Archived from groups: microsoft.public.windowsxp.security_admin (
More info?)
Dear David:
Well, I think I was able to rectify the infection problem.
I followed your recommendations but was not able to implement the mcafee
scan. The download to the zip file went okay but I was not able to open and
scan. I tried updating my Norton Virus/Security application but this also
could not be done. Then I was trying to access the my-etrust website which
also was (and still is) unsuccessful. I was able to download the avast virus
remover but the scan did not reveal any problems, in fact only SpyWare Doctor
scan highlighted the problem but could not remove the virus. I then
downloaded successfully AntiVir and the subsequent scan not only revealed the
problem but also prompted me to remove this file. I was very delighted to say
the least. Thereafter I was able updating the Norton application and a
subsequent scan also revealed the same problem which Norton fixed (removed)
as well. ( I am not quite sure how this can happen, but I don't really care
as long as the virus is out of my computer). The problem was identified as
Item: Lien Van de Kelderrr.VIR, Virus Name: W32.MytobCU@mm
This probably makes more sense to you than it does to me. I also run a
couple of scans with SpyWare Doctor and it appears that the 'Worm' has
disappeared.
Now, could I please test your patience one more time. Based on the apparent
sucessful removal of the Worm/Virus, can I assume that my system is
relatively save and secure again? Also, with respect to the System
Configeration Utility, I noticed that Lien Van de Kelderrr is still in the
Startup facility, i.e. Startup Item: Lien Van de Kelderrr, Command: Lien Van
de Kelderrr...., Location: SOFTWARE\Microsoft\Windows\CurrentVersion\Run.
Naturally, I unchecked this item and thus the Startup selection changed from
Normal Startup to Selective Startup. Could you please advise as how to
remove/delete the Lien Van de Kelderrr item complete with check box from the
Startup Item so I can revert to the Normal Startup mode.
Again, thank so much for your kind support and valuable assistance.
With all good wishes
Kayman.
"David H. Lipman" wrote:
> From: "Kayman" <Kayman@discussions.microsoft.com>
>
> | I received a fake e-mail message and opened the attacment.
> | After completing a Spyware scan I found that my computer is infected.
> | Indications are that a known good site may be hijacked. Adware, Spyware and
> | phishing sites may use the Window hosts file to redirect my brwser to a
> | malicious site when trying to access a valid site such as my bank account.
> | The infection level is HIGH.
> | I am on Windows XP SP2installed with Norton Internet security and Antivirus,
> | also Spybot Search & Destroy, Spyware Doctor and Ad-Aware.
> | Naturally I am not doing any banking over the internet. Could somebody
> | please advise what to do to bring my computer back in safe operating mode
> | i.e. removing the key logger from my system.
> | Thank you in advance for you kind consideration.
> | With best regards
>
> You mentioned non-viral anti malware applications. You have not shown to use anti virus
> software.
>
> I can suggest the following with CA eTrust being the preferred AV application.
>
> AVAST -
>
http://www.avast.com/i_idt_1016.html - FREE
>
> AntiVir -
> http://www.free-av.com/ - FREE
>
> AVG -
>
http://free.grisoft.com/freeweb.php/doc/2/lng/us/tpl/v5 - FREE
>
> CA eTrust -
>
http://www.my-etrust.com/microsoft/index.cfm - FREE for one year.
> { Free offer ends 8/1/05 }
>
> The *best* defense is not software, it is yOU. You have to practive Safe Hex to prevent
> malicious software.
>
>
http://www.claymania.com/safe-hex.html
>
> The following uses the McAfee Command Line Scanner and should clean your computer...
>
> Dump the contents of the IE Temporary Internet Folder cache (TIF)
> Start --> Settings --> Control Panel --> Internet Options --> Delete Files
>
> Dump the contents of the Mozilla FireFox Cache { if you use FireFox }
> Tools --> Options --> Privacy --> Cache --> Clear
>
>
> Download CLEAN.EXE from the URL --
>
http://www.ik-cs.com/programs/virtools/clean.exe
>
> It is a self-extracting ZIP file that contains the Kixtart Script Interpreter
> {
http://kixtart.org Kixtart is CareWare } three batch files, two Kixtart scripts, two Link
> (.lnk) files and a PDF instruction file.
>
> GETFILES.BAT -- For downloading (FTP) the files needed to run the McAfee Command Line
> Scanner. You may have to disable your FireWall or allow FTP.EXE to go through your FireWall
> to allow the FTP utility to download the needed files
>
> CLEAN.BAT -- For running within Windows after running c:\mcafee\GetFiles.BAT. If you choose
> to scan again at a future date, run this batch file. It will automatically check the date
> of the McAfee DAT files and if it is a couple of days old, it will download (FTP) the latest
> signature files and install them before performing the scan.
>
> DOSCLEAN.BAT -- For use on a Win9x/ME PC or on a Win2K/WinXP PC that is using FAT32 after
> you have booted from an Emergency Boot Disk or DOS disk and have already executed;
> c:\mcafee\GetFiles.BAT from within Windows. DOS disk boot images can be obtained from;
>
http://www.bootdisk.com/bootdisk.htm
>
> I need you to perform the following...
>
> Execute; CLEAN.EXE
> Choose; Unzip
> Choose; Close
>
> Execute; c:\mcafee\GetFiles.BAT
> { or Double-click on 'GetFiles Link' in c:\mcafee }
>
> Reboot the PC into Safe Mode [F8 key during boot]
>
> Shutdown as many applications as possible !
> It would also help for you to read - "How to perform a clean boot in Windows XP"
>
http://support.microsoft.com/kb/310353
>
> Execute; c:\mcafee\CLEAN.BAT
> { or Double-click on 'Clean Link' in c:\mcafee }
>
> A final report in HTML format called C:\mcafee\ScanReport.HTML will be generated. At the
> end of the scan, it will be displayed in your browser (Opera, FireFox or Internet Explorer).
> It is suggested that you move the report out of c:\mcafee before performing another scan.
> It would be a good idea to scan in Safe Mode and in Normal Mode and save a copy of the HTML
> report for each session.
>
>
> * * * Please report back your results * * *
>
>
>
> --
> Dave
>
http://www.claymania.com/removal-trojan-adware.html
>
http://www.ik-cs.com/got-a-virus.htm
>
>
>
Facebook
Twitter
Instagram