Re: BTE35.SYS Virus



From: "John" <John@xxxxxxxxxxxxxxxxxxxxxxxxx>

| I was able to remove BTE35.SYS by puting the infected hard drive into another
| system and deleting that file.
|
| After that I put the hard drive back and it boot up fine. I removed all
| BTE35.SYS from the registry okay now. But when it was infected with
| BTE35.SYS, I could not remove it from the registry. There was some
| permissions problem before.
|
| Also all Administrator rights came back after BTE35.SYS was removed.
|
| I now running a full virus scan and spybot scan.
|
| BTE35.SYS was downloaded by Trogan.Pandex, The user said a "friend" gave a
| him a "screensaver" to install.
|
| Thanks
|

Malware will often protect the Registry keys that loads the malware as an act of self
preservation.

Using a surrogate PC to perform a anti malware scan or to remove files is a good idea but
most people don't have a second PC, or the capability, to use a surrogate PC. That why my
suggestion was to to use the Recovery Console.

I still suggest installing the Recovery Console as it is easier to boot in to the Recovery
Console then it is to remove a harddisk from an infected PC and install it in a surrogate
PC.

Please read the following on this Trojan. Especially the Technical Details.
Trojan.Pandex -- http://www.symantec.com/security_response/writeup.jsp?docid=2007-042001-1448-99

I do strongly suggest using my Multi AV Scanning Tool (SpyBot in this case is insufficient)
as Symantec *may* miss peer files and other Trojans that may be on the PC. I suggest
starting with the Sophos module as Sophos was identified in the above URL as also knowing
this Trojan as;
Troj/Pushdo-B - http://www.sophos.com/virusinfo/analyses/trojpushdob.html
http://www.sophos.com/security/analyses/search-results/?search=Pushdo&product_search=virus_search&action=search&submit.x=61&submit.y=13


--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp


.



Relevant Pages

  • Re: sudo without password
    ... malware problem hits Linux in a big way. ... trojan does get through. ... This is not a second line of defense, it's just some kind of intrusion ... People should know that it may be dangerous to install stuff from ...
    (Ubuntu)
  • Re: E-mail virus stuff killing my office
    ... >keep getting hit by these stupid e-mail worms, trojan horses, etc. ... and *every* new malware has a "Day Zero" ... Don't send attachments unless you need to, and if you do, describe ...
    (microsoft.public.security.virus)
  • Re: Equipment Questions - Modem/Router
    ... and notifies you of any program that tries to install itself so that it ... will start when Windows starts (which most malware does). ... BTW, in my remote area, they are the only ISP provider. ... But I found out I may have gotten a Trojan Horse from a site I trusted. ...
    (microsoft.public.windowsxp.help_and_support)
  • Trojan Freezes Computer, Demands Ransom
    ... A new kind of malware circulating on the Internet freezes a computer ... A sample of the Trojan horse virus was sent to Sophos, ... vendor, said Graham Cluley, senior technology consultant. ...
    (soc.culture.vietnamese)
  • Re: Why those different names?
    ... | different names for the same virus, trojan horse and so on...? ... Additionally there may be a given infector where none will give it the same name. ... convention for malware that was deemed to have infected numerous systems. ... MITRE Common Malware Enumerator list. ...
    (microsoft.public.security.virus)