Re: Backdoor.irc.ratsou.b

From: David H. Lipman (DLipman~nospam~_at_Verizon.Net)
Date: 11/18/04


Date: Thu, 18 Nov 2004 17:29:11 -0500

1) Download the following two items...

        Trend Sysclean Package
         http://www.trendmicro.com/download/dcs.asp

         Latest Trend signature files.
         http://www.trendmicro.com/download/pattern.asp

Create a directory.
On drive "C:\"
(e.g., "c:\New Folder")
or the desktop
(e.g., "C:\Documents and Settings\lipman\Desktop\New Folder")

Download SYSCLEAN.COM and place it in that directory.
Download the signature files (pattern files) by obtaining the ZIP file.
For example; lpt253.zip

Extract the contents of the ZIP file and place the contents in the same directory as
SYSCLEAN.COM.

2) If you are using WinME or WinXP, disable System Restore
        http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm
3) Reboot your PC into Safe Mode
4) Using the Trend Sysclean utility, perform a Full Scan of your platform and
        clean/delete any infectors found
5) Restart your PC and perform a "final" Full Scan of your platform
6) If you are using WinME or WinXP, Re-enable System Restore and re-apply any
        System Restore preferences, (e.g. HD space to use suggested 400 ~ 600MB),
7) Reboot your PC.
8) If you are using WinME or WinXP, create a new Restore point
9) Please report back your results

Dave

"Steph" <baypctek@sympatico.ca> wrote in message
news:739e05c6.0411180853.4635b788@posting.google.com...
| Good Morning
| I was wondering if anyone knows how to remove this trojan ?
| I have a laptop that seems to get infected almost automaticaly !!
| I ran all sorts of anti Spy software and also a util called
| Hijackthis.
| as soon as the laptop get's on the network it seems as it starts doing
| a DOS attack and the amateur.gayspace.com website keeps poping up !!
| Any info on how to get rid of this would be appreciated
|
| Thank you
| Baypctek



Relevant Pages

  • Re: lsass.exe and logonui.exe have high cpu usage
    ... (e.g., "c:\New Folder") ... Download Sysclean.com and place it in that directory. ... If you are using WinME or WinXP, disable System Restore ...
    (microsoft.public.windowsxp.security_admin)
  • Re: chickens pecking at my ports
    ... (e.g., "c:\New Folder") ... Download Sysclean.com and place it in that directory. ... If you are using WinME or WinXP, disable System Restore ...
    (alt.computer.security)
  • Re: Sasser / w32/sdbot.worm virus
    ... (e.g., "c:\New Folder") ... Download sysclean.com and place it in that directory. ... If you are using WinME or WinXP, disable System Restore ...
    (microsoft.public.windowsxp.security_admin)
  • Re: Trojan additional
    ... (e.g., "c:\New Folder") ... Download Sysclean.com and place it in that directory. ... If you are using WinME or WinXP, disable System Restore ...
    (microsoft.public.windowsxp.general)
  • Re: IE Homepage Hijack - Naupoint
    ... (e.g., "c:\New Folder") ... Download Sysclean.com and place it in that directory. ... If you are using WinME or WinXP, disable System Restore ...
    (microsoft.public.windowsxp.general)