Re: backdoor.trojan virus alert
From: GateKeeper (GateKeeper_at_earth1ink.net)
Date: 07/21/04
- Next message: Jupiter Jones [MVP]: "Re: Prefetch Virus"
- Previous message: Val G.: "Prefetch Virus"
- In reply to: Phil: "backdoor.trojan virus alert"
- Next in thread: Tony: "backdoor.trojan virus alert"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 20 Jul 2004 19:02:15 -0400
You can't really uninstall IE 6 from Windows XP. Since Win98, it has
been virutally impossible to remove IE at all.
You can probably get rid of your hijacker by turning off System Restore,
then restarting in Safe Mode and performing your cleaning tasks
(antivirus scan, AdAware/Spybot/HijackThis scan, etc).
Turning off System Restore prevents the virus or trojan from hiding in
the backed up files. Restarting in Safe Mode prevents the adware, virus
or trojan from running at Startup time, so you can delete all the
infected files.
Also, you can try this: go to Internet Options while you are in Safe
Mode. Click the Advanced tab. Clear the checkbox for "Enable
third-party browser extensions." This option allows you to install
things like the Google toolbar, but it also leaves an opening for some
kinds of browser hijackers. Turning it off might help you solve your
problem.
Phil wrote:
> I've also got the about:blank problem with Internet
> Explorer which nobody has been able to help me resolve.
> My solution, and it's not a solution really, was to d/l
> and install Mozilla FireFox web browser. So far I've had
> no problem whatsoever with this browser and I've been to
> several websites with lots of good reviews for it. I'm
> wondering if an uninstall of IE 6.0 and then
> reinstallation would get rid of this about:blank problem.
> Even if it did, I'm staying away from IE because of its
> many vulnerabilities.
>
> As for my infected file, I'm going to delete the file from
> my registry. I was hoping someone from Microsoft could've
> shed a little light on the importance of this file
> (logkpc.dll)...i.e., what'll happen if I delete it vs my
> system/OS functioning properly. Before I go straight to
> the Registry Editor I'm going to give sandra's
> recommendation a shot. I'll post the results.
>
> Phil
>
>
>>-----Original Message-----
>>Mine's in C:\Windows\System 32\CTCL.DLL on my laptop, but
>>I am locked out of the file. What to do? I also had
>>the new home page, "blank"...thought it was due to my
>>grandkids. I can't find this CTCL in registry and unable
>>to repair or quarantine. It shows up in a regular
>>Windows search, but I don't know what program it is
>>associated with...Also, doesn't show up in the safe mode;
>>so, I am thinking CTCL perhaps is not essential.
>>
>>
>>>-----Original Message-----
>>>I recently spent a long time (a month off and on) trying
>>>to get rid of a hijacked home page (about:blank) In the
>>>end I used Ttime2Early's method found on this link. The
>>>file, etc will be different than yours, but part of his
>>>method (finding, renaming, then deleting a very hidden
>>>file AND using the registry editor he suggests) may be
>>>useful for you. I also used this registry editor to
>>>change a value to solve part of another (but related)
>>>problem.
>>>
>>>http://computercops.biz/article-5199-nested-0-0.html
>>>
>>>+++++++++++++++++++++++++++++++++++++++++++++++++++++++++
>>
>>+
>>
>>>>-----Original Message-----
>>>>Earlier today on my home PC, NAV gave me a virus alert
>>>
>>>for
>>>
>>>>Backdoor.Trojan. Typically my NAV fixes the problem
>>>
>>>right
>>>
>>>>away as per my default (i.e., deletes/removes any virus
>>>>found). Action taken for this particular virus
>>>
>>>is "Access
>>>
>>>>to the file was denied." I ran a full NAV scan in safe
>>>>mode (I use Windows XP) and the virus, of course, was
>>>>detected again with access to the file still denied.
>>>>
>>>>According to the Virus Alert, this trojan is located
>>
>>in -
>>
>>>>C:\Windows\System32\logkpc.dll
>>>>
>>>>When I search for this file in Windows Explorer I can't
>>>>locate it (and I have View Hidden Files enabled).
>>>>
>>>>When I go into the Registry Editor and search out the
>>>>file, I find it in -
>>>>
>>>>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
>>>>NT\CurrentVersion\Windows\
>>>>
>>>>Name: AppInit_DLLs
>>>>Type: REG_SZ
>>>>Data: C:\Windows\System32\logkpc.dll
>>>>
>>>>I'm not overly familiar with using the Registry Editor
>>>
>>>but
>>>
>>>>I can navigate my way through it and know that I can
>>>>delete files. Would deleting the AppInit_DLLs be a
>>>>dangerous thing to do?
>>>>
>>>>I can't think of anything else to do to get rid of this
>>>>problem. I'd really, really appreciate any help.
>>>
>>>Thanks
>>>
>>>>in advance.
>>>>
>>>>Phil
>>>>
>>>>Any feedback would be greatly appreciated here and to
>>
>>my
>>
>>>>email address listed above. Thanks!
>>>>
>>>>.
>>>>
>>>
>>>.
>>>
>>
>>.
>>
- Next message: Jupiter Jones [MVP]: "Re: Prefetch Virus"
- Previous message: Val G.: "Prefetch Virus"
- In reply to: Phil: "backdoor.trojan virus alert"
- Next in thread: Tony: "backdoor.trojan virus alert"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
