Jump to content
Posted 05 June 2007 - 01:25 AM
Posted 05 June 2007 - 01:43 AM
Edited by oldf@rt, 05 June 2007 - 01:49 AM.
Posted 05 June 2007 - 02:54 AM
Posted 05 June 2007 - 08:25 AM
You can kill this manually if you have the UBCD for windows:
you must check the dll size, not name. there is a version of erunt to backup the registry. Look for any files in system32 that end in temp with the same creation date as your problem. the file will have the same size as your dll. this is the exe that re creates the dll and re infects your machine clear all the run keys in the registry that match.
An XP boot disk can also run the recovery console. again, you must manually clean the SYSTEM32 subfolder and the registry.
Posted 05 June 2007 - 09:27 AM
I hope you cleaned up you startup list apps too. And able to do AV scan through the hdd means a success for your effort. Good luck.
ps:just curious about your deleting dll instead of exe's, neways..good luck
Posted 06 June 2007 - 12:39 AM
Posted 06 June 2007 - 03:23 PM
Posted 07 June 2007 - 08:46 AM
Just curious, did you try renaming HijackThis? Might be possible from the command line. Did you try any of the alternative scanners, such as Silent Runners or WinPFind3?
This virus sounds painful for the user but not terribly thorough. If it doesn't kill Regedit or Process Explorer it is probably not aware of the tools I just mentioned, either.
Since Regedit works an analyst could use a Silent Runners log to work up a manual fix. WinPFind3 does not even need Regedit -- it deletes files and reg keys from a script file that the analyst creates for the user.
Posted 07 June 2007 - 01:48 PM
Posted 07 June 2007 - 02:01 PM
Posted 07 June 2007 - 10:00 PM
Anyone know if following files (services) are needed by Windows 2000?
Edited by DaveM59, 07 June 2007 - 10:07 PM.
Posted 08 June 2007 - 02:42 AM
Posted 08 June 2007 - 06:42 AM
Posted 09 June 2007 - 04:26 AM
0 members, 0 guests, 0 anonymous users