Re: Backdoor.Trojan Help

From: David H. Lipman (DLipman~nospam~_at_Verizon.Net)
Date: 11/26/03 

Date: Tue, 25 Nov 2003 20:01:24 -0500

There are multiple infectors that attack Regedit or the ability to execute Regedit.
The following are a sample....

IRC/Stages.worm - http://vil.nai.com/vil/content/v_98668.htm
W32/Navidad@M - http://vil.nai.com/vil/content/v_98881.htm
APStrojan.qa@MM - http://vil.nai.com/vil/content/v_10567.htm
Prova - http://vil.nai.com/vil/content/v_99623.htm

What did McAfee indicate as the name of the infector ?

Go to Trend and/or McAfee and perform an online scan. Report back your findings.

Dave

"K" <NitrousRabbit@Hotmail.com_> wrote in message
news:6ba601c3b3b6$316f3fa0$a601280a@phx.gbl...
| I was sending an email through Hotmail with an attachment,
| and when I tried to attach the (bmp) file, McAfee VS (used
| by Hotmail) said that there was a virus detected in the
| file and denied to send it. I could not find my VS disk,
| and had not yet loaded it on my new laptop, so I
| downloaded Stop Sign virus scanner, because it was the
| first free scanner I could find. It picked up 31 different
| Spyware programs and a Backdoor.Trojan program. It listed
| the program folder, so I quickly manually deleted it
| (Mailer.exe). I then looked at some references on the
| internet about how to remove Backdoor.Trojan programs.
| They said to manually delete the file, then use Regedit to
| delete any keys directed to that file. When I type Regedit
| in the Run box in the Start Menu, Regedit opens for a
| quick flash, then closes immediately. This happens every
| time that I open Regedit. Some times, it takes about 1-2
| seconds to close, though. I restarted my PC to try to open
| Regedit again, and after Windows came up when I restarted,
| I got many error messages that were quickly covered up by
| a blue DOS screen reading that kernel32.dll had an error.
| I restarted again, trying to enter safe mode, but the
| computer just froze after the windows startup screen came
| up. I unplugged my network cord from my computer, and was
| able to, after ZoneAlarm was loaded, plug it back in and
| access the internet for some tech support.
| Is there a Trojan that will disable Regedit in order to
| keep itself from being deleted manually?

Relevant Pages

  • Re: mcaree32 virus
    ... I did a search of the c drive for mcafee, ... > regedit of the registry, I examined the startup tab of msconfig and cannot ... > find anything that matches mcafee, but I still get the error on boot. ...
    (microsoft.public.windowsxp.help_and_support)
  • Re: My Regedit wont work
    ... still won't pull up regedit at all. ... All i want to do is just completly uninstall all of my mcafee software... ... > The Registry Editor should be in the Windows folder. ...
    (microsoft.public.windowsxp.help_and_support)
  • Re: tasks unexpectedly close down
    ... Well you do have a virus. ... It's stopping McAfee and regedit. ... > on a home network. ...
    (microsoft.public.windowsxp.general)
  • Re: Cannot run cmd or command prompt
    ... This would make sense since I was able to open regedit by changing the name ... it referenced virus infected registry lines that the ... explorer resets, but no window opens. ... What is the error message when you try to run command prompt? ...
    (microsoft.public.windowsxp.perform_maintain)
  • Regedit will not open
    ... If I select Start and Run and type in regedit then the normal explorer type ... A DOS window opens with the blue toolbar stating ...
    (microsoft.public.windowsxp.help_and_support)