can anybody help me delete this DUMB trojan, that wont go away... the pic tells you what shows up at start-up, and i do what it says, and it still wont leave!!!

This might help:

http://securityresponse.symantec.com/avcenter/ven...ackdoor.sdbot.html

That would help if the link worked...

Try this:

1. Get into DOS and delete the C:\WINDOWS\system32\windates.exe (Type del C:\WINDOWS\system32\windates.exe at the C:\ prompt)

2. Then restart back into Windows (You may get some invalid link or file not found messages come up but that’s normal since the Trojan has spread it self to the start up part of you computer.)

3. Check through your Win.ini for any line with the file name windates.exe. (If found delete it)

4. Save it then check the run portion of your registry for that file name. (Not recommended if you don’t know what you’re doing)


*This is just a rough instruction on some ways to get rid of it, so get creative.

<EDIT>
The link does work, just not on my computer
</EDIT>

the link does work

the link dont work, and i dont undertsnas the .ini file thing.... its complicated.... and i have to fix it soon, cuz it keeps restarting my computer... and it wont go away!! i wish i could kill the ppl who make virus's and the ones who did virus's! i hate virus's and their makers!!!!!!!!!!!!

what's your antivirus?

quote:

---

Originally posted by Kryptonate
what's your antivirus?

---

quote:

---

Originally posted by DJeX
The link does work, just not on my computer

---

code:

---

notepad.exe %systemroot%\system32\drivers\etc\hosts

---

quote:

---

# Copyright 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
#      102.54.94.97     rhino.acme.com          # source server
#       38.25.63.10     x.acme.com              # x client host

127.0.0.1       localhost

---

Try to get windates.exe quarantained.

If this doesn't help:
1. Terminate the process (CTRL + ALT +Delete >> Processes >> windates.exe).

2. Go to Start >> Run >> regedit >> \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
and delete any of the following values that you find, or any value that refers to the file, which is detected as the Trojan:

"Configuration Manager"="Cnfgldr.exe"
"System Monitor"="Sysmon16.exe"
"MSSQL"="Mssql.exe"
"Configuration Loader" = "aim95.exe"
"Internet Config" = "svchosts.exe"
"System33" = "%System%\FB_PNU.EXE"
"Configuration Loader"="cmd32.exe"
"Windows Explorer"="Explorer.exe"
"Configuration Loader"="IEXPL0RE.EXE"
"Configuration Loader"="%System%\iexplore.exe"
"Sock32"="sock32.exe"
"Configuration Loader"="MSTasks.exe"
"Windows Services"="service.exe"
"Registry Checker" = "%System%\Regrun.exe"
"Internet Protocol Configuration Loader" = "ipcl32.exe"
"syswin32" = "syswin32.exe"

Don't worry about programs needed by Windows to operate good. They don't appear on this list.

Close down the registry and it won't restart your computer anylonger and it won't be started when Windows boots.