|
#1
01-05-2006, 05:42 AM
|
|||
|
|||
Trojan/Browsela/Looksky
I have a Trojan download in C:\windows\system32\browsela.dll, and can't
delete it. Same applies to w32.looksky.A@mm in local settings somewhere. How can I get rid of these things if my antivirusdoesn't? 
|
|
#2
01-05-2006, 05:42 AM
|
|||
|
|||
|
RE: Trojan/Browsela/Looksky
Try booting in safe mode/command prompt. The file shouldn't be open then.
"benjammin" wrote: > I have a Trojan download in C:\windows\system32\browsela.dll, and can't > delete it. > > Same applies to w32.looksky.A@mm in local settings somewhere. > > How can I get rid of these things if my antivirusdoesn't?
|
|
#3
01-05-2006, 05:42 AM
|
|||
|
|||
|
Re: Trojan/Browsela/Looksky
From: "benjammin" <benjammin@discussions.microsoft.com>
| I have a Trojan download in C:\windows\system32\browsela.dll, and can't | delete it. | | Same applies to w32.looksky.A@mm in local settings somewhere. | | How can I get rid of these things if my antivirusdoesn't? There are anti virus News Groups specifically for this type of discussion. microsoft.public.security.virus alt.comp.virus alt.comp.anti-virus Download MULTI_AV.EXE from the URL -- http://www.ik-cs.com/programs/virtools/Multi_AV.exe To use this utility, perform the following... Execute; Multi_AV.exe { Note: You must use the default folder C:\AV-CLS } Choose; Unzip Choose; Close Execute; C:\AV-CLS\StartMenu.BAT { or Double-click on 'Start Menu' in C:\AV-CLS } NOTE: You may have to disable your software FireWall or allow WGET.EXE to go through your FireWall to allow it to download the needed AV vendor related files. C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in C:\AV-CLS} This will bring up the initial menu of choices and should be executed in Normal Mode. This way all the components can be downloaded from each AV vendor's web site. The choices are; Sophos, Trend, McAfee, Kaspersky, Exit this menu and Reboot the PC. You can choose to go to each menu item and just download the needed files or you can download the files and perform a scan in Normal Mode. Once you have downloaded the files needed for each scanner you want to use, you should reboot the PC into Safe Mode [F8 key during boot] and re-run the menu again and choose which scanner you want to run in Safe Mode. It is suggested to run the scanners in both Safe Mode and Normal Mode. When the menu is displayed hitting 'H' or 'h' will bring up a more comprehensive PDF help file. http://www.ik-cs.com/multi-av.htm * * * Please report back your results * * * -- Dave http://www.claymania.com/removal-trojan-adware.html http://www.ik-cs.com/got-a-virus.htm
|
|
#4
01-05-2006, 05:42 AM
|
|||
|
|||
|
Re: Trojan/Browsela/Looksky
benjammin wrote:
> I have a Trojan download in C:\windows\system32\browsela.dll, and > can't delete it. > > Same applies to w32.looksky.A@mm in local settings somewhere. > > How can I get rid of these things if my antivirusdoesn't? Since you didn't mention what av you are using, run either Sysclean or Dave Lipman's Multi-AV: http://www.elephantboycomputers.com/...icros_Sysclean http://www.ik-cs.com/multi-av.htm - how to use Dave Lipman's Multi-AV http://www.ik-cs.com/programs/virtools/Multi_AV.exe - Multi-AV download Continue with general malware removal - http://www.elephantboycomputers.com/...moving_Malware Malke -- Elephant Boy Computers www.elephantboycomputers.com "Don't Panic!" MS-MVP Windows - Shell/User
|
|
#5
01-05-2006, 05:42 AM
|
|||
|
|||
|
RE: Trojan/Browsela/Looksky
I tried using your method - in command prompt, i typed sfc.exe, then tried
scannow, but it said 'error code is 0x000006ba (The RPC server is unavailable) and same sort of thing with other scans - what does this mean? "Eric" wrote: > Try booting in safe mode/command prompt. The file shouldn't be open then. > > "benjammin" wrote: > > > I have a Trojan download in C:\windows\system32\browsela.dll, and can't > > delete it. > > > > Same applies to w32.looksky.A@mm in local settings somewhere. > > > > How can I get rid of these things if my antivirusdoesn't?
|
|
#6
01-05-2006, 05:42 AM
|
|||
|
|||
|
RE: Trojan/Browsela/Looksky
Command prompt is different from Safe Mode with command prompt
The sollution: http://free.hit.bg/fightmalware/homepage_en.htm Panda_man -- Prevention is always better than cure ! Panda TruPrevent - the most intelligent technology to combat unknown malware http://www.pandasoftware.com http://free.hit.bg/fightmalware/homepage_en.htm "benjammin" wrote: > I tried using your method - in command prompt, i typed sfc.exe, then tried > scannow, but it said 'error code is 0x000006ba (The RPC server is > unavailable) and same sort of thing with other scans - what does this mean? > > "Eric" wrote: > > > Try booting in safe mode/command prompt. The file shouldn't be open then. > > > > "benjammin" wrote: > > > > > I have a Trojan download in C:\windows\system32\browsela.dll, and can't > > > delete it. > > > > > > Same applies to w32.looksky.A@mm in local settings somewhere. > > > > > > How can I get rid of these things if my antivirusdoesn't?
