|
|
#1
July 23rd, 2007, 11:06 PM
|
||||
|
||||
NOD32 Alert problem
Kindly look at the attachment
One of the client have problem to this. Please see my solution is ok Please give me feddback about this. Try this manual removal virus. But be carefull to do this. After two cups of black coffee while my little noisy son is 'eating rice with angels' (literal translating of arabic expression means sleeping) i found out the fellowing : Every time detects the malicious exe files it misses (and so do i) at least one of them so it recreate itself when i double-click the drive again! This time I manually deleted all the malicious files, removed the svchost.exe from registy so it doesn't run at start up anymore and then i did reboot my computer! But the "Aoutrun" item still there and when i double-click the drive, an error message appears saying that theres no such file called copy.exe! I then regedit, did some search and found out these three registry keys that are apparently added by the virus to add an item to the context menu for every drive I have in my computer C, D and E : CODE [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\ {a8b69ec0-bff7-11da-bcaf-806d6172696f}\Shell]@="AutoRun" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\ {a8b69ec0-bff7-11da-bcaf-806d6172696f}\Shell\AutoRun\command]@="C:\\WINDOWS\\system32\\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\ {a8b69ec1-bff7-11da-bcaf-806d6172696f}\Shell]@="AutoRun" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\ {a8b69ec1-bff7-11da-bcaf-806d6172696f}\Shell\AutoRun\command] @="C:\\WINDOWS\\system32\\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\ {a8b69ec3-bff7-11da-bcaf-806d6172696f}\Shell]@="AutoRun" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\ {a8b69ec3-bff7-11da-bcaf-806d6172696f}\Shell\AutoRun\command] @="C:\\WINDOWS\\system32\\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe" I deleted those keys and the item disappeared and the 'Open' item came back to the top of the menu as the default selection so when I double-click the drive it normally shows the contents of it in the same window and no exe files are created! Thank you, Reymar A. Santos Technology Support Group Valueline Systems and Solutions Corporation 2nd Flr., J & L Building, No. 23 Matalino Street, Central District Diliman, Quezon City Philippines, 1100 Phone # : +632 925.7623 Fax # : +632 925.2174 |
| « Previous Thread | Next Thread » |
| Thread Tools | Search this Thread |
|
|
