Re: Downloader-VA trojan??????
From: number1 (number1_at_blazemail.com)
Date: 02/17/05
- Next message: Stung By Downloader-UI: "Re: Removing Downloader-UI from MS-IE cache"
- Previous message: David H. Lipman: "Re: email virus"
- In reply to: Wouter: "Downloader-VA trojan??????"
- Next in thread: HMtech: "Re: Downloader-VA trojan??????"
- Reply: HMtech: "Re: Downloader-VA trojan??????"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: 17 Feb 2005 08:29:21 -0800
I had been fighting this same problem for the last several days, and
finally found the solution. This trojan seems to attach itself to
Internet Explorer as a helper program, and then when you launch IE, it
reinfects your computer. McAfee does detect the virus, but it does not
disinfect properly, at least it didn't for me.
First, be sure to turn off System Restore, because you will be deleting
some dll and sys files, and they may get restored automatically if you
don't.
Second, get a copy of the program StartupList from
http://www.spywareinfo.com/~merijn/downloads.html
You'll find it in the section labelled "Official Downloads".
Then, run the program. It will give you a lot of information about
programs that are starting up when your computer boots. Most of the
info you can ignore. Look for the section about Browser Helper Objects.
Here is what I found on my computer:
Enumerating Browser Helper Objects:
(no name) - C:\Program Files\Adobe\Acrobat
6.0\Reader\ActiveX\AcroIEHelper.dll -
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
(no name) - C:\WINDOWS\system32\xxculexp.dll -
{B2DF6264-FC5B-84D1-094D-3458CCC5331F}
(no name) - C:\WINDOWS\system32\cdafzfyu.dll -
{B3DCBF91-161B-0EC2-0358-4571A56E7459}
In my case, I deleted the two strange programs xxculexp.dll and
cdafzfyu.dll. I suspect that the names are randomly generated, so yours
will probably be different.
Then, check the Microsoft article at:
http://support.microsoft.com/?scid=kb;en-us;894278
and delete files that it refers to that you find. For example, I had
msupd6.exe, as well as cjoxroft.sys, and deleted those. Again, the
names assigned to your particular version of the trojan are probably
different.
Finally, go into Regedit, and delete any instances of any programs that
are like the ones that you deleted. So, I deleted any keys that
referred to xxcuplexp.dll, cdafzfuy.dll, msupd6.exe, and cjoxroft.sys.
Now, close Regedit and reboot the computer. Restart IE, and make sure
everything now works normally. Then turn System Restore back on.
Good luck. This seems to be a very nasty one.
Wouter wrote:
> Hello,
> Since a few days I get a warning from my
> virusscanner McAfee that the file:
> D:\Windows\system\drivers\hlmsfrd.sys
> was infected bij the downloader-VA
> trojan. It occurs everytime I start
> my internet or my mailprogram.
> I could not find where it comes from.
> Please, does anyone know a solution
> for me? Where can i remove it permentley?
- Next message: Stung By Downloader-UI: "Re: Removing Downloader-UI from MS-IE cache"
- Previous message: David H. Lipman: "Re: email virus"
- In reply to: Wouter: "Downloader-VA trojan??????"
- Next in thread: HMtech: "Re: Downloader-VA trojan??????"
- Reply: HMtech: "Re: Downloader-VA trojan??????"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
