Author Topic: VBS:Redlof  (Read 10850 times)

0 Members and 1 Guest are viewing this topic.

Emery

  • Guest
VBS:Redlof
« on: May 13, 2003, 11:49:40 PM »
Um, I've just been infected by the Redlof virus, but I'm not sure if I'm supposed to delete the HTT files even though they're infected, because I think they're used to view folders as web pages, but I don't know if it's safe to. Also, does this virus affect only HTML and HTT or those two and several other file types because I've been getting info on this virus but the information is different on some sites.

n4cer

  • Guest
Re:VBS:Redlof
« Reply #1 on: May 14, 2003, 05:51:06 PM »
I see .HTT files on my clean system, and they appear to be HTML files used with Active Desktop for Windows. Maybe if you're using Windows 2000 or XP then when you delete these files, Windows will get a fresh copy from its install CD.

I'm just guessing though, I'll try to find more info on this virus.

n4cer

  • Guest
Re:VBS:Redlof
« Reply #2 on: May 14, 2003, 06:02:55 PM »
Here's some additional info:
http://securityresponse.symantec.com/avcenter/venc/data/html.redlof.a.html

The actual virus can be found in your \System\ directory as either Kernel.dll or Kernel32.dll.

Be careful, under WIN9x I think the real kernel is named "kernel32.dll".

Emery

  • Guest
Re:VBS:Redlof
« Reply #3 on: May 15, 2003, 02:34:14 AM »
It's kernel32.dll? I have Windows 98 and kernel.dll is the one with the virus but kernel32.dll seems to be clean. I've been to Symantec's website before, but their Redlof A description is different from the one found at Panda Software, where Redlof A affects only two types of files and Redlof B affects the files that Symantec says Redlof A affects, so it's pretty confusing.  :-\
Also, at another web site, it said that Redlof also copies itself as an image file called kjwall.gif into the two folders, and I found the image in my computer, so I'm really confused.
« Last Edit: May 15, 2003, 02:41:15 AM by Emery »

n4cer

  • Guest
Re:VBS:Redlof
« Reply #4 on: May 15, 2003, 07:21:08 AM »
Unfortunately, different anti-virus companies have different naming conventions for viruses, so it's possible that one virus will have many names depending on the site you visit.

I'd say go with the site that has details about the kjwall.gif file you found on your system. Hopefully it can tell you how to safely remove it (without formatting your system anyway).

The security forum at Broadband Reports may also be able to give you some advice:
http://www.broadbandreports.com/forum/security,1

shooter

  • Guest
Re:VBS:Redlof
« Reply #5 on: May 15, 2003, 08:07:02 PM »
Hi,

Do you have Avast!??? as a virus remover?? if your not, download the free home edition its super good.


greetttzzz shooter

Emery

  • Guest
Re:VBS:Redlof
« Reply #6 on: May 17, 2003, 11:24:43 PM »
Thanks for the link, I think there's a thread with info on removing the Redlof virus there.
And yes, I do use Avast now. That's how I found out about this virus  :)