Yahoo Answers is shutting down on May 4th, 2021 (Eastern Time) and beginning April 20th, 2021 (Eastern Time) the Yahoo Answers website will be in read-only mode. There will be no changes to other Yahoo properties or services, or your Yahoo account. You can find more information about the Yahoo Answers shutdown and how to download your data on this help page.
Trending News
5 Answers
- Anonymous1 decade agoFavorite Answer
This is a brand new trojan... reported on the symantec site as of October 16, 2007
To rid yourself of this trojan... turn off system restore until your system is clean and then reenable system restore to create a clean restore point.
Force an update of your virus scanner (which hopefully is from a reliable vendor like mcafee or norton) and close any open programs and perform a complete scan of your system.
You will then need to manually delete any entries made to your system's registry:
When the Trojan is executed, it drops the following file:
%Windir%\nview.dll
It also creates the following file:
%System%\atmapi.sys
It then creates the following registry value:
HKEY_LOCAL_MACHINE \SOFTWARE\Microsoft\ Windows NT\CurrentVersion\ Windows\"zwpInit_Dlls" = "C:\WINDOWS\nview.dll"
The Trojan modifies the following files so that it runs when Windows starts:
%System%\ user32.dll
%System%\ dllcache\user32.dll
The original user32.dll is saved by the Trojan as the following file:
%System%\ [RANDOM FILE NAME]
Finally, the threat restarts the compromised computer so that the modified user32.dll takes effect.
The The Trojan then creates the following encrypted DLL files:
%Windir%\Help\ access.cni
%Windir%\Help\ mwrem.cin
The threat stores encryption information specific to these DLLs in the following registry values:
HKEY_LOCAL_MACHINE \SOFTWARE\1\ "Path" = "C:\WINDOWS \help\access.cni"
HKEY_LOCAL_MACHINE \SOFTWARE\1 \"Key" = "[ENCRYPTION KEY]"
HKEY_LOCAL_MACHINE\ SOFTWARE\1\"DLoad" = "0"
HKEY_LOCAL_MACHINE\ SOFTWARE\2\"Path" = "C:\WINDOWS\ help\mwrem.cin"
HKEY_LOCAL_MACHINE \SOFTWARE\ 2\"Key" = "[ENCRYPTION KEY]"
HKEY_LOCAL_MACHINE \SOFTWARE\ 2\"DLoad" = "0"
Note: [ENCRYPTION KEY] is the encryption key used to encrypt the DLL files and the threat uses this information to locate and decrypt these encrypted DLLs in memory.
The Trojan opens a back door that connects to 58.65.239.86 allowing a remote attacker to perform some of following actions:
Terminate processes
Monitor network traffic
Download additional files
More info here
http://www.symantec.com/security_response/writeup....
Good Luck!
- Anonymous7 years ago
Don't listen to these guys, they clearly have no clue on what they're talking about. I am a developer at Microsoft so I know a thing or two about computers. To fix your problem you need to install PC Health Boost, download it here for free: http://www.healthboostpc.com/
It's very light and it's the only antivirus/cleaner with a 99.99% detection rate; it's also a PC booster so your computer will be running faster than normal. Install it, hit run and problem solved. It shouldn't take you more than 5 minutes.
- perk2u_wiLv 51 decade ago
Get the Free version of SuperAntiSpyware found at http://www.superantispyware.com/
Free Home Version...
Download it, Install it, Check for an Update. Click "Scan Computer" and chose the Complete Scan option. Sit back and let it do it's job. When it finishes, click the NEXT button to remove the items it found. When the items are removed. Closed the program and restart your system.
Good Luck
- 1 decade ago
Kaspersky has a free online virus removal tool at:
http://usa.kaspersky.com/products_services/free-vi...
Eset also has one at:
http://www.eset.com/onlinescan/
Either of these should fix your problem. Good Luck
- How do you think about the answers? You can sign in to vote the answer.
- Anonymous1 decade ago
There is a manual removal procedure from this site:
