dan said:
Post here trying to get some leads as how can I get rid of the above trojan.
Using xp prof and I ran Norton but it did not find anything (either in safe
mode or normalmode with latest definition). I ran housecall but it does not
seems to be unable to fix it (either in safe mode or normal mode). I also
use Sophos SAV32CLI to clean it but to no avail.
Its located at c:\windows\system32\xkrdk.dll. Can I just delete "xkrdk.dll"
file? I noticed that I cannot turn of the screen saver. It will always goes
back to the default setting at 10 min (after "apply" it)........ any other
options other than clean installation, thanks
Hi Dan,
Open Windows Explorer and locate these entries/paths:
C:\Windows\Stsrem32\OKKK
C:\Windows\Stsrem32\OKJKMTV.DLL
C:\Windows\Stsrem32\SUSPECT.DL
C:\Windows\Stsrem32\xkrdk.dll
C:\Windows\Stsrem32\OKKMTV.DLL.BAD
Delete the DLLs for this trijans if they are there.
= Open a run command and trype in;
regedit click [OK]
On the Registry Editor locate this Keys:
[-] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run =
Look in the Right Pane/Window and delete the entries for these programs you
think it is malicious.
[-]HKEY_CLASSES_ROOT\CLSID= Delete this clsid
=>{8329660f-e248-4872-98cc-fb9c4fec7ba8}
[-]HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Sha
redTaskScheduler
[-] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run =
Look in the Right Pane/Window and delete the entries for these programs you
think it is malicious.
1... Click start >> Control Panel >> Double Click Network and Internet
Connections >> Double click Internet Options, on the IE Properties window
you will see these Options:
General | Security | Privacy | Content | Connections | Programs
| Advanced .
Click on General Tab (1st Tab on the left) and you will see a Button called
[ Clear History ..] click on it to clear your History caches, then click on
[Delete Files..] to delete Internet Files created over the time, click on [
Delete Cookies...] to delete your cookies left by visiting websites.
= Then try to Disable the Add-Ons on your Browser somehow installed on your
browser, On how to disable the Add-ons follow this:
Click on Programs Tab and then click the Manage Add-Ons Button there Disable
the None/Not Verified Plug-ins/Add-ons ( you need to Renable them one-by-one
later and see which is the culprit or you can send them here in your next
post) and click [OK] to confirm your Changes.
Click on Advanced Tab and scroll down under the browsing option and uncheck
this box:
[&] Browsing
[ ] Enable Third-Party browser extensions (Req Rest) and click Apply
then OK to close your IE Properties.
=Run a scan from here online:
http://www3.ca.com/securityadvisor/virusinfo/scan.aspx
Download Avast Cleaner from here:
http://www.avast.com/eng/avast-virus-cleaner.html
Lots of tools to download and disinfect your machine:
http://www.bitdefender.co.uk/site/Downloads/browseFreeRemovalTool/
2.... And also for malwares from here:
http://www.lavasoft.com/products/ad-aware_se_personal.php
http://www.safer-networking.org ; for Spybot S&D
Run disk Clean Up and check all the boxes to clean up all temps.
3= If you still can't rid of infection download the Hijackthis and send the
report to one of
many
forums for analysis and troubleshooting:
When all else fails, HijackThis v1.99.1
(
http://aumha.org/downloads/hijackthis.zip) is the preferred tool to use.
It will help you to both identify and remove any hijackware/spyware. Post
your log to
http://aumha.net/viewforum.php?f=30,
http://castlecops.com/forum67.html,
http://forums.subratam.org/index.php?showforum=7, or other appropriate
forums for expert analysis, not here.
Please perform one step (1,2,3) at a time and see if the infection be
eradicated from your system
HTH.
Let us know.
Regards,
nass
