Welcome, Guest: Register On Nairaland / LOGIN! / Trending / Recent / NewStats: 3,195,045 members, 7,956,891 topics. Date: Monday, 23 September 2024 at 09:44 PM |
Nairaland Forum / Science/Technology / Computers / Removing VBS Redlof and Trojan.Startpage (2851 Views)
How To Remove Win32 Trojan Virus That Turns Your Files To Shortcut / Removing Desktop.in Permanently In Windows 8 And 8.1 / Dealing With Trojan Infected Emails and Spammers (2) (3) (4)
Removing VBS Redlof and Trojan.Startpage by lordimpaq(m): 1:16pm On Jul 28, 2005 |
Xoftspy doesn't work. So does norton 2005, neither does AVG or Avast. They keep popping up and they compromise my speed. Help! |
Re: Removing VBS Redlof and Trojan.Startpage by joftech(m): 2:29pm On Jul 28, 2005 |
Redlof na stupid virus. it's replicate itself in almost all the folders in the infected PC and this makes opening of folders slow down a lil bit, it was written in VBScript and some part of the code refer to Microsoft, i think this was a plot to make it seems like a legitimate file from MS. The virus has these files folder.htt and desktop.ini. The only way i manage to eradicate it from my network was by using Antivir. You can download it from www.free-av.com, it's free. Then update it, if you don't it will not detect redlof. Once you are through with scanning a system you must do the same for all the systems in your network if you have one, am sure other systems will be infected too. |
Re: Removing VBS Redlof and Trojan.Startpage by lordimpaq(m): 3:17pm On Jul 28, 2005 |
thanks joftech |
Re: Removing VBS Redlof and Trojan.Startpage by Hunter(m): 7:55am On Jul 29, 2005 |
also try running your anti-virus in safemode, because alot of process's don't start in safe mode |
Re: Removing VBS Redlof and Trojan.Startpage by joftech(m): 8:02am On Jul 29, 2005 |
also try running your anti-virus in safemode, because alot of process's don't start in safe mode am not sure that will fix the problem, if the virus process is not running how is the antivirus going to find and remove the virus. It can only remove files that are signature to the virus. But i think it make more sense to run the antivirus in normal mode. |
Re: Removing VBS Redlof and Trojan.Startpage by Weymola(m): 11:05am On Jul 29, 2005 |
joftech:also try running your anti-virus in safemode, because alot of process's don't start in safe mode joftech I have to agree with Hidden Hunter - it is better to run Antivirus scans in safe mode where applicable. There are agreed steps one can take to ensure that any infected PC can be cleaned with the least about of effort, and running scans in safe mode is one of them. The reason for this is to stop the code in question form auto starting as windows starts. These apps tend to run processes that can be very difficult to end as they just reproduce themselves. Normally the applications come onto a PC disguised as something else then run on a PC as processes that only a keen eye can spot. So when removing these programs one needs to ensure that you remove both the installed process, and the initial disguised downloaded payload. In my experience the best way to deal with this type of problem is to first of all research the virus and obtain its name then download if possible a good cleaning tool written specifically for it e,g stinger. Or download a good antivirus software (I use trend micro, and AVG) and it associated updates and install them all. Then disable if applicable system restore, and delete any temporary files or cached internet explorer files. Next boot into safe mode and run a scan of your PC. When this process does not work then you know you’re in for a bit of a battle. I personally am always prepared for these types of battle and have bootable CD’s that contains the tools I need to clean an infected PC without having to install them on the infected PC itself. Here’s some info from Trend micro on how to remove the VBS REDLOF virus mentioned in this tread. MANUAL REMOVAL INSTRUCTIONS Removing Autostart Entries from the Registry Removing autostart entries from registry prevents the malware from executing during startup. 1. Open Registry Editor. Click Start>Run, type REGEDIT then press Enter. 2. In the left panel, double-click the following: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\ CurrentVersion\Run 3. In the right panel, locate and delete the entry: Kernel32="%System%\Kernel.dll" or Kernel32=”%System%\Kernel32.dll” *Where %System% refers to the System folder, which is usually C:\Windows\System (Windows 9x and ME), or C:\WINNT\System32 (Windows NT and 2000), and C:\Windows\System32 (Windows XP). 4. Close the Registry Editor. Addressing Registry Shell Spawning Registry shell spawning executes the malware when a user tries to run a DLL file. The following procedures should restore the registry to its original state: 1. Open Registry Editor. Click Start>Run, type REGEDIT.EXE then press Enter. 2. In the left panel, double-click the following: HKEY_CLASSES_ROOT>dllfile>shell>open 3. Still in the left panel, select the “open folder” key by right-clicking its folder icon. Select the Delete command from the pop-up menu. 4. Repeat steps 2 and 3 for the following registry key folders: HKEY_CLASSES_ROOT\dllfile\ScriptEngine HKEY_CLASSES_ROOT\dllfile\shellex HKEY_CLASSES_ROOT\dllfile\ScriptHostEncode 5. Close the Registry Editor. Restoring Deleted System file To enable your system to function properly, restore the file %System%\Kernel32.dll using your original Windows installation CD or from a reliable backup source. Applying Patches The malware runs on infected systems with unpatched VM ActiveX component vulnerability. Visit the Microsoft Security Bulletin (MS00-075) for patch links and more information on this vulnerability. Well I hope this helps 1 Like |
