Author Topic: trojano-247 (Read 21000 times)

altar · « **Reply #30 on:** August 23, 2004, 05:23:45 PM »

Eddy, should I delete the files directly from within the hijackthis log panel?

altar · « **Reply #31 on:** August 23, 2004, 05:28:13 PM »

Bob, I don't have the sytem restore tab
Must be because I disabled it using the Group Policy Editor and the Registry Editor before that, following Microsoft's stupid advice!!
Now I should try and undo all that and I'm not too shure how!!

bob3160 · « **Reply #32 on:** August 23, 2004, 06:17:10 PM »

altar

Quote

Must be because I disabled it using the Group Policy Editor and the Registry Editor before that, following Microsoft's stupid advice!!

Please clue me in, I'd like to know where that advice is?
I just did a search in the Windows Helpfile and this is what it says?

I believe that's exactly where I took you.

Eddy · « **Reply #33 on:** August 23, 2004, 06:20:01 PM »

I think he is refering to one of the two following pages.
http://support.microsoft.com/default.aspx?scid=kb;%5BLN%5D;310405
http://support.microsoft.com/default.aspx?scid=kb;EN-US;283073

bob3160 · « **Reply #34 on:** August 23, 2004, 06:23:57 PM »

altar

Quote

Now I should try and undo all that and I'm not too shure how!!

A STRONG word of advice. The Registry isn't a toy to play with. It's the fastes way I know to wind up doing an F-disk and a format and starting from scratch.
If you do make changes to the registry, the first thing to do is make a backup of the registry so incase you make a mistake, there is at least a posibility to repair the damage.
Group Policy Editor- Is another place where you can wind up with an unbootable operating system.
Please be careful if you arent sure, ask. It's better than having to start from scratch.

bob3160 · « **Reply #35 on:** August 23, 2004, 06:39:43 PM »

Eddy,
The first article uses the conventional method for shutting down System restore.
The second method requires the use of both regedit and Group Policy Editor.
However the 1st sentence states the following:

Quote

IMPORTANT: This article contains information about modifying the registry. Before you modify the registry, make sure to back it up and make sure that you understand how to restore the registry if a problem occurs. For information about how to back up, restore, and edit the registry, click the following article number to view the article in the Microsoft Knowledge Base:

Hopefully that was done.

altar · « **Reply #36 on:** August 24, 2004, 04:34:13 AM »

You got it, it's the second article I followed, thinking it was the only to disable system restore...
And... no I didn't do a backup....

I know the Registry isn't a toy to play with, actually I'd rather never have anything to do with it at all. I was only trying to get rid of that virus...

Can I just go back and do exactly the opposite of what I did to reverse things and re-activate system restore?

bob3160 · « **Reply #37 on:** August 24, 2004, 04:46:05 AM »

Only if you remember exactly what you did.

altar · « **Reply #38 on:** August 24, 2004, 06:23:21 AM »

well I just followed the instructions... I can delete the new key I created in the Registry, uncheck the tabs in the Group Editor...
Then I shall use only the control panel to disable sytem restore...

altar · « **Reply #39 on:** August 24, 2004, 01:10:22 PM »

I was running a scan including the archives and Avast found Win32:PurityScan-C [Trj] in here: C:\Documents and Settings\Sechan\Local Settings\Temporary Internet Files\Content.IE5\ZA4NR905\MediaTicketsInstaller[1].cab\MediaTicketsInstaller.ocx
Since I have not yet re-activated system restore, is it actually being deleted when I delete it?

bob3160 · « **Reply #40 on:** August 24, 2004, 02:42:34 PM »

If your not getting an error message and the delete is being made, then it's gone.

altar · « **Reply #41 on:** August 24, 2004, 05:45:25 PM »

Hi its me....... AGAIN!
I ran a scan including the archives, and at the end there are a number of files wich Avast says it could not scan.
Most of them look like this:
C:/Documents and Settings/All Users/Application Data/Spybot-Search&Destroy/Recovery/DSOExploit1.zip/sbRecovery.reg

some other files are the same but end by .ini
What is weird is that I ran the same scan a couple of hours earlier and it didn't show anything.... I don't understand...
Do you know this type of files?
Can I delete them safely?

bob3160 · « **Reply #42 on:** August 25, 2004, 01:41:39 AM »

altar

Quote

I ran a scan including the archives, and at the end there are a number of files wich Avast says it could not scan.
Most of them look like this:
C:/Documents and Settings/All Users/Application Data/Spybot-Search&Destroy/Recovery/DSOExploit1.zip/sbRecovery.reg

Password protected files in a safe folder created when you did a scan with Spybot. After your system has rebooted for a few times and you aren't having any problems, you can use Spybot to get rid of the backup files.
You can also add this folder to the Avast Exclusions. That way the files in this folder will be bypassed.

Quote

some other files are the same but end by .ini

You need to be more specific about these files. Thanks