|
|
#7
01-05-2006, 05:42 AM
|
|||
|
|||
|
Re: Trojan/Browsela/Looksky
These are helpful, but no spyware removal things will remove this, I need
something different - what does Dave Lipman's thing actually do? Preferably, I'd just like to run the sfc/scannow, so does anyone know why it might not work? "Malke" wrote: > benjammin wrote: > > > I have a Trojan download in C:\windows\system32\browsela.dll, and > > can't delete it. > > > > Same applies to w32.looksky.A@mm in local settings somewhere. > > > > How can I get rid of these things if my antivirusdoesn't? > > Since you didn't mention what av you are using, run either Sysclean or > Dave Lipman's Multi-AV: > > http://www.elephantboycomputers.com/...icros_Sysclean > http://www.ik-cs.com/multi-av.htm - how to use Dave Lipman's Multi-AV > http://www.ik-cs.com/programs/virtools/Multi_AV.exe - Multi-AV download > > Continue with general malware removal - > http://www.elephantboycomputers.com/...moving_Malware > > Malke > -- > Elephant Boy Computers > www.elephantboycomputers.com > "Don't Panic!" > MS-MVP Windows - Shell/User >
|
|
#8
01-05-2006, 05:42 AM
|
|||
|
|||
|
Re: Trojan/Browsela/Looksky
In article <78BB6B18-91E8-4C2C-B843-BC8832C34378@microsoft.com>,
benjammin@discussions.microsoft.com says... > what does Dave Lipman's thing actually do? David's product works wonders using the manual scan engines from several different vendors, and it has several fixes he's created to resolve problems caused by malware that are not fixed by virus removal. You really need to follow this directions exactly, and if you do, it will leave you with a clean machine. -- spam999free@rrohio.com remove 999 in order to email me
|
|
#9
01-05-2006, 05:43 AM
|
|||
|
|||
|
Re: Trojan/Browsela/Looksky
On Tue, 03 Jan 2006 11:18:58 GMT, Leythos <void@nowhere.lan> wrote:
>benjammin@discussions.microsoft.com says... >> what does Dave Lipman's thing actually do? >David's product works wonders using the manual scan engines from several >different vendors, and it has several fixes he's created to resolve >problems caused by malware that are not fixed by virus removal. >You really need to follow this directions exactly, and if you do, it >will leave you with a clean machine. I've downloaded it and read the HTML, but haven't used it yet - I'm interested in seeing if it can be adapted to more formal use. As it is, AFAIK it starts by downloading stuff (updates etc.) from within normal (infected) Windows, then is to be used from Safe Mode, etc. As Safe Mode doesn't suppress all explicit integrations and will be likely to run intrafile code infectors, I'd really prefer to work "from orbit", e.g. from Bart CDR boot. At the least, I'd like to get updates etc. and prepare the scanners from a clean PC, and then run them from Safe Mode on the infected PC, preferably from read-only storage such as locked USB stick or CDRW. Also, remember to re-apply any HOSTS-mediated static protection, such as Spyware Blaster or certain off-the-peg antimalware HOSTS files, as Dave's procedure appears to leave the existing HOSTS deactivated. I'm working on a scanning wizard for Bart PE CDR boot that will run a sequence of 5 av scanners with a minimum of stop/go interaction, so I was interested in how Dave's worked. >------------ ----- ---- --- -- - - - - The most accurate diagnostic instrument in medicine is the Retrospectoscope >------------ ----- ---- --- -- - - - -
|
|
#10
01-05-2006, 05:43 AM
|
|||
|
|||
|
Re: Trojan/Browsela/Looksky
From: "benjammin" <benjammin@discussions.microsoft.com>
| These are helpful, but no spyware removal things will remove this, I need | something different - what does Dave Lipman's thing actually do? Preferably, | I'd just like to run the sfc/scannow, so does anyone know why it might not | work? | SFC is the System File Checker and is NOT a program for dealing with malware. It is a tool for dealing with OS corruption where a specific EXE or DLL file was accidentdetally replaced with an older version file. For example, you install WinXP SP2 and you installed a new printer but did not slipstream the installation files and a SP1 DLL replaced a SP2 DLL file. The SFC can replace the faulty DLL with a SP2 DLL from a cache. The tool that I suggested spaecifically seeks out Trojans, Viruses and other forms of malware and removes them. I suggest you use my tool and start with the McAfee module. -- Dave http://www.claymania.com/removal-trojan-adware.html http://www.ik-cs.com/got-a-virus.htm
|
 |
| Thread Tools | Search this Thread |
| Display Modes | |
|
Linear Mode
