Trojan Wont Go Away

[Dcrockett]

I recently got the Exploit URLSpoof.gen trojan. I ran
virus scan and delete the file, but the virus scan does
not seem to clean up the registry. As soon as I try to use
Explorer again the trojan comes right back. It will not
let me change homepages (at least not after the first
try). I have tried SPYBOT, ADWARE, and HIGHJACKTHIS. Again
don't find the problem or they find the problem but not
the source. I notice one thing. I when into the WINNT
folder to backup a file and change a folder option. This
cause the virus to be trigger and my virus scan to catch
it again. Can anyone help me? I have been messin with this
for four days.

 

[Guest]

-----Original Message-----
I recently got the Exploit URLSpoof.gen trojan. I ran
virus scan and delete the file, but the virus scan does
not seem to clean up the registry. As soon as I try to use
Explorer again the trojan comes right back. It will not
let me change homepages (at least not after the first
try). I have tried SPYBOT, ADWARE, and HIGHJACKTHIS. Again
don't find the problem or they find the problem but not
the source. I notice one thing. I when into the WINNT
folder to backup a file and change a folder option. This
cause the virus to be trigger and my virus scan to catch
it again. Can anyone help me? I have been messin with this
for four days.
I tried to go to W2K SP4, but it caused my DSL to slow

down to less than dial up speeds.

 

[Never anonymous Bud]

I recently got the Exploit URLSpoof.gen trojan. I ran
virus scan and delete the file, but the virus scan does
not seem to clean up the registry. As soon as I try to use
Explorer again the trojan comes right back.

That 'virus' isn't what you're describing./

The URL spoof is hidden URLs instead of what you see
in an HTML email, almost exclusively used in phishing spams.





To reply by email, remove the XYZ.

Lumber Cartel (tinlc) #2063. Spam this account at your own risk.

This sig censored by the Office of Home and Land Insecurity....

 

[Wolf Kirchmeir]

Actually, merely deleting a program never cleans up the registry. The
program must be Uninstalled, and even then, registry cleanup is often
incomplete. (Rant: Why didn't MS design W2K to rewrite its registry on
boot, and rewrite it on the fly whenever you Delete or Move a program or
an object. If that "would use too many resources", well, unintegrate all
that "intregrated software," none of which is essential to an _operating
system_. Endrant)

If you used MS's virus scan, well, it isn't the best one around. Use a
3rd party program (I use AVG, but there are others.)

Try RegCleaner (google that name), which is relatively easy to use (but
don't set it to automatic cleaning until you udnerstand what it does.)

Or use regedit (Start --> Run ---> regedit), which is harder to use.
Basically, search for references to the components of the trojan and
delete all references to it. You will also have to delete the components
themselves.

HTH&GL

 

[Steve N.]

I don't think this trojan writes to the registry, I'm inclined to think
your a/v is missing catching an infected file for some reason or is not
set to scan all files. What a/v are you using?

Check here:

http://securityresponse.symantec.com/avcenter/venc/data/urlspoof.exploit.html

Hope it helps.

Steve

 

[David H. Lipman]

You are asking in the WRONG place !

There are anti virus News Groups specifically for this type of discussion.

microsoft.public.scripting.virus.discussion
microsoft.public.security.virus
alt.comp.virus
alt.comp.anti-virus

Dave



"Dcrockett" wrote in message | I recently got the Exploit URLSpoof.gen trojan. I ran
| virus scan and delete the file, but the virus scan does
| not seem to clean up the registry. As soon as I try to use
| Explorer again the trojan comes right back. It will not
| let me change homepages (at least not after the first
| try). I have tried SPYBOT, ADWARE, and HIGHJACKTHIS. Again
| don't find the problem or they find the problem but not
| the source. I notice one thing. I when into the WINNT
| folder to backup a file and change a folder option. This
| cause the virus to be trigger and my virus scan to catch
| it again. Can anyone help me? I have been messin with this
| for four days.
|

 

[Read]

have you tried a small program "regclean" from Microsoft - a registry
cleaner ?
Just might fix it.

 

[George Hester]

I doubt it. It will likely do more damage. Is why Microsoft no longer carries it.

 

[George Hester]

Empty your T(emporary)I(nternet)F(iles). Right-click IE icon on desktop | Properties | General | Delete Files... | Do not check offline | OK.

Empty your temp folders. as best you can.

Send the contents of this key in the registry here:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon