How to Remove and Fixed Dangerous Trojan Horse

How to Remove and Fixed Dangerous Trojan Horse

I recently set a machine that was infected by a virus that works like this : Each time you click on a directory, an error message is displayed that goes like this : BQ. Attention, [name]! Some dangerous Trojans detected in his system. Microsoft Windows XP corrupted files. This can lead to the destruction of important files in C: \ WINDOWS. Download the software protection now!


This error message is followed by a dialog. Clicking on it takes you to the website http://free-viruscan.com/id/4912933/4/1/ (warning: The site is a fake intended to deceive the visitor into downloading and executing a program that create more virii. Do not interact with it).





Normally leads me 5 minutes to find a kill a virus, but today I am stumped. The manner in which the virus was operated unusual. Do not load any memory-resident programs. There are loaded at boot. It does not run a service.


Finally convinced that this was beyond my own power, I downloaded and ran
HijackThis. Still nothing. Now things were getting really interesting. I did not want to resort to the use of a virus. That would be too easy. He wanted to know what exactly does the virus and how.


After what seemed hours of research that eventually came to the FixIEDef program developed by ShadowPuterDude of Malwareteks. Ran was bye bye virus. The records showed the following entries :


Files that have been deleted!!!

C:\WINDOWS\system32\dadef.dll

C:\WINDOWS\system32\dapol.dll

C:\WINDOWS\system32\tmp.reg

C:\WINDOWS\system32\tmp.txt

Registry entries that have been removed!!!

HKEY_CURRENT_USER\SOFTWARE\Microsoft\bind “comment”

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BhoNew.BhoApp

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BhoNew.BhoApp.1

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2FF811E6-8925-4084-A649-C159955E67E8}

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{CAF9D798-C659-4B9B-8E19-EE27C3D04EE7}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2FF811E6-8925-4084-A649-C159955E67E8}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run “KernelFaultCheck”



I would like to know more about how it worked, but I suppose that should be happy and satisfied for the moment that the virus se ha ido.


Addendum : It seems that a new strain of this "Trojan horses dangerous virus comes out almost every week, if running the program does not solve the problem, or if you have any support requests, please visit the official website at http://www.malwareteks.com/


Source : http://dhuwuh.blogspot.com/2008/08/fix-attention-some-dangerous-trojan.html



Related Posts by Categories :


7 comments:

Anonymous said... on April 19, 2009 at 4:13 PM  

Keeping it running sufficiently.
When I first got my computer I didn’t realize how important having antispyware was to keeping it running sufficiently. However, it didn’t take very long for it to become perfectly clear. If you don’t have a good scan you will have many problems that could be avoided so easily. Search-and-destroy Antispyware is a great option when it comes to scanning for bugs that will help you keep your computer running at its peak efficiency. The antispyware solution from Search-and-destroy which you will find at http://www.Search-and-destroy.com will help give your PC the protection it needs to keep it in good working condition.

Advertisement said... on April 23, 2012 at 2:50 PM  

Wonderful post. This is most inspiring post. I love to read such kind of material. Blogger did a great job here.

Post a Comment

"Using DOFOLLOW System. Pease don`t SPAM!!!"

Thanks To Comment My Articles. God Bless You People.

Add to Technorati Favorites

Technorati Ping To Your Blog
Including Yours E-Mail Address To Subscribe New Tricks