J
Jacky
Any chance to get rid of them altogether?
Thanks
Thanks
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an alternative browser.
You should upgrade or use an alternative browser.
J
Jacky
Trend Micro was able to detect such Malware. But I had to go into each
directory and each time a detection
then a wipe-out was made. Are there handy ways to get rid of them with one
click or one command?
Thanks
directory and each time a detection
then a wipe-out was made. Are there handy ways to get rid of them with one
click or one command?
Thanks
G
Guest
Jacky said:Trend Micro was able to detect such Malware. But I had to go into each
directory and each time a detection
then a wipe-out was made. Are there handy ways to get rid of them with one
click or one command?
Thanks
Hi Jacky,
First try to Kill the Running process and the Executable file/folder which
propagate itself and create many entries to defeat the scanners and
Anti-viruses.
This Kind of Viral malware uses these Process RUNDL123.exe and LOGO1_.exe
Disable these running processes from the task manager.
Then Open Search and locate these :
RUNDL123.exe
LOGO1_.exe
_Desktop.INI and delete them by pressing SHIFT + DELETE.
You can use this tool:
http://www.purgeie.com/delinv/index.htm
Open a Run command and type in:
regedit.exe click [OK].
On the Registry Editor locate these Key and follow the Steps to delete and
modify them;
[-] HKEY_CURRENT_USER\Software\Microsoft\Windows NT\Current Version\Windows
= In the Right Pane/window locate this entry:
[ON] Load "%Windows%\RUNDL123.exe" delete the entry value
between the Quotes until the key looks like this: Load ""
[-] HKEY_LOCAL_MACHINE\Software\Soft = DownloadWWW Delete this Entry (Soft =
DownloadWWW ).
[-] HKEY_LOCAL_MACHINE\Software\Microsoft\Widows\CurrentVersion\Run = In the
right pane/window locate this Entry and Delete:
[ON] Load "%Windows%\RUNDL123.exe" Delete it .
The same with this Key:
[-] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Runonce =
delete the entry for that malware there.
[-] HKEY_LOCAL_MACHINE\System\Services = look for the services and delete
the entry for that malware running service in the serivces.
Again this malware having a File/folder on the system and keep generating
itsdelf again and aging every time the scan delete it's entries, so Delete
all TEMP files and Run Disk CleanUp on your system.
Scan for malwares by downloading this Software:
http://www.safer-networking.org for Spybot S&D
Run an Anti-Virus up2date and scan your computer to be sure there is n't
other infection created by this malware harboring any Trojs into your system.
You may got this through an E-mail attach or throguh shared file on a
network so look on the server if you have one get rid of that infection or
the infected file/folder.
HTH.
Regards,
nass
R
Rock
Any chance to get rid of them altogether?
Why not post to a malware removal site such as:
microsoft.public.security.homeusers
microsoft.public.security.virus
Malware Removal
http://www.elephantboycomputers.com/page2.html#Removing_Malware
THE PARASITE FIGHT
Finding, Removing & Protecting Yourself From Scumware
http://aumha.org/a/parasite.htm
Richard Harper's Guide to Cleaning Pests
http://rgharper.mvps.org/cleanit.htm
The most important question to ask is why are you getting infected? Not
practicing safe hex?
http://www.cert.org/tech_tips/before_you_plug_in.html#III
http://www.claymania.com/safe-hex.html