000000;"Virus found Defiler";"Object is inaccessible."
C:\Program Files\Hewlett-Packard\hp LaserJet 1160_1320 series\HP Software Update\HPWuSchd2.exe (3844);"Virus found Defiler";""
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (3692):\memory_10000000;"Virus found Defiler";"Object is inaccessible."
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (3692);"Virus found Defiler";""
C:\Program Files\Dell\Media Experience\DMXLauncher.exe (3496):\memory_10000000;"Virus found Defiler";"Object is inaccessible."
C:\Program Files\Dell\Media Experience\DMXLauncher.exe (3496);"Virus found Defiler";""
C:\Program Files\Dell Support\DSAgnt.exe (4056):\memory_10000000;"Virus found Defiler";"Object is inaccessible."
C:\Program Files\Dell Support\DSAgnt.exe (4056);"Virus found Defiler";""
C:\Program Files\Dell AIO Printer A960\dlbfbmon.exe (3860):\memory_10000000;"Virus found Defiler";"Object is inaccessible."
C:\Program Files\Dell AIO Printer A960\dlbfbmon.exe (3860);"Virus found Defiler";""
C:\Program Files\Dell AIO Printer A960\dlbfbmgr.exe (3824):\memory_10000000;"Virus found Defiler";"Object is inaccessible."
C:\Program Files\Dell AIO Printer A960\dlbfbmgr.exe (3824);"Virus found Defiler";""
C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe (3900):\memory_10000000;"Virus found Defiler";"Object is inaccessible."
C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe (3900);"Virus found Defiler";""
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (2576):\memory_10000000;"Virus found Defiler";"Object is inaccessible."
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (2576);"Virus found Defiler";""
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (476):\memory_10000000;"Virus found Defiler";"Object is inaccessible."
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (476);"Virus found Defiler";""
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (172):\memory_10000000;"Virus found Defiler";"Object is inaccessible."
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (172);"Virus found Defiler";""
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe (3732):\memory_10000000;"Virus found Defiler";"Object is inaccessible."
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe (3732);"Virus found Defiler";""
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (1976):\memory_10000000;"Virus found Defiler";"Object is inaccessible."
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (1976);"Virus found Defiler";""
C:\Program Files\AVG\AVG9\avgwdsvc.exe (2032):\memory_10000000;"Virus found Defiler";"Object is inaccessible."
C:\Program Files\AVG\AVG9\avgwdsvc.exe (2032);"Virus found Defiler";""
C:\Program Files\AVG\AVG9\avgui.exe (3464):\memory_10000000;"Virus found Defiler";"Object is inaccessible."
C:\Program Files\AVG\AVG9\avgui.exe (3464);"Virus found Defiler";""
C:\Program Files\AVG\AVG9\avgscanx.exe (2860):\memory_10000000;"Virus found Defiler";"Object is inaccessible."
C:\Program Files\AVG\AVG9\avgscanx.exe (2860);"Virus found Defiler";""
C:\Program Files\AVG\AVG9\avgnsx.exe (1200):\memory_10000000;"Virus found Defiler";"Object is inaccessible."
C:\Program Files\AVG\AVG9\avgnsx.exe (1200);"Virus found Defiler";""
C:\Program Files\AVG\AVG9\avgchsvx.exe (1304):\memory_10000000;"Virus found Defiler";"Object is inaccessible."
C:\Program Files\AVG\AVG9\avgchsvx.exe (1304);"Virus found Defiler";""
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (2300):\memory_10000000;"Virus found Defiler";"Object is inaccessible."
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (2300);"Virus found Defiler";""
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe (1960):\memory_10000000;"Virus found Defiler";"Object is inaccessible."
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe (1960);"Virus found Defiler";""
C:\PROGRA~1\AVG\AVG9\avgtray.exe (3948):\memory_10000000;"Virus found Defiler";"Object is inaccessible."
C:\PROGRA~1\AVG\AVG9\avgtray.exe (3948);"Virus found Defiler";""

#7 cienpies

cienpies

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:05:06 PM

Posted 14 August 2010 - 04:06 PM

Hi Shay and Louis,

I have the same problem with XP Professional Edition:

This is my AVG 9.0 Internet Security scan output:


