Trojan.Lodear.B/Trojan.Lodav.A

["Joe George" <j.george () conservation org>]

Hi all,

I have a workstation that was compromised by the Trojan mentioned in the
subject, after the end user opened an infected .ZIP file. I followed the
instructions Symantec recommended.  I used their removal tool because I
was not able to access the registry.  I also installed the
UnHookExec.inf in an attempt to reset the shell/open/command reg keys,
per the article.  I was still not able to access the registry.  I ran
the removal tool several times in normal and in safe mode and each time
it would detect and terminate the Trojan process running in
explorer.exe.  Before one removal tool run, I ran Winternals Process
Explorer, but nothing was found.  I ran two anti-virus scans but did not
find anything after the initial detection.  Is there anything that I
have not tried that someone can suggest? I'm about ready to run a repair
on Windows, but not ready to rebuild, as I am concerned there maybe more
workstations that have been just as compromised.  

Thanks in advance.

--
Joe George
IT Janitor
x349