Re: Trojan Downloader
- From: Elmo <elmogeek@xxxxxxxxxxxxx>
- Date: Thu, 17 Jan 2008 09:03:57 -0500
David H. Lipman wrote:
From: "GS" <gsmsnews.microsoft.comGS@xxxxxxxxxxxxxxxxx>
| have you try safe mode?
| system restore roll back prior to the infection?
|
| if still fails, disable system restore
| How to turn off or turn on Windows XP System Restore"
| in safe mode
| WARNING: Symantec strongly recommends that you back up the registry before
| making any changes to it. Incorrect changes to the registry can result in
| permanent data loss or corrupted files. Modify the specified keys only. Read
| the document, "How to make a backup of the Windows registry," for
| instructions.
|
| ----------------------------------------------------------------------------
| ----
|
| 1.. Click Start, and then click Run. (The Run dialog box appears.)
| 2.. Type reedit
|
| Then click OK. (The Registry Editor opens.)
|
| 3.. Navigate to each of these keys:
|
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
| HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
| 4.. For each one, in the right pane, delete any values that refer to any
| files that were detected as Downloader.Trojan.
|
| 5.. Exit the Registry Editor.
| you should be able to delete the file by now, actually once in safe mode you
| should be able to delete the file
|
| my philosohy is if not microsoft, Symantec, CA, Mcafee, or other vendors I
| deal with or some major ISV of the above, I don't download
|
The file; C:\WINDOWS\system 32\ljjjgff.dll
is a DLL, not an EXE, it is NOT loaded via the Registry Run locations.
This DLL file is protected by the OS via a BHO and via the DLL being loaded winlogin/notify
Thanx for trying but...
you missed the mark
Is it anywhere in the registry, perhaps with "Rundll32.exe " before it? If so, try this from Safe Mode. Afterwards, restart in Safe Mode again. The file shouldn't be running, and can be deleted:
Click Start, Run, type REGEDIT, click OK. Press the Home key, press F3, type the name of the file into the search pane. Click "Find Next", and when located, delete the reference to the file. Press F3 to continue the search.
If ljjjgff.dll follows "explorer.exe ", (but I don't think it can), edit out " ljjjgff.dll". If you find any references to it in the registry, but aren't sure they can be safely removed, post what you find.
You can click File, Export, and save the entry to the Desktop. If you remove it and there's a problem, double-click the .reg file you exported to the Desktop and it'll be added to the registry again. You can create a restore point before editing the registry too.
You could click Start, Run, type MSCONFIG, click OK, click the StartUp tab, and deselect the item(s). When you restart the computer, you will be warned that you're running in the Diagnostic mode; click to not alert you again, and OK out. You won't see the message again. But I think it's best to just remove the references from the registry.
--
Joe =o)
.
- Follow-Ups:
- Re: Trojan Downloader
- From: David H. Lipman
- Re: Trojan Downloader
- References:
- Re: Trojan Downloader
- From: GS
- Re: Trojan Downloader
- From: David H. Lipman
- Re: Trojan Downloader
- Prev by Date: Re: Is Bootability from USB Stick an USB Stick feature or motherboard dependent or both ? Detecting with software tool possible ?
- Next by Date: Re: Copying Dialers to New Computer? XP Home
- Previous by thread: Re: Trojan Downloader
- Next by thread: Re: Trojan Downloader
- Index(es):
Relevant Pages
|
|