"C:\WINNT\system32\winlogon.exe (716):\memory_10000000";"Virus found Defiler"
"C:\WINNT\system32\winlogon.exe (716)";"Virus found Defiler"
"C:\WINNT\system32\services.exe (768):\memory_10000000";"Virus found Defiler"
"C:\WINNT\system32\services.exe (768)";"Virus found Defiler"
"C:\WINNT\system32\lsass.exe (780):\memory_10000000";"Virus found Defiler"
"C:\WINNT\system32\lsass.exe (780)";"Virus found Defiler"
"C:\WINNT\system32\svchost.exe (968):\memory_10000000";"Virus found Defiler"
"C:\WINNT\system32\svchost.exe (968)";"Virus found Defiler"
"C:\WINNT\system32\svchost.exe (1204):\memory_10000000";"Virus found Defiler"
"C:\WINNT\system32\svchost.exe (1204)";"Virus found Defiler"
"C:\Archivos de programa\AVG\AVG9\avgchsvx.exe (1276):\memory_10000000";"Virus found Defiler"
"C:\Archivos de programa\AVG\AVG9\avgchsvx.exe (1276)";"Virus found Defiler"
"C:\WINNT\system32\spoolsv.exe (1680):\memory_10000000";"Virus found Defiler"
"C:\WINNT\system32\spoolsv.exe (1680)";"Virus found Defiler"
"C:\Archivos de programa\AVG\AVG9\avgwdsvc.exe (1972):\memory_10000000";"Virus found Defiler"
"C:\Archivos de programa\AVG\AVG9\avgwdsvc.exe (1972)";"Virus found Defiler"
"C:\Archivos de programa\AVG\AVG9\avgfws9.exe (1996):\memory_10000000";"Virus found Defiler"
"C:\Archivos de programa\AVG\AVG9\avgfws9.exe (1996)";"Virus found Defiler"
"C:\Documents and Settings\All Users\Datos de programa\EPSON\EPW!3 SSRP\E_S30RP1.EXE (220):\memory_10000000";"Virus found Defiler"
"C:\Documents and Settings\All Users\Datos de programa\EPSON\EPW!3 SSRP\E_S30RP1.EXE (220)";"Virus found Defiler"
"C:\Archivos de programa\Intel\AMT\LMS.exe (512):\memory_10000000";"Virus found Defiler"
"C:\Archivos de programa\Intel\AMT\LMS.exe (512)";"Virus found Defiler"
"C:\Archivos de programa\Archivos comunes\Protexis\License Service\PSIService.exe (568):\memory_10170000";"Virus found Defiler"
"C:\Archivos de programa\Archivos comunes\Protexis\License Service\PSIService.exe (568)";"Virus found Defiler"
"C:\WINNT\System32\snmp.exe (696):\memory_10000000";"Virus found Defiler"
"C:\WINNT\System32\snmp.exe (696)";"Virus found Defiler"
"C:\WINNT\system32\svchost.exe (920):\memory_10000000";"Virus found Defiler"
"C:\WINNT\system32\svchost.exe (920)";"Virus found Defiler"
"C:\WINNT\System32\ups.exe (1072):\memory_10000000";"Virus found Defiler"
"C:\WINNT\System32\ups.exe (1072)";"Virus found Defiler"
"C:\WINNT\Explorer.EXE (1788):\memory_10000000";"Virus found Defiler"
"C:\WINNT\Explorer.EXE (1788)";"Virus found Defiler"
"C:\Archivos de programa\AVG\AVG9\avgemc.exe (2516):\memory_10000000";"Virus found Defiler"
"C:\Archivos de programa\AVG\AVG9\avgemc.exe (2516)";"Virus found Defiler"
"C:\Archivos de programa\AVG\AVG9\avgam.exe (2524):\memory_10000000";"Virus found Defiler"
"C:\Archivos de programa\AVG\AVG9\avgam.exe (2524)";"Virus found Defiler"
"C:\Archivos de programa\AVG\AVG9\avgnsx.exe (2628):\memory_10000000";"Virus found Defiler"
"C:\Archivos de programa\AVG\AVG9\avgnsx.exe (2628)";"Virus found Defiler"
"C:\WINNT\system32\mqtgsvc.exe (3412):\memory_10000000";"Virus found Defiler"
"C:\WINNT\system32\mqtgsvc.exe (3412)";"Virus found Defiler"
"C:\ARCHIV~1\AVG\AVG9\avgtray.exe (3492):\memory_10000000";"Virus found Defiler"
"C:\ARCHIV~1\AVG\AVG9\avgtray.exe (3492)";"Virus found Defiler"
"C:\WINNT\system32\ctfmon.exe (3584):\memory_10000000";"Virus found Defiler"
"C:\WINNT\system32\ctfmon.exe (3584)";"Virus found Defiler"
"C:\Archivos de programa\AVG\AVG9\avgui.exe (3232):\memory_10000000";"Virus found Defiler"
"C:\Archivos de programa\AVG\AVG9\avgui.exe (3232)";"Virus found Defiler"
"C:\Archivos de programa\AVG\AVG9\avgscanx.exe (2452):\memory_10000000";"Virus found Defiler"
"C:\Archivos de programa\AVG\AVG9\avgscanx.exe (2452)";"Virus found Defiler"

I found in AVG forums:
http://forums.avg.com/it-en/avg-free-forum...ow&id=11809
that the Defiler is the virus family, but they do not explain how to delete them.


If you find any solution to delete the "Defiler" family virus please let me know.

Thanks in advance for your kind help.

Edited by cienpies, 14 August 2010 - 04:09 PM.


#8 Alchohaz

Alchohaz

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:09:06 PM

Posted 12 October 2010 - 04:58 AM

Has anybody found a fix for this? I have looked at anothetr post on here that requires the use of Combifix, but my machine will NOT run Combifix, and i imagine this is related to the virus. Please can someone post a fix on here?

My symptoms are similar to that posted - Virus seems to be located and fixed and re-spawns at the same time - so if 54 virus's are located, only half are removed..

