Re: Removing W32.Hitapop Virus?
- From: "David H. Lipman" <DLipman~nospam~@Verizon.Net>
- Date: Sun, 12 Apr 2009 07:50:48 -0400
From: "Mike950" <Mike950@xxxxxxxxxxxxxxxxxxxxxxxxx>
| Thanks for the reply David, but as I indicated in my post, (I have Explorer
| set to show hidden and systems files.) but I still can find those files.
| Since I was unable to find those two folders and the file, I ran a NAV on
| just the Temp folder where they were supposed to be and NAV indicates that
| the folders are virus free. Now I'm not sure what is going on because first
| NAV says it "Blocked" (NOT REMOVED) W32.Hitahop and says the virus files are
| in that Temp folder but when I run NAV on that folder, it says it's clean.
| I also checked the Registry entry, "HKEY\SOFTWARE\Microsoft\Windows
| NT\CurrentVersion\Winlogon" The value is:
| C:\WINDOWS\system32\userinit.exe Which I believe is the correct value (or
| is it?).
| Here's what Symantec said about the Registry value that should be changed:
| In the right pane, restore the default value:
| from:
| "Userinit" = "C:\WINDOWS\System32\userinit.exe,rundll32.exe
| %System%\winsys16_[RANDOM DIGITS].dll start"
| "Userinit" = "%System%\userinit.exe, "
| The problem with that suggestion from Symatec is that there is no "Userinit"
| value line at the location:
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
| A lot of help they are... lol Anyway, if you have any more ideas or
| suggestions, I sure would appreciate hearing back from you. Thanks, Mike
Like I said, it looks to be a new variant. That description is old.
Even if you have Explorer view Hidden and System attributes, the active trojan can still
mask its view in Explorer.
Have you booted into Safe Mode and performed a scan ?
Hav you tried another anti virus "On Demand" scanner ?
If not...
Download MULTI_AV.EXE from the URL --
http://www.pctip.ch/ds/28400/28470/Multi_AV.exe
or
http://212.98.39.7/ds/28400/28470/Multi_AV.exe
http://www.pctip.ch/downloads/dl/35905.asp
or
http://212.98.39.7/downloads/dl/35905.asp
English:
http://www.raymond.cc/blog/archives/2008/01/09/scan-your-computer-with-multiple-anti-virus-for-free/
To use this utility, perform the following...
Execute; Multi_AV.exe { Note: You must use the default folder C:\AV-CLS }
Choose; Unzip
Choose; Close
Execute; C:\AV-CLS\StartMenu.BAT
{ or Double-click on 'Start Menu' in C:\AV-CLS }
NOTE: You may have to disable your software FireWall or allow WGET.EXE to go through your
FireWall to allow it to download the needed AV vendor related files.
C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in C:\AV-CLS}
This will bring up the initial menu of choices and should be executed in Normal Mode.
This way all the components can be downloaded from each AV vendor's web site.
The choices are; Sophos, Trend, McAfee, Kaspersky, Exit this menu and Reboot the PC.
You can choose to go to each menu item and just download the needed files or you can
download the files and perform a scan in Normal Mode. Once you have downloaded the files
needed for each scanner you want to use, you should reboot the PC into Safe Mode [F8 key
during boot] and re-run the menu again and choose which scanner you want to run in Safe
Mode. It is suggested to run the scanners in both Safe Mode and Normal Mode.
When the menu is displayed hitting 'H' or 'h' will bring up a more comprehensive PDF help
file.
* * * Please report back your results * * *
--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
.
- Follow-Ups:
- Re: Removing W32.Hitapop Virus?
- From: Mike950
- Re: Removing W32.Hitapop Virus?
- References:
- Removing W32.Hitapop Virus?
- From: Mike950
- Re: Removing W32.Hitapop Virus?
- From: David H. Lipman
- Re: Removing W32.Hitapop Virus?
- From: Mike950
- Removing W32.Hitapop Virus?
- Prev by Date: RE: Removing W32.Hitapop Virus?
- Next by Date: Power Options for Limited User Change Unpredictably
- Previous by thread: Re: Removing W32.Hitapop Virus?
- Next by thread: Re: Removing W32.Hitapop Virus?
- Index(es):
Relevant Pages
|
