Golden Sun Syndicate Forums: Golden Sun Syndicate Forums

Jump to content

Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

Problem With Trojan

#1   Golden Legacy 

  • Can't touch this.
  • PipPipPipPipPipPipPipPipPip
    • Group: Admin
    • Posts: 6,607
    • Joined: 28-March 04
    • Gender:Male
    • Location:New York City, Boston

    Posted 06 April 2006 - 02:37 PM

    The file C:\WINDOWS\system32\mljjh.dll is infected by the Vundo trojan and cannot be cleaned.

    I am unable to use McAfee VirusScan to clean, quarantine, or delete the file, because the file is "write-protected".

    I also attempted to perhaps replace the dll file by downloading one from various sources from the internet, but I was unable to find the specific one.

    Any help would be greatly appreciated.

    This post has been edited by Golden Legacy: 06 April 2006 - 02:37 PM

    #2   Mars Djinni 

    • Master Adept
    • PipPipPipPipPipPipPipPipPip
      • Group: Members
      • Posts: 3,798
      • Joined: 28-December 04
      • Gender:Male
      • Location:British Columbia, Canada
      • Interests:Martial Arts:<br />- Weapons (Bo staff :D)<br />- Chinese, Korean, Japanese, Filipino styles<br /><br />Video Games: <br />Fire Emblem, Zelda, Megaman, Super Smash Bros., Age of Empires/Mythology, Final Fantasy, etc.<br /><br />Movies, Web Design, Foruming-ing-ing, Sprites and Digital Art, Drawing, Writing, Anime, etc.

      Posted 06 April 2006 - 05:03 PM

      I searched it on Google and found this.

      Quote

      Download Process Explorer (procexp.exe) from Sysinternals[/url]
      2. Reboot the infected machine
      3. Launch the VirusScan On-Demand Scanner (ODS), or the command-line scanner, but don't initiate the scan yet
      4. Run Process Explorer and suspend the Explorer.exe, Winlogon.exe, and rundll32.exe processes (right-click on these process names and choose suspend)
      5. Scan & clean with the current DAT files and engine (the Window launched in step 3 above) [there will be clean failures, that is expected]
      6. Physically power the machine off and back on.(a hard reset is required as Windows will not shutdown without Winlogon.exe running, and resuming that process will revert the changes made by the scanner).

      These steps will removal all relevant registry entries and identified Vundo components.


      Hope it helps.

      #3   Golden Legacy 

      • Can't touch this.
      • PipPipPipPipPipPipPipPipPip
        • Group: Admin
        • Posts: 6,607
        • Joined: 28-March 04
        • Gender:Male
        • Location:New York City, Boston

        Posted 06 April 2006 - 06:36 PM

        An excellent find Mars Djinni, thanks.

        However, while I was able to download and get the Process Explorer up and running, I wasn't very clear by step 3. What are they referring to when it says "VirusScan On-Demand Scanner (ODS), or the command-line scanner"?

        #4   Mars Djinni 

        • Master Adept
        • PipPipPipPipPipPipPipPipPip
          • Group: Members
          • Posts: 3,798
          • Joined: 28-December 04
          • Gender:Male
          • Location:British Columbia, Canada
          • Interests:Martial Arts:<br />- Weapons (Bo staff :D)<br />- Chinese, Korean, Japanese, Filipino styles<br /><br />Video Games: <br />Fire Emblem, Zelda, Megaman, Super Smash Bros., Age of Empires/Mythology, Final Fantasy, etc.<br /><br />Movies, Web Design, Foruming-ing-ing, Sprites and Digital Art, Drawing, Writing, Anime, etc.

          Posted 06 April 2006 - 07:02 PM

          I figured it'd be part of that program you downloaded it. I'm not sure if it's gonna work, but maybe its referring to the McAfee Virus Scanner. I think that the program you downloaded will help it a bit so that it gets picked up and deleted successfully.

          #5   PDM 

          • Disciple
          • PipPipPipPipPipPipPipPip
            • Group: Members
            • Posts: 1,263
            • Joined: 31-December 05
            • AKA lifeform288

            Posted 06 April 2006 - 08:38 PM

            ---

            Message deleted due to inappropriate criticism and Spam. Don't let it happen again.

            This post has been edited by Golden Legacy: 08 April 2006 - 09:43 AM


            Page 1 of 1
            • You cannot start a new topic
            • You cannot reply to this topic