Re: Backdoor.MLink

From: David H. Lipman (DLipman~nospam~_at_Verizon.Net)
Date: 10/18/04 

Date: Mon, 18 Oct 2004 17:07:32 -0400

1) Download the following three items...

         Trend Sysclean Package
         http://www.trendmicro.com/download/dcs.asp

         Latest Trend signature files.
         http://www.trendmicro.com/download/pattern.asp

         Adaware SE (personal free version)
         http://www.lavasoftusa.com/

Create a directory.
On drive "C:\"
(e.g., "c:\New Folder")
or the desktop
(e.g., "C:\Documents and Settings\lipman\Desktop\New Folder")

Download sysclean.com and place it in that directory.
Dowload the signature files (pattern files) by obtaining the ZIP file.
For example; lpt202.zip

Extract the contents of the ZIP file and place the contents in the same directory as
sysclean.com.

2) Update Adware with the latest definitions.
3) If you are using WinME or WinXP, disable System Restore
        http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm
4) Reboot your PC into Safe Mode
5) Using both the Trend Sysclean utility and Adaware, perform a Full Scan of your
        platform and clean/delete any infectors/parasites found.
        (a few cycles may be needed)
6) Restart your PC and perform a "final" Full Scan of your platform using both the
        Trend Sysclean utility and Adaware
7) If you are using WinME or WinXP,Re-enable System Restore and re-apply any
        System Restore preferences, (e.g. HD space to use suggested 400 ~ 600MB),
8) Reboot your PC.
9) If you are using WinME or WinXP, create a new Restore point
10) Please report back your results

Dave

"Nancy" <Nancy@discussions.microsoft.com> wrote in message
news:7C5BD5F0-AC0B-4C0C-972C-E52BE6BF23A1@microsoft.com...
| This is my virus detection report:
| Scan type: Realtime Protection Scan
| Event: Virus Found!
| Virus name: Backdoor.MLink
| File: C:\WINNT\system32\m2syadll.dll
| Location: C:\WINNT\system32
| Computer: JINBO_LAPTOP
| User: nancy
| Action taken: Clean failed : Quarantine failed : Access denied
| Date found: Monday, October 18, 2004 8:17:29 PM
|
| Then I update the virus definitions, run a full system scan under safe model.
|
| And there is no any "Magic Link Server" value in
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
| What is wrong?
|
| Thanks a lot
|
| Nancy

Relevant Pages

  • Re: a new virus??
    ... (e.g., "c:\New Folder") ... Download sysclean.com and place it in that directory. ... If you are using WinME or WinXP, disable System Restore ... i have norman virus program and firewall, ...
    (microsoft.public.security.virus)
  • Re: Is anyone experience like this? How did you removed this threat?
    ... | i'm not sure if these is the right place to post virus problems, ... | infected by backdoor these time on volume C. system restore. ... FireWall to allow it to download the needed AV vendor related files. ... This will bring up the initial menu of choices and should be executed in Normal Mode. ...
    (microsoft.public.windowsxp.general)
  • Re: virus problem
    ... > prompts me to this virus but cannot delete it. ... *not* contained only in System Restore points. ... Mode with TrendMicro's Sysclean: ... Create a new folder on your Desktop or the C: ...
    (microsoft.public.windowsxp.security_admin)
  • Re: heretofind problem
    ... (e.g., "c:\New Folder") ... Download sysclean.com and place it in that directory. ... If you are using WinME or WinXP, disable System Restore ...
    (microsoft.public.scripting.virus.discussion)
  • Re: Need help IE uncrontrollable website access
    ... (e.g., "c:\New Folder") ... Download sysclean.com and place it in that directory. ... If you are using WinME or WinXP, disable System Restore ...
    (microsoft.public.security.virus)
Quantcast