Re: hackarmy

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance

From: Sadie (anonymous_at_discussions.microsoft.com)
Date: 05/16/04 

Date: Sun, 16 May 2004 07:20:55 -0700

Excellent,George!

Have copied and pasted all you wrote.

Thank you,

Sadie
>-----Original Message-----
>Yes, changes are applied emediately and You don't have
to save anithing in
>Regedit.
>I assume You've done this in Safe Mode.
>Note: Hold down the SHIFT key while You are loggin on.
This will prevent
>programs in the RUN group from starting automatically.
>If You use Windows XP, You can try to write protect
those RUN folder (with
>regedit) after You delete the links:
>1. Browse to the RUN folder.
>2. Delete links that You want to remove.
>3. Click on the RUN folder, Edit, Permissions
> Click the [Advanced] button
> Fill the check-box that reads:
> Replace permissions on all child objects...
> Click Add and type in Everyone
> Fill the Deny boxes for (Set Value, Create Subkey)
> Click Add and type in System
> Fill the Deny boxes for (Set Value, Create Subkey)
> Click Add and type in Administrators
> Fill the Deny boxes for (Set Value, Create Subkey)
>
>Allso take a look to the startup folder:
>Start Menu, All programs, Startup (for Windows XP).
>Delete all unwanted items.
>This should prevent the virus from starting up
automatically.
>
>Consider using an antivirus program to clean infected
files.
>If possible, run a Full System Scan in Safe Move and
Delete Everithing that
>is infected.
>
>Good luck!
>George Valkov
>
>
>
>
>"Ian" <ipember@removethisfirst.msn.com> wrote in message
>news:#qZ8b#zOEHA.2740@TK2MSFTNGP11.phx.gbl...
>> I did the registry entries as advised. But when I
exit and restart the
>> rundll32 files reappear in the registry. The data
held for each rundll
>> files is as follows
>>
>> 1st: NVMediacenter
>> rundll32.exe NVMCtray.dll, nvtaskbarInit
>>
>> 2nd: NVcplDaemon
>> rundll32.exe x:\windows\systems32
\nvcpl.dll,nvstrtup
>>
>>
>> why are they running afetr i delete them from the
registry? Why is
>backweb
>> still runnin after I delete it from the registry?
After making registry
>> changes, presuamably you just exit (there is no "save"
option) and it
>saves
>> it?
>>
>>
>>
>>
>> "George Valkov" <null@somewhere.com> wrote in message
>> news:OYiAhHzOEHA.1276@TK2MSFTNGP11.phx.gbl...
>> > start run:
>> > regedit
>> > Browse to
>> >
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersi
on\Run]
>> > On the right side You see pregrams that will run for
the current user on
>> > startup.
>> > Browse to
>> >
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVers
ion\Run]
>> > On the right side You see pregrams that will run for
each user on
>startup.
>> >
>> > If You don't want a program to run, simply delere
the link on the right
>> > side.
>> > I suggest You do this in safe mode. Press F8 at
system startup and
>select
>> > Safe Mode from the menu.
>> >
>> > George Valkov
>> >
>> >
>> >
>> > "Ian" <ipember@removethisfirst.msn.com> wrote in
message
>> > news:#srCXQyOEHA.4036@TK2MSFTNGP12.phx.gbl...
>> > > My AVG found this "backdoor hackarmy" virus
recently and I deleted it
>> > after
>> > > I was told it couldn't be repaired. Will this
have completely removed
>> it
>> > do
>> > > you think?
>> > >
>> > > When I go into task manager, in process menu I cn
see two entries for
>> > > RUNDLL32.EXE (with different memory usage) what
is this all about?
>> > >
>> > > and finally (!!!) I also have a backweb.exe file
running on start up
>> > which
>> > > I think came with some Logitech software I ran to
install mouse etc.
>I
>> > > don't think I need this file and I understand that
it is spyware. I
>> have
>> > > run Adaware and spybot and as already mentioned, I
run AVG antivirus
>> > >
>> > >
>> > > hope you can help
>> > >
>> > >
>> > > ---
>> > > Outgoing mail is certified Virus Free.
>> > > Checked by AVG anti-virus system
(http://www.grisoft.com).
>> > > Version: 6.0.686 / Virus Database: 447 - Release
Date: 14/05/2004
>> > >
>> > >
>> >
>> >
>>
>>
>> ---
>> Outgoing mail is certified Virus Free.
>> Checked by AVG anti-virus system
(http://www.grisoft.com).
>> Version: 6.0.686 / Virus Database: 447 - Release Date:
14/05/2004
>>
>>
>
>
>.
>

Quantcast