Mabutu virus

  bamfiesler 10:07 11 Sep 04
Locked

Somehow, I've picked this up. I think this is related to my previous post re ndis.exe. Has this varius used that app as a carrier, or whatever?

C:\RECYCLER\S-1-5-21-1078081533-854245398-1389357603-1003\DC11.ZIP:\creme_de.scr Virus identified I-Worm/Mabutu

AVG cannot get rid of it, and I can't see its path.

Any ideas?

  VoG II 10:12 11 Sep 04
  bamfiesler 12:20 11 Sep 04

VOG,

Thanks, but that site cannot be displayed, even when I type it straight in to the URL bar.

Any other ideas?

Bamf

  VoG II 12:24 11 Sep 04

Turn off System Restore click here

Start in Safe Mode click here

Removing Autostart Entries from the Registry

Removing autostart entries from the registry prevents the malware from executing at startup.

1. Open Registry Editor. Click Start>Run, type REGEDIT, then press Enter.

2. In the left panel, double-click the following:
HKEY_LOCAL_MACHINE>Software>Microsoft>
Windows>CurrentVersion>Run

3. In the right panel, locate and delete the entry whose data value (the rightmost column) is:
winupdt = "RUNDLL32.EXE <.DLL filename>,_mainRD"

4. Close Registry Editor.


Scan with anti-virus click here

  bamfiesler 16:18 11 Sep 04

Thanks, VoG, but there is no winupdt....in that path you have given.

Tried sysrestore, but the thing is still there.

  bamfiesler 22:02 11 Sep 04

Turned off sysrestore, then ran Hijackthis. I saw two entries that may have been causing this problem; dumped them, ran AVG again, and all ok.

Thanks, VoG - I had forgotten about how important it is to turn of sysrestore at these points.

This thread is now locked and can not be replied to.

How to get Windows 10 for free | How to install Windows 10: There is still a way to avoid paying…

1995-2015: How technology has changed the world in 20 years

Alex Chinneck’s giant ice cube Christmas tree at Kings Cross

Apple rumours & predictions 2017: The iPhone 8, new iPads, and everything else you should expect fr7…