Re: Solution to mIRC and Secedit Virus Networking Problems
From: Alison Taylor (alison_taylor@canada.com)
Date: 09/23/02
- Next message: Dan Wislon: "How are they getting my usernames"
- Previous message: Consultant®: "Re: Migrating from win nt4"
- In reply to: aladin: "Re: Solution to mIRC and Secedit Virus Networking Problems"
- Next in thread: Brian Mulrooney: "Re: Solution to mIRC and Secedit Virus Networking Problems"
- Reply: Brian Mulrooney: "Re: Solution to mIRC and Secedit Virus Networking Problems"
- Reply: aladin: "Re: Solution to mIRC and Secedit Virus Networking Problems"
- Reply: aladin: "Re: Solution to mIRC and Secedit Virus Networking Problems"
- Reply: Rich Benack [MS]: "Re: Solution to mIRC and Secedit Virus Networking Problems"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: alison_taylor@canada.com (Alison Taylor) Date: 23 Sep 2002 12:29:01 -0700
Many thanks to both Edward and Kyle for information on this virus. I
have attempted to carry out all your suggestions since my computer was
infected several days ago.
I have some lingering problems and am wondering if anyone else has
seen these and can suggest fixes. The most notable problem is that my
computer reboots during bootup. The Win2000 login prompt comes up ok
and I log in to my account (which has administrator privileges, dont
know if that is relevant). Then the programs with incons in the
taskbar launch. During the launching of these programs, or
immediately after, the computer then reboots.
Another thing I noted was in the registry. Under
HKEY_LOCAL_MACHINE/Software/Microsoft/Windows/CurrentVersion/Run there
is an entry "Adobea" which was pointing to
C:winnt\system32\adobes.exe, which Norton AntiVirus had identifies as
and IRC Trojan. There does exist a file called Adobea.exe in the
system32 directory, but I don't know whether it is also a
trojan-created file or whether it needs to be there. I currently have
the adobea entry pointing to a non-existent file till I have this
sorted out.
I am not familiar enough with all the services to know which should be
disabled and which should be enabled. I am guessing that during my
attempts to rollback the changes made by the virus I have messed up my
services and registry settings, causing the crash on startup. I don't
need to allow anyone to log in remotely or provide any services to
remote users. Can anyone out there suggest a minimal list of services
to run?
Thanks for any replies,
Alison
aladin168@hotmail.com (aladin) wrote in message news:<bf0f8e77.0209050049.24860609@posting.google.com>...
> Hi Edward Alfert,
> I referenced the steps you wrote in my document. They are nice steps
> and most importantly, it was tested and worked for many people. Great
> job!
>
> Here is my analysis:
>
> Sorry guys if this is a repeat. I kind of need to make a correction
> on the steps to restore security templates, and I just referenced
> Edward Alfert's instructions:
>
> More Analysis on ocxdll.exe virus: v. 1.1
>
> Kyle Lai, CISSP, CISA
> aladin168@hotmail.com
>
>
- Next message: Dan Wislon: "How are they getting my usernames"
- Previous message: Consultant®: "Re: Migrating from win nt4"
- In reply to: aladin: "Re: Solution to mIRC and Secedit Virus Networking Problems"
- Next in thread: Brian Mulrooney: "Re: Solution to mIRC and Secedit Virus Networking Problems"
- Reply: Brian Mulrooney: "Re: Solution to mIRC and Secedit Virus Networking Problems"
- Reply: aladin: "Re: Solution to mIRC and Secedit Virus Networking Problems"
- Reply: aladin: "Re: Solution to mIRC and Secedit Virus Networking Problems"
- Reply: Rich Benack [MS]: "Re: Solution to mIRC and Secedit Virus Networking Problems"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
