« previous next »
Pages: [1]   Go Down

Author Topic: Win95 Dupator  (Read 3199 times)

0 Members and 1 Guest are viewing this topic.

compmogul

  • Guest
Win95 Dupator
« on: September 15, 2004, 09:41:03 PM »
I have recently referred you to a client of mine because one of their office computers has a compatibility problem with Norton.  They wanted to run the trial version and be shure that they liked the program before buying a license.  Apparently they did not have the windows security updates and contracted Win95 Dupator virus only days after installing avast on this computer. Do you have any suggestions for removal?

I've owned a registered copy for a while and haven't had any problems with it.  This is the first issue I've found with your program not containing a virus. Kudos to the development team for an excellent product.

Logged

whocares

  • Guest
Re:Win95 Dupator
« Reply #1 on: September 15, 2004, 11:22:37 PM »
Hi,
here's some info & removal-instructions on DUPATOR:
VGREP

try a boot-time scan with avast, cleaning/repairing infected files..

also enter
DUPATOR
into the board SEARCH above...

and give us some info, as to where Dupator is found..
--> (full path/folder/filename)

read the link "VirusRemoval" below in my sig...
« Last Edit: September 15, 2004, 11:23:31 PM by whocares »
Logged

compmogul

  • Guest
Re:Win95 Dupator
« Reply #2 on: September 16, 2004, 12:06:58 AM »
The virus seems to have attached itself to the Kernel32.dll file and is attaching itself to any process which the computer runs, including Avast.exe. This is happening in Windows 98 withouth any security updates.  My best guess is that it was uploaded through a win98 backdoor which would have been closed had the operator known to download the security updates from microsoft.  I have not tried a bootscan with avast, but it would not clean any files during a regular scan.  I will be working on this problem in the morning and would appreciate any other info that you could give me, aka: dos removal programs.   Thank you for your help
Logged

Offline Eddy

  • Avast Evangelist
  • Maybe Bot
  • ***
  • Posts: 31072
  • Watching (over?) you
    • Malware removal, Biljart and other things.
Re:Win95 Dupator
« Reply #3 on: September 16, 2004, 02:34:44 AM »
Dupator:
- Copies the Kernel32.dll file from the \Windows folder to the \System folder.
- The virus appends itself to the Kernel32.dll file in the Windows folder and points the exported function call, GetFileAttributesA, to the viral code.
- Once you have restarted the computer, the virus uses the infected Kernel32.dll to infect the Windows PE files and .exe files

Boottimescan should take care of it. Depending on how far the infection is spread, you may have to do a repair of the OS after cleaning and perhaps reinstall some applications.
Logged
Pages: [1]   Go Up
« previous next »