cleaning out a virus from the registry

  • Thread starter Thread starter Andy
  • Start date Start date
A

Andy

I am working on a WIN 2k machine that had a couple of
backdoor trojans on it. More specific backdoor.sdbot,
IRC trojan, IRC.Zcrew, backdoor.DKangel, bat.trojan and
bloodhound. packed. Norton had found these and removed
them or so I thought. This started back in September. A
couple of months later the computer was infected again.
Not all of the trojans were found in September. This
client would call back and say Norton found more viruses
and was understandably getting upset. I have been
working on this computer for a couple of days and have
traced some interesting stuff. I found that one of the
trojans loaded Serv-U on the computer. I did some
research on Serv-U and found out that this is a FTP
server program and turned this computer into a FTP
server. Which explains why the computer is constantly
being infected. I have been able to remove the serv-U
files from the computer and now I am in the prossess of
cleaning the registry. I am familure with the registry
but I am not an expert. One area that Serv-U is located
is HKCU\software\microsoft\internet explorer\explorer
bars\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1}\filesnamedMRU.

I am not sure what the Files named MRU is. There are
several files from the trojan/Serv-U listed. What does
the Files named MRU registry entry load up? Is it safe
to just delete this entry all together?

Any help would be appreciated, Thanks

Andy
 
-----Original Message-----
I am working on a WIN 2k machine that had a couple of
backdoor trojans on it. More specific backdoor.sdbot,
IRC trojan, IRC.Zcrew, backdoor.DKangel, bat.trojan and
bloodhound. packed. Norton had found these and removed
them or so I thought. This started back in September. A
couple of months later the computer was infected again.
Not all of the trojans were found in September. This
client would call back and say Norton found more viruses
and was understandably getting upset. I have been
working on this computer for a couple of days and have
traced some interesting stuff. I found that one of the
trojans loaded Serv-U on the computer. I did some
research on Serv-U and found out that this is a FTP
server program and turned this computer into a FTP
server. Which explains why the computer is constantly
being infected. I have been able to remove the serv-U
files from the computer and now I am in the prossess of
cleaning the registry. I am familure with the registry
but I am not an expert. One area that Serv-U is located
is HKCU\software\microsoft\internet explorer\explorer
bars\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1}\filesnamedMRU.

I am not sure what the Files named MRU is. There are
several files from the trojan/Serv-U listed. What does
the Files named MRU registry entry load up? Is it safe
to just delete this entry all together?

Any help would be appreciated, Thanks

Andy
.
download a program called spybot - search and destroy
run the program's update before you run it
It helps clear spyware and other annoyances.

MRU means most recently used, you can delete Serv-U "value"

The program I talked about will probably do it anyway,
because I noticed that the key it is in is for toolbars,
which leads me to believe you have spyware

No huge deal, just run this program, it is free
goto download.com
 
Andy said:
I am not sure what the Files named MRU is. There are
several files from the trojan/Serv-U listed. What does
the Files named MRU registry entry load up? Is it safe
to just delete this entry all together?

That key contains information on the filenames specified in recent search
functions. You can probably delete it without causing any problems, but
you can just ignore it. It's harmless.
 
Back
Top