#9 TristanLBailey

TristanLBailey

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:05:36 AM

Posted 03 November 2010 - 10:01 PM

I have also been unfortunate in contracting the Defiler virus. However, I have discovered a solution to remove the virus. Make sure you are not running any programs in the foreground, before following these steps:

  • Switch on the option in Windows to view hidden files and folders, if not already done (Tools (menu) > Folder Options > View (tab) > Advanced Settings > Show hidden files and folders).
  • Open up the folder "C:\Documents and Settings\username\Local Settings\Temp" (where "username" is your username)
  • Select all files and folders within this folder (hold then release Ctrl + A keys).
  • Delete all files and folders selected (hold then release Shift + Delete keys). Click "Yes" on the dialog box that appears.

    There is a good chance that not every file and folder can be deleted. If you see an error message, click OK, remove the file/folder that it cannot delete from the current selection, then repeat step 4 above, until you have removed all the files and folders that you can. Note that these files/folders are not necessarily infected, but they are temporary (not important) and we are deleting them to help get a better picture.

    If you still see some files, proceed to step 5. If not, unfortunately I cannot help.
  • Click on the first file you see, then use the Shift + Delete key combination to try to delete it.
    If you can't delete it, move on to the next file, and repeat.

    What we are looking for, is a file that reappears shortly after it has been deleted. The name of the suspect file that I found, was "tqrvh.dat". This may be different in your case.

    If you have found such a file, proceed to step 6. If not, unfortunately I cannot help.
  • Double-click on the file to open it. This will not activate/reactivate the virus, so don't worry about that.
  • Click on "Select the program from a list option", if the option appears, and click OK. Highlight "WordPad" from the list of programs, then click OK.

    The contents of the file should now appear in WordPad. If it is the virus, the first line will start with the characters "MZ" (typical of program files), and if you scroll to the right, will either have "This program cannot be run in DOS mode" or "This program requires Microsoft Windows 32".
  • Select all of the contents/text in the file, by using the Ctrl + A key combination. Then, press either the Backspace or Delete keys, to delete the selected text.
  • Click on the Save button at the top, or go to File (menu) > Save.
  • Close the program.

    If there is more than one person using the computer system, each with their own separate login account, repeat steps 2-10 again, for each user account in the system. You will need to go back to the "C:\Documents and Settings" folder, to see other user account folders.
  • Restart the computer.
  • Go back to the folder (or folders if multiple users present) that contained the virus file, and delete the file (or files). It should not reappear.

If the steps above are followed, this should remove the virus. When the computer has rebooted, run another scan using AVG (or whatever antivirus program you are using), to see if the virus is still there. The file that was removed earlier, is what infects all processes running in the computer's memory (but not the files themselves).

The virus is designed to start up from the following registry entry:
Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32
String Name: midi9
String Value: C:\DOCUME~1\username\LOCALS~1\Temp\file.dat 2yDDEDOFNF
(where "username" is your username, and "file.dat" is the name of the virus file)

If you know how to use the Registry Editor (regedit.exe), then you can safely delete this value, but deleting the file is what matters the most. The value above was found by simply searching the name of the file in the Registry Editor. You may wish to do this, too.

Note to users of AVG: If you were having problems updating your version of AVG when the virus was present, you should be able to update properly, after the virus has been successfully removed.

Edited by TristanLBailey, 03 November 2010 - 10:06 PM.


#10 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,740 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:06 PM

Posted 03 November 2010 - 10:48 PM

A suggestion has been made that involves modifying the registry. Modifying the registry can be dangerous (and can render your system unbootable) so it's advisable that you make a backup of the registry before proceeding.
Modification of the registry can be EXTREMELY dangerous if you do not know exactly what you are doing so follow the steps that are listed below EXACTLY. if you cannot perform some of these steps or if you have ANY questions please ask BEFORE proceeding.

Backing Up Your Registry
  • Go Here and download ERUNT
    (ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)
  • Install ERUNT by following the prompts
    (use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)
  • Start ERUNT
    (either by double clicking on the desktop icon or choosing to start the program at the end of the setup)
  • Choose a location for the backup
    (the default location is C:\WINDOWS\ERDNT which is acceptable).
  • Make sure that at least the first two check boxes are ticked
  • Press OK
  • Press YES to create the folder.
Registry Modifications

For more information about modifying the registry, see this Microsoft article: http://support.microsoft.com/default.aspx/kb/256986
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#11 TristanLBailey

TristanLBailey

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:05:36 AM

Posted 06 November 2010 - 10:44 PM

Since first replying to this topic, I have found an article on Microsoft's Malware Protection Centre website, which closely resembles the registry entry for the virus:

http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Trojan%3AWin32%2FDaonol.H&ThreatID=-2147338375

According to the web page, the virus is a trojan virus, which also goes by the name of Daonol.

The page states that its primary purpose is to steal FTP credentials, but can have other functions, including the prevention of access to certain websites (bleeping computer is apparently included), and also system programs on your computer. It may also redirect your web browser to websites that harbour malware.

Edited by TristanLBailey, 06 November 2010 - 10:45 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users