Re: Backdoor.irc.ratsou.b

From: David H. Lipman (DLipman~nospam~_at_Verizon.Net)
Date: 11/18/04

Date: Thu, 18 Nov 2004 17:29:11 -0500

1) Download the following two items...

        Trend Sysclean Package

         Latest Trend signature files.

Create a directory.
On drive "C:\"
(e.g., "c:\New Folder")
or the desktop
(e.g., "C:\Documents and Settings\lipman\Desktop\New Folder")

Download SYSCLEAN.COM and place it in that directory.
Download the signature files (pattern files) by obtaining the ZIP file.
For example;

Extract the contents of the ZIP file and place the contents in the same directory as

2) If you are using WinME or WinXP, disable System Restore
3) Reboot your PC into Safe Mode
4) Using the Trend Sysclean utility, perform a Full Scan of your platform and
        clean/delete any infectors found
5) Restart your PC and perform a "final" Full Scan of your platform
6) If you are using WinME or WinXP, Re-enable System Restore and re-apply any
        System Restore preferences, (e.g. HD space to use suggested 400 ~ 600MB),
7) Reboot your PC.
8) If you are using WinME or WinXP, create a new Restore point
9) Please report back your results


"Steph" <> wrote in message
| Good Morning
| I was wondering if anyone knows how to remove this trojan ?
| I have a laptop that seems to get infected almost automaticaly !!
| I ran all sorts of anti Spy software and also a util called
| Hijackthis.
| as soon as the laptop get's on the network it seems as it starts doing
| a DOS attack and the website keeps poping up !!
| Any info on how to get rid of this would be appreciated
| Thank you
| Baypctek