Actually, it was a look2me variant, only 3 scanners detected it..
 
I had to download some custom removal tool to remove it. it was a 400K Dll that
attached itself to just about every process, and it even ran in safemode., there was
actually around ~70 dlls that were on the machine.
 
I also downloaded a custom hosts file that will block access to many adware sites.
 
thanks for all for the site.
w.s
 
 
 
----- Original Message -----
Sent: Monday, July 25, 2005 4:42 PM
Subject: RE: [Declude.Virus] OT: Online file check?

While the site you are looking for is called www.virustotal.com, here are steps you will probably have to take:

 

Basically what you will end up doing is first finding what the registry key for it is, what is the actual executable name, restart the computer in safe mode, and delete or rename the registry key, delete the executable, and possibly  put restrictive permissions on the registry key and on the directory it creates and uses.

 

I have also had to use Administrators Pak by Winternals to go in and modify the registry and delete files before when even booting to safe mode did not work.

 

John T

eServices For You

 

-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of William Stillwell
Sent:
Monday, July 25, 2005 12:05 PM
To: [email protected]
Subject: [Declude.Virus] OT: Online file check?

 

At one time i saw a post about a site that you can upload and it will scan it with

the "popular" scanners and check it..

 

I have this evil little program that i can't remove from a users computer, and i have done

everything.. It keeps "Renaming" itself on termination..

 

It spawns under explorer, rundll32, svchost and just totally takes over, and once its connected

to an internet connection, downloads just about every peace of malware/spyware it can..

 

Thanks-

 

Reply via email to