Re: Backdoor.cabro in registry or start up, i am noob please guide me ?

From: fred (tha_at_isaniiiicepair)
Date: 10/27/04

  • Next message: David H. Lipman: "Re: Backdoor.cabro in registry or start up, i am noob please guide me ?"
    Date: Wed, 27 Oct 2004 04:06:41 +0100
    
    

    Cheers Dave, I have WinME, so I disabled system restore, ran Updated
    NoAdaware, it found 3 registry entry problems:
    Troj_Agent_BM H_Key Local M\software\microsoft\Internet Explorer\URL Search
    Hooks
    A HK Local_M\soft\ms\Kazaa (but i use kazaa+ + and these probs were here
    before i got kazaa ++)
    and a W32.Lovegate.AD@m HK Current\software\micsft\ Windows NT (which there
    were 2 entries, not next to each other, 2 lines apart)\current version \
    Windows : run<(which i could not find in either Win NT ..the :run bit ??)
    I also did a spybot s+d, and it found 3 things and deleted 'em i forgot to
    write these down,
    I ran a STINGER before I even did the whole of this process, with an updated
    avert stinger ?
    I am currently now running a Noadaware again, after restarting, in normal
    mode, I have got the Kazaa 1 back (as a reported problem) the Lovegate 1 has
    sodded off, :-)
    And the W32 lovegate 1 is still there, although i could not find that run
    key..
    I am going to enable system restore, is that the right thing to do please
    Mike ? and cheers fer advice, Reason I never got sysclean trend 1's was
    inability to download, i couldn't see wich 1 i was meant to get ?? totally
    useless with comps,
    Last thing, I changed the URL searchook from a number e.g.
    {11000r5677dgui877fffeee}.type thing to it now has a IE blue key with value
    6 for C:\Prog files\Int Exp\IEXPLORE.EXE so don't know why it is giving the
    Trojan still , huh ?
    Chers fer time mate, any ideas why Search hook thing is still there, and
    should i enable sys restore ?
    All Best Fred


  • Next message: David H. Lipman: "Re: Backdoor.cabro in registry or start up, i am noob please guide me ?"