Re: Remaining problems after SpySheriff infection
- From: "David H. Lipman" <DLipman~nospam~@Verizon.Net>
- Date: Fri, 30 Dec 2005 10:50:10 -0500
From: "Leo" <Leo@xxxxxxxxxxxxxxxxxxxxxxxxx>
| On one of the accounts on my computer, running under XP, I attracted the
| SpySheriff Troyan horse last Monday. As a result the desktop of this account,
| was covered with a dark bleu background with a black box on it and stating in
| big red letters that the computer was infected. All icons were still visible.
| Furthermore every few seconds a pop-up message appeared from the task bar
| indicating the same.
|
| After running AdAware SE, I was able to remove quite a few files which were
| linked to this or other unwanted programs. The bleu desktop background with
| the black box and red letters as well as the pop ups remained, however.
| Subsequently, I downloaded and ran Microsoft antiSpyware. Again a few
| unwanted files were found and remove from my PC. The bleu desktop background
| with black box and red letters, however, was still there; the pop ups were
| gone.
| Finally, McAfee was able to find even more files which were removed. I am
| now left with the bleu background, from which the black box with the red text
| is gone. I am not able to change the background of my desktop back to the
| original picture via screen properties.
|
| Furthermore, when starting up this account a now always get the following 2
| error messages (translated from Dutch):
| VCClient.exe: Can not initialize this application properly (0xc0000135).
| Press OK to terminate the application.
| VCMain.exe: Can not initialize this application properly (0xc0000135). Press
| OK to terminate the application.
|
| In the folder C:/program files/common files a folder is present named
| ?VCClient?. This contains a number of files.
|
| My other account, on the same computer, seems not to be affected.
|
| Questions:
| How can I get back the control over my desktop background and remove the
| bleu background?
| What to about the error messages when starting up the account?
| What is the function of the files in the VCClient folder; can I delete this?
| What more can I do to prevent further infections like this (besides not
| logging on to the net ;-))?
Two part reply..
Perform Part 1 then perform Part 2.
It is suggested that you execute each tool in Normal Mode then in Safe Mode.
If you are using any version of Sun Java that is prior to JRE Version 5.0, then
you are are strongly urged to remove any/all versions that are prior to JRE
Version 5.0. There are vulnerabilities in them and they are actively being exploited.
It is possible that is how you got infected with malware.
Therefore, it is highly suggested that if there are any prior versions of Sun Java
to Version 5 on the PC that they be removed and Sun Java JRE Version 5.0 Update 6
be installed ASAP.
http://www.java.com/en/download/manual.jsp
Use the alternate if the first two parts are ineffective...
Note: Alternate only for Win2K, WinXP and Win2003 Server
Part 1
-----------
Use noahdfear's SmitFraud and SpyAxe removal tool -- SmitRem.exe
http://noahdfear.geekstogo.com/click%20counter/click.php?id=1
http://www.bleepingcomputer.com/forums/topic36868.html
Part 2
-----------
Download SmitFraud.exe from the URL --
http://www.ik-cs.com/programs/virtools/SmitFraud.exe
Execute; SmitFraud.exe { Note: You must accept the default of C:\McAfee }
Choose; Unzip
Choose; Close
NOTE: You may have to disable your software FireWall or allow WGET.EXE to go through your
FireWall to enable WGET.EXE to download the needed McAfee related files.
Execute; c:\mcafee\clean.bat
{ or Double-click on 'Clean Link' in c:\mcafee }
A final report in HTML format called C:\mcafee\ScanReport.HTML will be generated. At the
end of the scan, it will be displayed in your browser (Opera, FireFox or Internet Explorer).
It is suggested that you move the report out of c:\mcafee before performing another scan.
Alternate:
Secured2K's SpyAxe, PSGuard, Smitfraud, Sinnaka and Alemod removal tool.
http://secured2k.home.comcast.net/tools/AntiPuper.exe
http://forums.mcafeehelp.com/viewtopic.php?t=65072
Please Copy and Paste the contents of the HTML Log file; C:\mcafee\ScanReport.HTML in your
reply.
* * * Please report back your results * * *
--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm
.
- Prev by Date: Re: NOD32 and KAPERSKY ANTIVIRUS PERSONAL
- Next by Date: Re: Remaining problems after SpySheriff infection
- Previous by thread: Re: NOD32 and KAPERSKY ANTIVIRUS PERSONAL
- Next by thread: Re: Remaining problems after SpySheriff infection
- Index(es):
Relevant Pages
|
