|
Posted by pcbutts1 on January 18, 2008, 8:14 pm
If you were Registered and logged in, you could reply and use other advanced thread options
diagnostic program called What's live RN, that will generate a log file
which is much more in depth and more detailed then HJT. Send me a copy of
that log file for analysis. You can download both from my website here
http://pcbutts1.com/downloads/tools/tools.htm
--
Newsgroup Trolls. Read about mine here http://www.pcbutts1.com/downloads
The list grows. Leythos the stalker http://www.leythosthestalker.com, David
H. Lipman, Max M Wachtell III aka What's in a Name?, Fitz, Beauregard T.
Shagnasty,Rhonda Lea Kirk, Meat Plow, F Kwatu F, George Orwell
> CORRECTION:
>> - Use regedit in Safe Mode. Delete registry keys that should be there (I
>> know they're created by trojan).
>
> Delete registry keys that should NOT be there (I know... )
>
>
>>I have a Windows XP Home SP2 PC infected with Vundo trojan. Norton AV
>>detects it but can't remove it. I've used Vundo removal tools from a few
>>sites. None can remove it. I've also done manual removal by deleting files
>>and registry entries. That does not work either (and yes I always boot
>>into safe mode).
>>
>> Here's a list of things that I have done (Note: I do all my virus removal
>> work in Safe Mode. Never in normal mode):
>>
>> - Boot into Safe Mode.
>>
>> - Use VundoFix from atribune.org to scan and clean Vundo. It detects and
>> deletes a few files. Some malicious DLLS (for example GEBXVTT.DLL in
>> C:\Windows\System32) can not be deleted (in use by other program).
>>
>> - Restart the system and use NTFS4DOS from free-av.com to (clean) boot
>> into command prompt with NTFS support to remove malicious DLL files
>> created by the trojan. Delete all infected files that VundoFix fails to
>> delete in safe mode. All bad files are successfully deleted.
>>
>> - Restart the system into Safe Mode. Malicious files gets recreated.
>> They're back in place.
>>
>> - Use regedit in Safe Mode. Delete registry keys that should be there (I
>> know they're created by trojan). Key gets recreated in a split second as
>> soon as I delete it. This is why I know the trojan is alive in safe mode.
>>
>> - Remove the (infected) HD and install the HD in a clean PC as secondary
>> master. Then boot the PC (primary master - clean OS with Antivir virus
>> software installed). The system detects a new HD but does not assign a
>> drive letter. This means I can't access the data in the HD. Windows Disk
>> Management shows the new HD but does not 'mount' it or assign a drive
>> letter.
>>
>> I run out of ideas. My last resort would be reformat HD and reinstall the
>> OS but I don't want to lose the data. If I back it up, I'm afraid the
>> trojan will reinfect the PC when data is restored.
>>
>> Anyone has any ideas? Thanks.
>>
>
>
| 
XML site map