W32/Backdoor.KPI

W32/Backdoor.KPI
Secure Home | Search | About
Login Password
Register Now! Lost Password?
 Microsoft Antivirus Discussions    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content add this group's latest topics to your Google content
Subject Author Date
W32/Backdoor.KPI antioch 05-25-2006
Posted by antioch on May 26, 2006, 8:31 pm
If you were  Registered and logged in, you could reply and use other advanced thread options

>
>
> |
> | I can follow that.
> | What if I went back to registry and changed it back to D - it would then
> | look in the WinXP disk - or am I wrong.
> | OR I have not put that i386 into the C drive properly?
> | Antioch
> |
>
> It would specifically look for the i386 folder on the "D:" drive if you
> changed the Registry
> back to D:\ .
>
>
> --
> Dave
> http://www.claymania.com/removal-trojan-adware.html
> http://www.ik-cs.com/got-a-virus.htm
>
OK then. It does not want to find it in C drive so I will see if it
prefers D drive - the CD-ROM.
Antioch



Posted by antioch on May 26, 2006, 9:13 pm
If you were  Registered and logged in, you could reply and use other advanced thread options

>
>>
>>
>> |
>> | I can follow that.
>> | What if I went back to registry and changed it back to D - it would
>> then
>> | look in the WinXP disk - or am I wrong.
>> | OR I have not put that i386 into the C drive properly?
>> | Antioch
>> |
>>
>> It would specifically look for the i386 folder on the "D:" drive if you
>> changed the Registry
>> back to D:\ .
>>
>>
>> --
>> Dave
>> http://www.claymania.com/removal-trojan-adware.html
>> http://www.ik-cs.com/got-a-virus.htm
>>
> OK then. It does not want to find it in C drive so I will see if it
> prefers D drive - the CD-ROM.
> Antioch


Well, David, I didn't go into regedit first - I loaded the WinCD-ROM -
cancelled the 'what do you want to do/ window, then did OK to scannow and
off went the CD-DVD drive - I never heard it work so hard - I got a small
window pop-up titled Win file protection and it said please wait etc etc
..in their original versions.
After 30 mins or so the drive stopped and the window disappeared.
I re-booted and so far all seems OK. If it had not worked I assume I would
have had some report or something. Nothing has shown in event viewer since
the start time I did the scannow.
What do you recon?
Antioch



Posted by David H. Lipman on May 27, 2006, 12:31 pm
If you were  Registered and logged in, you could reply and use other advanced thread options

|
| Well, David, I didn't go into regedit first - I loaded the WinCD-ROM -
| cancelled the 'what do you want to do/ window, then did OK to scannow and
| off went the CD-DVD drive - I never heard it work so hard - I got a small
| window pop-up titled Win file protection and it said please wait etc etc
| ..in their original versions.
| After 30 mins or so the drive stopped and the window disappeared.
| I re-booted and so far all seems OK. If it had not worked I assume I would
| have had some report or something. Nothing has shown in event viewer since
| the start time I did the scannow.
| What do you recon?
| Antioch
|

If you remain quiescent, you are probably OK.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm



Posted by antioch on May 27, 2006, 1:31 pm
If you were  Registered and logged in, you could reply and use other advanced thread options

>
> |
> | Well, David, I didn't go into regedit first - I loaded the WinCD-ROM -
> | cancelled the 'what do you want to do/ window, then did OK to scannow
> and
> | off went the CD-DVD drive - I never heard it work so hard - I got a
> small
> | window pop-up titled Win file protection and it said please wait etc etc
> | ..in their original versions.
> | After 30 mins or so the drive stopped and the window disappeared.
> | I re-booted and so far all seems OK. If it had not worked I assume I
> would
> | have had some report or something. Nothing has shown in event viewer
> since
> | the start time I did the scannow.
> | What do you recon?
> | Antioch
> |
>
> If you remain quiescent, you are probably OK.
>
> --
> Dave
> http://www.claymania.com/removal-trojan-adware.html
> http://www.ik-cs.com/got-a-virus.htm


Quiescent?????
Me or the computer? Both I suppose.
I didn't really feel calm etc till about lunch-time today.
The only thing I did notice was on shutdown/log off, the desktop flicked on
and off a couple of time during this sequence.
I can't thank you enough for the stalwart support through this horrible
situation. I must have tried your patience.
I shall do a little bit of research on this backdoor thing tonight. Would
like to see from whence it came.
O.T - Twinings - yes a lovely tea.
But if you swapped your packet for mine, neither of us would probably like
what we were drinking.
Many years ago, when Brit holiday makers started to go to Spain and Portugal
for holidays they took their favourite tea with them. Most used to find
that it was no better than that supplied in those countries.
Now, I don't know if Twinings and other top tea makers still do this, but
here in the UK, tea was blended with subtle differences to account for the
differing waters that came out of peoples taps.
Many thanks again for your help.
Take care
Rgds
Antioch
'You cant educate pork' - but he had his first ever visit to Registry and
learnt something. It was worse than a visit to the vet.


>
>



Posted by David H. Lipman on May 27, 2006, 1:48 pm
If you were  Registered and logged in, you could reply and use other advanced thread options



Replies are inline...

| Quiescent????? Me or the computer? Both I suppose.


The computer silly :-)


| I didn't really feel calm etc till about lunch-time today.
| The only thing I did notice was on shutdown/log off, the desktop flicked on
| and off a couple of time during this sequence.
| I can't thank you enough for the stalwart support through this horrible
| situation. I must have tried your patience.
| I shall do a little bit of research on this backdoor thing tonight. Would
| like to see from whence it came.
| O.T - Twinings - yes a lovely tea.


That and Red Rose are probably the best we get here in the states. I live of of
tea !


| But if you swapped your packet for mine, neither of us would probably like
| what we were drinking.
| Many years ago, when Brit holiday makers started to go to Spain and Portugal
| for holidays they took their favourite tea with them. Most used to find
| that it was no better than that supplied in those countries.
| Now, I don't know if Twinings and other top tea makers still do this, but
| here in the UK, tea was blended with subtle differences to account for the
| differing waters that came out of peoples taps.
| Many thanks again for your help.
| Take care
| Rgds
| Antioch
| 'You cant educate pork' - but he had his first ever visit to Registry and
| learnt something. It was worse than a visit to the vet.
|

Always willing to help as best that I can.
I am glad that that you didn't say it was worse than a visit to the dentist !
:-)

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm




The site map in XML format XML site map

Contact Us | Privacy Policy