NETDB.EXE HELP!!!!

  • Thread starter Thread starter Skyman
  • Start date Start date
S

Skyman

Hi there, how do you get rid of this program netdb.exe. After I delete it,
it appears in startup folder everytime I boot even though I ran norton and
spyremover programs. Thanks in advance!
 
There are apparently many varieties of this particular worm.

http://uk.trendmicro-europe.com/enterprise/security_info/ve_detail.php?VName=BKDR_CCT.A
http://www.symantec.com/avcenter/venc/data/pf/backdoor.nibu.e.html
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_DUMARU.AI&VSect=T
http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39314
http://www.us.sophos.com/virusinfo/analyses/trojdumaruam.html
http://www.us.sophos.com/virusinfo/analyses/trojdumarub.html
http://vic.zonelabs.com/body/CA/virusDetails.jsp?VId=39314

Google has 240 hits.
http://www.google.com/search?q=netdb.exe&hl=en&lr=&ie=UTF-8&start=0&sa=N
This might be best answered by posting in a Security virus newsgroup in view
of the many different manifestations of this particular infection
news://msnews.microsoft.com/microsoft.public.security.virus

One suggestion I've seen is as follows: (this does not mean it is the
correct one, although you can look to see if the entries as described are
found on your PC.)

1) Open Windows Task Manager. On Windows 95/98/ME systems, press
CTRL+ALT+DELETE while on Windows NT/2000/XP systems, press
CTRL+SHIFT+ESC, and click the Processes tab.
2) In the list of running programs, locate the following processes:
NETDA.EXE ; NETDB.EXE ; NETDC.EXE
3) Select the processes, then press either the End Task or the End Process
button, depending on the version of Windows on your system.
4) To check if the malware process has been terminated, close Task
Manager, and then open it again. Now, Close Task Manager.

5) Go to CONTROL PANE->TOOLS-> FOLDER OPTIONS -> VIEW, and clicked on "show
hidden files" and deactivated "Hide extensions for known file types" and
"Hide protected operating files".

6) Search for netda.exe ; netdb.exe ; netdc.exe under C. If found, delete
all the instances of the all the files.

7) Now, remove autostart entries from the registry to prevent the malware
from executing at startup.

6) Open Registry Editor. To do this, click Start>Run, type Regedit, then
press Enter.

7) In the left panel, double-click the following:
HKEY_LOCAL_MACHINE>Software>Microsoft>Windows>CurrentVersion>Run

In the right panel, locate and delete the entry:
load32 = %system%\netda.exe"

In the left panel, double-click the following:
HKEY_LOCAL_MACHINE>Software>Microsoft>Windows>CurrentVersion>WinLogon

In the right panel, locate and replace the entry:

Shell = "Explorer.exe %System%\netdc.exe"
with: Shell = "Explorer.exe"

Close Registry Editor.

Now, Empty Recycle bin and then Restart machine.

Do a complete Anti-virus scan. If it finds anything that it cannot clean,
have it delete it or make a note of the file location so you can delete it
yourself.

Clear your IE cache. Remove all contents of TEMP/ Temp. Internet files
folder.

HTH -
--

LuckyStrike
(e-mail address removed)

How to make a good newsgroup post:
http://www.dts-l.org/goodpost.htm
http://home.satx.rr.com/badour/html/post.html
--------------------------------------------------------------------
 
Back
Top