Mabutu virus

  bamfiesler 10:07 11 Sep 2004
Locked

Somehow, I've picked this up. I think this is related to my previous post re ndis.exe. Has this varius used that app as a carrier, or whatever?

C:\RECYCLER\S-1-5-21-1078081533-854245398-1389357603-1003\DC11.ZIP:\creme_de.scr Virus identified I-Worm/Mabutu

AVG cannot get rid of it, and I can't see its path.

Any ideas?

  VoG II 10:12 11 Sep 2004
  bamfiesler 12:20 11 Sep 2004

VOG,

Thanks, but that site cannot be displayed, even when I type it straight in to the URL bar.

Any other ideas?

Bamf

  VoG II 12:24 11 Sep 2004

Turn off System Restore click here

Start in Safe Mode click here

Removing Autostart Entries from the Registry

Removing autostart entries from the registry prevents the malware from executing at startup.

1. Open Registry Editor. Click Start>Run, type REGEDIT, then press Enter.

2. In the left panel, double-click the following:
HKEY_LOCAL_MACHINE>Software>Microsoft>
Windows>CurrentVersion>Run

3. In the right panel, locate and delete the entry whose data value (the rightmost column) is:
winupdt = "RUNDLL32.EXE <.DLL filename>,_mainRD"

4. Close Registry Editor.


Scan with anti-virus click here

  bamfiesler 16:18 11 Sep 2004

Thanks, VoG, but there is no winupdt....in that path you have given.

Tried sysrestore, but the thing is still there.

  bamfiesler 22:02 11 Sep 2004

Turned off sysrestore, then ran Hijackthis. I saw two entries that may have been causing this problem; dumped them, ran AVG again, and all ok.

Thanks, VoG - I had forgotten about how important it is to turn of sysrestore at these points.

This thread is now locked and can not be replied to.

Elsewhere on IDG sites

OnePlus 5T review: Hands-on

Illustrator Andrés Lozano on his improv line work, brazen use of colours & hand sketching

iPhone X review

Comment envoyer gratuitement des gros fichiers ?