Full Disclosure mailing list archives
RE: Removal?
From: "axid3j1al axid3j1al" <axid3j1al () hotmail com>
Date: Wed, 04 Feb 2004 00:41:48 +0000
From: "Schmehl, Paul L" <pauls () utdallas edu>To: "axid3j1al axid3j1al" <axid3j1al () hotmail com>, <full-disclosure () lists netsys com>Subject: RE: [Full-disclosure] Removal? Date: Tue, 3 Feb 2004 14:02:29 -0600 > -----Original Message----- > From: full-disclosure-admin () lists netsys com > [mailto:full-disclosure-admin () lists netsys com] On Behalf Of > axid3j1al axid3j1al > Sent: Tuesday, February 03, 2004 12:03 AM > To: full-disclosure () lists netsys com > Subject: [Full-disclosure] Removal? > > > How do I delete the virus that is not detectable by norton av (latest > definitions) > http://housecall.antivirus.com/ > > but has the files > c:\windows\system32\f~q\fag.exe > c:\windows\system32\f~q\usr_crt.dll > > i.e. what program do I kill to do a attrib -h -r -s *.* ; del. ? >
Good Idea. But did not work. usr_crtl.dll wont unregister and fag.exe is not in the process list.
regsvr32 /u c:\windows\system32\f~q\usr_crt.dll del c:\windows\system32\f~q\usr_crt.dll Ctrl-Alt-Del/Task Manager/Processes Locate fag.exe and End Process Get your AV software up to date and keep it that way. Go to Windows Update and patch to current.
Norton is fully patched to current as is windows update.Current versions of adaware, spybot (search & Destroy) or norton found any trace of the trojan. Even when pointed directly at that directory. Anything else that recgnises this?
Paul Schmehl (pauls () utdallas edu) Adjunct Information Security Officer The University of Texas at Dallas AVIEN Founding Member http://www.utdallas.edu/~pauls/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
_________________________________________________________________E-mail just got a whole lot better. New ninemsn Premium. Click here http://ninemsn.com.au/premium/landing.asp
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Removal? axid3j1al axid3j1al (Feb 02)
- RE: Removal? Mike (Feb 03)
- Re: Removal? Nico Golde (Feb 03)
- <Possible follow-ups>
- RE: Removal? Schmehl, Paul L (Feb 03)
- RE: Removal? axid3j1al axid3j1al (Feb 03)
- RE: Removal? Paul Schmehl (Feb 03)
- Message not available
- Re: Removal? Anders (Feb 04)
- RE: Removal? Paul Schmehl (Feb 03)
- RE: Removal? axid3j1al axid3j1al (Feb 03)