Re: Downloader-VA trojan??????

• Previous message: woodturner: "Re: win32.imiserv. D trojan"
• In reply to: SG: "Re: Downloader-VA trojan??????"
• Next in thread: ddtraveller_at_yahoo.com: "Re: Downloader-VA trojan??????"
• Reply: ddtraveller_at_yahoo.com: "Re: Downloader-VA trojan??????"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: 13 Feb 2005 07:01:59 -0800

I have the same virus. I'm using Firefox now which doesn't seem to be
affected.

I tried that knowledge base article and was able to remove the .sys
files but the .exe files weren't there and so I have the same problem.
I searched my system for the exes but couldn't find them.

When I start IE I get an error from
c:\windows\system32\drivers\ungylsqv.sys

McAfee's says it's deleting it but when I start up again it says the
virus is coming from there again so I suspect that an exe somewhere is
creating that file to kick things off everytime IE starts.

I found it in my registry at
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ungylsqv

I found the exes referenced at
HKEY_CURRENT_USER\Software\Microsoft\Search Assistant\ACMru\5603

Looks like this virus is coming from search assistant. It's already
been uninstalled but I can't keep this virus from popping back up.

Deleting those reg keys didn't help at all...

Maybe I just need to reboot now...

Argh!

I will post back if I can find some way to get rid of this thing.

Dave

hostsearch.com

"SG" <sorry@nomail.com> wrote in message news:<eXoq8HREFHA.3972@TK2MSFTNGP15.phx.gbl>...
> See this KB Article...
> http://support.microsoft.com/?scid=kb;en-us;894278
>
> All the best,
> --
> George Aker aka SG
> Google is your friend www.google.com
> Anything else is just a search engine
> "Wouter" <Wouter@home> wrote in message
> news:exkaCGIEFHA.3592@TK2MSFTNGP15.phx.gbl...
> > I used all solutions, but nothing helped.
> > Ad-aware found 43 infected files.
> > Stinger found nothing.
> > The problem stays. Please, do you have more suggestions?
> > (When I start Internet, the scanner found this trojan, deletes it, so I
> can
> > not submit it.)
> >
> > "Wouter" <Wouter@home> wrote in message
> > news:#j610UGEFHA.3648@TK2MSFTNGP10.phx.gbl...
> > > Hello,
> > > Since a few days I get a warning from my virusscanner McAfee that the
> > file:
> > > D:\Windows\system\drivers\hlmsfrd.sys was infected bij the downloader-VA
> > > trojan. It occurs everytime I start my internet or my mailprogram.
> > > I could not find where it comes from. Please, does anyone know a
> solution
> > > for me? Where can i remove it permentley?
> > >
> > >
> >
> >

• Previous message: woodturner: "Re: win32.imiserv. D trojan"
• In reply to: SG: "Re: Downloader-VA trojan??????"
• Next in thread: ddtraveller_at_yahoo.com: "Re: Downloader-VA trojan??????"
• Reply: ddtraveller_at_yahoo.com: "Re: Downloader-VA trojan??????"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]