« previous next »
Pages: [1]   Go Down

Author Topic: Win32 Duster [Wrm]  (Read 4356 times)

0 Members and 1 Guest are viewing this topic.

Dravin

  • Guest
Win32 Duster [Wrm]
« on: December 19, 2003, 06:51:13 PM »
HI guyz
Can someone please give me advice on getting rid of this file, as it is part of the setup system to my Windows ME Im not sure how to go about it, have tried deleting it with Avast but to no avail.
I apologise if this qestio has been asked before, I did try a search for it..
Logged

Offline raman

  • Avast Evangelist
  • Advanced Poster
  • ***
  • Posts: 1062
Re:Win32 Duster [Wrm]
« Reply #1 on: December 19, 2003, 07:38:22 PM »
Hm, which file is reported as infected and where is it located? You may try to test the file here: http://www.kaspersky.com/remoteviruschk.html
Logged
MfG Ralf

Offline .: Mac :.

  • Avast Überevangelist
  • Ultra Poster
  • *****
  • Posts: 5093
Re:Win32 Duster [Wrm]
« Reply #2 on: December 19, 2003, 11:15:10 PM »
trends removal instructions (its long  ;) )

Quote
Terminating the Malware Program

This procedure terminates the running malware process from memory. You will need the name(s) of the file(s) detected earlier.

Open Windows Task Manager.
On Windows 95/98/ me systems, press
CTRL+ALT+DELETE
On Windows NT/2000/XP systems, press
CTRL+SHIFT+ESC, then click the Processes tab.
In the list of running programs*, locate the malware file or files detected earlier.
Select one of the detected files, then press either the End Task or the End Process button, depending on the version of Windows on your system.
Do the same for all detected malware files in the list of running processes.
To check if the malware process has been terminated, close Task Manager, and then open it again.
Close Task Manager.
*NOTE: On systems running Windows 95/98/ME, Task Manager may not show certain processes. You may use a third party process viewer to terminate the malware process. Otherwise, continue with the next procedure, noting additional instructions.

Removing Autostart Entries from System Files


A malware modifies system files so that it automatically executes at every Windows startup. These startup entries must be removed before the system can be restarted safely.

Open the SYSTEM.INI file. To do this, click Start>Run, type SYSTEM.INI, then press Enter. This should open the file in your default text editor (usually Notepad).
Under the [boot] section, locate the line that begins with:
Shell=Explorer.exe
From the same line, delete the malware path and file name:
DUST.EXE
Close the SYSTEM.INI file and click Yes when prompted to save.
Restoring AUTOEXEC.BAT

Open AUTOEXEC.BAT using Notepad. Click Start>Run, type this text string in the Open input box then press Enter:
notepad c:\autoexec.bat
Delete these entries created by the malware:
DUST.EXE
Close AUTOEXEC.BAT and click Yes when prompted to save.
Additional Windows ME/XP Cleaning Instructions

Running Trend Micro Antivirus

Scan your system with Trend Micro antivirus and clean all files detected as PE_DUSTER.A. To do this, Trend Micro customers must download the latest pattern file and scan their system. Other Internet users can use HouseCall, Trend Micro’s free online virus scanner.


housecall is here http://housecall.trendmicro.com
« Last Edit: December 19, 2003, 11:15:59 PM by MacLover2000 »
Logged
"People who are really serious about software should make their own hardware." - Alan Kay
Pages: [1]   Go Up
« previous next »