iPhone 7 review: a range of small updates add up to an excellent phone
Hi gang, back for some more information.I have just replaced the hard drive and installed XP pro. During registration period I managed to attract Korga.worm and backdoor AXJ. dll. gen trojan.
The files with these attached have been deleted by McAfee, but I am now left with the situation that as soon as my dial-up connection is made, the computer re-boots.
Any ideas as to what has been adjusted in the registry and what is needed to repair it? Do not realy want to re-format and re-install unless as a lasst resort.
Rawprawn, I have run Spybot and Spywareblaster, neither of these found anything this time, possible as Mcafee had already deleted the files, but did not repair the damage, possible I had not set it up correctly. Will give adaware a try later.
click here Try an online scan here, or download the free version and run it.
Also try scanning in safe mode
Thanks for the info, will give that a try this evening.
url]click here]W32.Korgo Removal Tool[/url] , this covers from Korgo.F through to KORGO.Z if it is indeed this virus.
Or Stinger click here
Thanks VoG™, I will give that a try this evening. I have now run Adaware which found a few items amiss, but as yet, has not corrected the problems. I have noticed that when the system is forced into a reboot, via IE6, the "file checker2 is initiated. I presume that this is due to the incorrect shut down procedure. I have looked in th registry for the files suggested by Sophos, but cannot find any with correct titles.
As usual, I am becoming even more confused!!
You need to turn off System Restore first, Click Start > Programs > Accessories > Windows Explorer
Right-click My Computer, and then click Properties, Click the System Restore tab, Check the "Turn off System Restore" or "Turn off System Restore on all drives" check box (this will have to be turned back on after the problem has been fixed).
Now assuming you have access to the internet from another machine , download Stinger and the Korgo Removal Tool (as above), also download the RPC Patch from Microsoft found click here , you can then install the patch and run the removal tools seperately to see if the problem goes.
If no other access is available switch off System Restore as above, next click Start>Run type in SERVICES.MSC /S in the open line, and then click OK , this will bring up a new window (Services), In the right pane, locate the "Remote Procedure Call (RPC)" service. Now go careful here as there are 2 Remote Procedure Call listed , you want the first one as above , the second has "locator" after it , dont touch that one.
Right-click the Remote Procedure Call (RPC) service, and then click Properties, Click the Recovery tab, Using the drop-down lists, change First failure, Second failure, and Subsequent failures to "Restart the Service." Click Apply, and then click OK, (Once again you will have to make sure that you change these settings back once you have removed the worm).
Now hopefully you should be able to connect to the Internet to access Patches etc.
Removal tool for Backdoor-AXJ can be found click here.
If all this solves your problem dont forget to switch restore back on along with RPC, you then need to update your machines patches and security via MS update .
This thread is now locked and can not be replied to.