If you need assistance, please send an email to forum at 4hv dot org. To ensure your email is not marked as spam, please include the phrase "4hv help" in the subject line. You can also find assistance via IRC, at irc.shadowworld.net, room #hvcomm.
Support 4hv.org!
Donate:
4hv.org is hosted on a dedicated server. Unfortunately, this server costs and we rely on the help of site members to keep 4hv.org running. Please consider donating. We will place your name on the thanks list and you'll be helping to keep 4hv.org alive and free for everyone. Members whose names appear in red bold have donated recently. Green bold denotes those who have recently donated to keep the server carbon neutral.
Special Thanks To:
Aaron Holmes
Aaron Wheeler
Adam Horden
Alan Scrimgeour
Andre
Andrew Haynes
Anonymous000
asabase
Austin Weil
barney
Barry
Bert Hickman
Bill Kukowski
Blitzorn
Brandon Paradelas
Bruce Bowling
BubeeMike
Byong Park
Cesiumsponge
Chris F.
Chris Hooper
Corey Worthington
Derek Woodroffe
Dalus
Dan Strother
Daniel Davis
Daniel Uhrenholt
datasheetarchive
Dave Billington
Dave Marshall
David F.
Dennis Rogers
drelectrix
Dr. John Gudenas
Dr. Spark
E.TexasTesla
eastvoltresearch
Eirik Taylor
Erik Dyakov
Erlend^SE
Finn Hammer
Firebug24k
GalliumMan
Gary Peterson
George Slade
GhostNull
Gordon Mcknight
Graham Armitage
Grant
GreySoul
Henry H
IamSmooth
In memory of Leo Powning
Jacob Cash
James Howells
James Pawson
Jeff Greenfield
Jeff Thomas
Jesse Frost
Jim Mitchell
jlr134
Joe Mastroianni
John Forcina
John Oberg
John Willcutt
Jon Newcomb
klugesmith
Leslie Wright
Lutz Hoffman
Mads Barnkob
Martin King
Mats Karlsson
Matt Gibson
Matthew Guidry
mbd
Michael D'Angelo
Mikkel
mileswaldron
mister_rf
Neil Foster
Nick de Smith
Nick Soroka
nicklenorp
Nik
Norman Stanley
Patrick Coleman
Paul Brodie
Paul Jordan
Paul Montgomery
Ped
Peter Krogen
Peter Terren
PhilGood
Richard Feldman
Robert Bush
Royce Bailey
Scott Fusare
Scott Newman
smiffy
Stella
Steven Busic
Steve Conner
Steve Jones
Steve Ward
Sulaiman
Thomas Coyle
Thomas A. Wallace
Thomas W
Timo
Torch
Ulf Jonsson
vasil
Vaxian
vladi mazzilli
wastehl
Weston
William Kim
William N.
William Stehl
Wesley Venis
The aforementioned have contributed financially to the continuing triumph of 4hv.org. They are deserving of my most heartfelt thanks.
Registered Member #286
Joined: Mon Mar 06 2006, 04:52AM
Location:
Posts: 399
I have a trogan on my computer in the system32 directory. I can not remove it because it is currently running. I cannot remove its register entry because it will automaticly put them back in there. Is their a way I can delete it from the system before it is loaded into memory. I have tried to use autoexec.bat to delete it but I don't think windows XP uses autoexec.bat anymore. A windows XP formated disk does not allow me access to the C:\. Any suggestions?
Registered Member #326
Joined: Sat Mar 18 2006, 01:12PM
Location: Glasgow, Scotland
Posts: 66
You could try using HijackThis to delete the registry entry. If that doesn't work, boot the PC using a Knoppix CD, mount your main HDD as read/write, and the use Knoppix file manager to delete the file.
Registered Member #30
Joined: Fri Feb 03 2006, 10:52AM
Location: Glasgow, Scotland
Posts: 6706
Find out what trojan it is, then Google for a dedicated removal tool for it. Failing that, try booting in safe mode and deleting it, but most virus writers are smarter than that, the last one I got would survive safe mode. (it was Virtumonde IIRC)
The Knoppix thing is a good idea, but it might not work if your drive is NTFS. Last time I checked, Linux access to NTFS was read-only. As a last resort, maybe you could put the hard drive in an external USB caddy and use another computer to delete the virus.
You're right, Windows XP doesn't use autoexec.bat, because it doesn't run on top of DOS any more. DOS went out with Windows NT.
Registered Member #1389
Joined: Thu Mar 13 2008, 12:50AM
Location: Pittsburgh, PA
Posts: 346
If you know DOS, you could use some format of DOS bootable media, and boot into DOS to remove it. It seems that you might know your way around DOS pretty well, too.
Registered Member #286
Joined: Mon Mar 06 2006, 04:52AM
Location:
Posts: 399
"Find out what trojan it is, then Google for a dedicated removal tool for it. Failing that, try booting in safe mode and deleting it, but most virus writers are smarter than that, the last one I got would survive safe mode. (it was Virtumonde IIRC) "
It is Virtumonde, at least one of the PC scanning tool says. I do not have knoppix to use, if I can find my windows XP disk, I then would beable to boot and have access to the hard disk.
"If you know DOS, you could use some format of DOS bootable media, and boot into DOS to remove it. It seems that you might know your way around DOS pretty well, too."
I have tried this. It will not allow me to access the c:
UPDATE:
I got rid of the trogan. I found this autorun manager program that can delete the infected files before they are loaded.
Registered Member #30
Joined: Fri Feb 03 2006, 10:52AM
Location: Glasgow, Scotland
Posts: 6706
I know it's a little late, but I found this:
May be of interest to XP users, since SP3 just came out on automatic updates, and it delivers a new copy of winlogon.exe that may undo any, err, "activation procedures" you might have used. This is a great case of something that would be classed as a Winlogon virus if it wasn't planted by Microsoft themselves
This site is powered by e107, which is released under the GNU GPL License. All work on this site, except where otherwise noted, is licensed under a Creative Commons Attribution-ShareAlike 2.5 License. By submitting any information to this site, you agree that anything submitted will be so licensed. Please read our Disclaimer and Policies page for information on your rights and responsibilities regarding this site.
Removing a trogan
