|
Undetected
This trojan is a newer trojan that's sole purpose is to remain undetected by current anti virus software . It has a lot of powerful features similar to subseven and should be considered dangerous . New features can be added by way of plugins ( similar to bo2k ) and this makes the server updateable at all times , very easily .
Removal
The trojan server changes its name to a random one after infection but it is still easy to find .
Open up regedit ( go to start , run , type regedit , then hit ok ) and follow this path
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
Click on run and look for a key that has the word winup.com in it . Delete this key .
Your computer may or may not screw up now , if it does and you are unable to open up any exe files then you will have to download this regfix file and double click on it and your registry will be recovered back to normal
( you will have to right click on the file and choose save as or what ever )
Now go to start , then to find and do a search for win.ini , when you find it double click on it and a notepad page will pop up look for a line that says run=%something% ( something could be any name , it uses a random name ) if you see this line delete the %something% part .
Open the system.ini and remove the key: shell=Explore.exe %something% and change to shell=explore.exe ( it may not be there , but check anyway )
Your all done ……...
|
|
