On Monday, March 26, 2007 11:11 AM [GMT-3=CET],
John Ferrell  wrote:

> I believe that you might be able to recover this data but for me to do it
I
> would have to learn what you already know and acquire the tools (and the
> skill set!) that you suggest.


This kind of trojan acts like this:

 download a file
 edit the windows registry so
    1.- all exe files must execute this file before Explorer execute the
called file
    2.- you can't access to the registry anymore.

A step by sted by-hand-cleaning can be done knowing the files and the
registry lines affected.

You can boot from almost any XP CD.
As was explained before, rename the offending files using this.

attrib -h -r -s  xxx.exe
'this makes this file visible-eraseable

ren xxx.exe xxx.vir
'this will renames the file.

In your case search for this files names here:
http://www.symantec.com/security_response/writeup.jsp?docid=2007-022713-5847
-99&tabid=2


Once you achieve this, enter windows in safe mode.
A explanation on how to do it:
http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001052409420406?Op
enDocument&src=sec_doc_nam

Access the registry typing "Regedit" at run window:
search for those regstry lines, and export-erase them.
If you have problems to access regedit, you can download this tool
http://securityresponse.symantec.com/avcenter/UnHookExec.inf
rigth click "install"


Install AVG free edition antivirus with no internet connection (unplug the
laptop).
Scan for more viruses, torjans, etc.

Download AD-Aware free edition from www.lavasoftusa.com, and run it in also
in safe mode.

This procedure cleans up the majority of viruses. If you have a good backup
policy, you will never be affraid of this attacks.

Last thing,... change all your documents and accesses passwords, just in
case.

;)

Regards,
Dennis.



-- 
http://www.piclist.com PIC/SX FAQ & list archive
View/change your membership options at
http://mailman.mit.edu/mailman/listinfo/piclist