Re: TrojanDownloader Virus
From: Disnardo Alfonso (disnardo_at_startrek.net)
Date: 04/25/04
- Next message: Disnardo Alfonso: "Re: Can't delete a File"
- Previous message: Fred Marshall: "Re: random 8.exe processes starting / running"
- In reply to: Trafton: "Re: TrojanDownloader Virus"
- Next in thread: Trafton: "Re: TrojanDownloader Virus"
- Reply: Trafton: "Re: TrojanDownloader Virus"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sat, 24 Apr 2004 18:35:05 -0400
Thanks Benjamin, I got lucky and found my config utility in my help support
file. I opened the config utility and set my start up to re-start in safe
mode, which it asked and did automatically. Since this virus file was set to
run on startup, it was difficult to delete normally.
Then I used my NAV to scan my virus holding file, it did and quarranteed it,
and then I was able to delete it. Also went into my folders where the virus
was hidden and also deleted.
Next, I went into ran into regedit and looked into these registry files
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
and delete the reference virus files in the directories. I found out that I
had the same virus reference files in both, but could only see it in one of
the registry files during "safe mode."
I went back into the config utility and adjusted it to normal start up and
re-started the pc and went back into and ran the regedit, back into the
registry file and found the other virus reference file and deleted it. Ran
the NAV and found my system clean
I hope the info I have left may be useful for others...
Regards, Disnardo
"Trafton" <traftonofjj2SPAM@yahoo.com> wrote in message
news:OJgLgRkKEHA.2624@TK2MSFTNGP09.phx.gbl...
> Hi Disnardo,
>
> Various systems may boot in safe mode using different keys. Have you tried
> DEL or BACKSPACE? In addition, if you press the power off button during
the
> bootup sequence while the XP logo is appearing, it will automatically boot
> in safe mode. If neither of these work, feel free to post back. You may
wish
> to contact your computer manufacturer to find out what key it is before
> trying the second way, though, since it is not highly recommended.
>
> Sincerely,
> Benjamin Johnstone-Anderson
> Microsoft MVP - Windows Security
> Remove "SPAM" from email address to reply!
> Security Manifest: www.msmvps.com/trafton/
>
> "Disnardo Alfonso" <disnardo@startrek.net> wrote in message
> news:uJLiJCkKEHA.1272@tk2msftngp13.phx.gbl...
> > Hello, somehow through my NAV and firewall, i still got this virus.
> > I have tried with NAV to quarrantee, or delete this file to no evail. It
> > is
> > on my windows/sytem32 and is using wmplayer.exe file as its title. I
have
> > also tried to regedit like the intructions on the NAV tech support to
> > remove
> > it.
> > My problem now is i cannot start my pc on safe mode. My XP home system
> > would
> > show as F8 (key) to start in safe mode but it does not...
> >
> > Any help would be appreciated..
> >
> >
>
>
- Next message: Disnardo Alfonso: "Re: Can't delete a File"
- Previous message: Fred Marshall: "Re: random 8.exe processes starting / running"
- In reply to: Trafton: "Re: TrojanDownloader Virus"
- Next in thread: Trafton: "Re: TrojanDownloader Virus"
- Reply: Trafton: "Re: TrojanDownloader Virus"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
