Jump to content
Posted 15 December 2006 - 12:44 PM
Posted 15 December 2006 - 08:48 PM
Posted 16 December 2006 - 08:37 AM
Hello JTullFan, Glad you found the forum. ( Hope you don't mind my puns)
It seems you've got a "Cross-eyed Mary" there and she'll go jumping in again if you don't send her on the "Slipstream."
I'm "Thick as a Brick" as to what you ran so I'm recommending you try these:
Download and scan with AVG Anti-Spyware 7.5 Free in "SAFE MODE". How to start Windows in Safe Mode
Print out the AVG Install and Scan Instructions. HERE
Be sure to check for the any updates to all these programs after you install them.
Download and run SUPERAntiSypware, free version Home User
Also run the online scan here and quarantine the results.
TrendMicro online Scan
Post back with results or questions as we still have a "Minstral in the Gallery" (HJT) team to use if needed.
LOL, Love those puns....
I did a system scan in safe mode using Norton AV 2006, and it did not pick up the virus. I downloaded a program called NoAdware and run a "free" scan (not in safe mode). This program identified the W32.Dbit, and I found it in my registry under HKEY_LOCAL_MACHINE\SYSTEM\CURR. However, I am not sure if this is a "bogus" scan by the software to make you buy it to fix the problem. But I did locate the W32 in my registry after a manual search. I wondered if I just deleted it from the registry that would fix the problem? I also ran scans using Spybot and Adaware, and AVG (not in safe mode), but none of those picked up the virus! I contacted Norton and they said they would fix it remotely for a fee.
Posted 16 December 2006 - 09:13 AM
Posted 16 December 2006 - 10:59 AM
Here you can find the way to remove it.
W32/Dbit-B is a backdoor Trojan that attempts to infect .exe files and allows unauthorized remote access to the infected computer.
IMPORTANT NOTE: Keyloggers and backdoor Trojans are very dangerous. When infected by either of them you should disconnect the computer from the Internet until your system is cleaned. If your computer was used for online banking or has credit card information on it, all passwords should be changed immediately. You should consider them to be compromised They should be changed by using a different computer and not the infected one. Banking and credit card institutions should be notified of the possible security breech. Because your computer was compromised please read How to report ID theft, fraud, drive-by installs, hijacking and malware.
Follow Symantec's manual removal instructions found here. This involves making changes in the registry. Always back up your registry before making any changes. If you are not familiar with working in the registry, then you should NOT attempt to make any changes on your own. Improper changes to the registry could adversely affect your computer and render it inoperable.
Thanks for the info.
Posted 16 December 2006 - 11:39 AM
0 members, 0 guests, 0 anonymous users