Re: Removing VBS Redlof and Trojan.Startpage by joftech(m): 11:42am On Jul 29, 2005 |
I normally use HijackThis to remove programs that i don't want to start at system startup, and i normally use prcview(www.prcview.com) to terminate these unwanted processes. The fun of having to deal with them this way is just too great, even that way i get to know their mode of operation. I have used the method in my earlier post to remove that same virus several times and it worked smoothly. |
Re: Removing VBS Redlof and Trojan.Startpage by Weymola(m): 12:11pm On Jul 29, 2005 |
Joftech HijackThis is a great utility that I carry as part of my arsenal of tools also, and agreed it is great for viewing and stopping processes, but I think autoruns by sysinternals is even better i suggest you download a copy for you collection. I have never used Prcview so will have a look at it. The only issue I have with these types of applications is that in resloving a virus problem you may stop the process but not the root cause which these applications can not identify. Some viruses I have dealt with render the PC useless, such that you cant connect to the web to update Antivirus signatures, and you can't run any executables either and so you stuck. I have bad instances where the virus was remove or resurfaced hours later - due to the root cause not being eliminated completely. From your post it appears you have the time to deal with these types of problems. I run an IT services business and our customers pay us by the hour to reslove their IT woes. So if I can remove a virus in say 1 -2 hrs or less then I stand a good chance of repeat business. So speed is very important there is no time to play with these problems as the clock is ticking. |
Re: Removing VBS Redlof and Trojan.Startpage by Niggy(m): 1:24pm On Jul 29, 2005 |
you can easily edit the programs that startup with windows by doing this: Go to START--> RUN: Then type msconfig Go through the tabs and remove programs you don't want to startup with windows Then reboot, i mean restart by doing shutdown -r or shutdown -r -t ( to specify any time) I've not had anything to do with this redlof of a thing since i switched to linux fedora core 4. lol |
Re: Removing VBS Redlof and Trojan.Startpage by Hunter(m): 2:07pm On Jul 29, 2005 |
problem is niggy there are many way's to hide programs from showing up in msconfig (they're are even a few good reasons why you would want to do this as well) |
Re: Removing VBS Redlof and Trojan.Startpage by Weymola(m): 2:39pm On Jul 29, 2005 |
I agree with Hidden Hunter, msconfig does give you access to autostart entries as listed in the registry or under other users profiles. Hijackthis, and Autoruns allows access to this information as well as other useful bits like browser settings example. |
Re: Removing VBS Redlof and Trojan.Startpage by Chxta(m): 6:43pm On Jul 29, 2005 |
Another thread gone off-topic cos nairaland has too many good computer men... |
Re: Removing VBS Redlof and Trojan.Startpage by lordimpaq(m): 10:48am On Jul 30, 2005 |
Chxta: yeah rite....i don't even know which one to chose and its still killing my system.....i'd rather switch to linux... |
Re: Removing VBS Redlof and Trojan.Startpage by Niggy(m): 9:42am On Aug 01, 2005 |
@lordimpaq, welcome to the 'Heaven' of OPENSOURCE !!!The Angels are rejoicing! |
Re: Removing VBS Redlof and Trojan.Startpage by morpheous: 6:50am On Dec 27, 2005 |
guys i felt that to remove the redlof - i needed to download a number of Anti Virus kits including AV, AVG, Avast and Solo too but then sometimes its easier to try to simple ways i went to folder options and unhid the system files and in the search mode of the win explorer searched for all the .htt and .ini and deleted the files ( desktop.ini & folder.htt). although not all the files were deleted, those which relented, i deleted them with the "V" explorer regards now please tell the best free server based av kit morpheoous |
(1) (Reply)
Brand New Acer Aspire E-1572 For Sale / Computer Repair And Sales / USA Used Apple MacBook Pro, Corei5, 500gb HDD, 8gb RAM 13inch
(Go Up)
Sections: politics (1) business autos (1) jobs (1) career education (1) romance computers phones travel sports fashion health religion celebs tv-movies music-radio literature webmasters programming techmarket Links: (1) (2) (3) (4) (5) (6) (7) (8) (9) (10) Nairaland - Copyright © 2005 - 2024 Oluwaseun Osewa. All rights reserved. See How To Advertise. 31 |