Anybody got a fix for BackDoor.Generic3.LRT?
Anybody got a fix for BackDoor.Generic3.LRT?
Lisa Simpson wrote:
> Anybody got a fix for BackDoor.Generic3.LRT?
Lisa,
SUPERAntiSpyware should detect and remove that - if we don't, please
submit us the samples to samples AT superantispyware.com and we will
promptly update our definitions.
Nick Skrepetos
SUPERAntiSpyware.com
http://www.superantispyware.com
It definitely does not remove it! Not sure how I would submit samples to
you?
"Nick Skrepetos" <nskrepetos@yahoo.com> wrote in message
news:1162010784.790729.321020@f16g2000cwb.googlegr oups.com...
>
> Lisa Simpson wrote:
> > Anybody got a fix for BackDoor.Generic3.LRT?
>
> Lisa,
>
> SUPERAntiSpyware should detect and remove that - if we don't, please
> submit us the samples to samples AT superantispyware.com and we will
> promptly update our definitions.
>
> Nick Skrepetos
> SUPERAntiSpyware.com
> http://www.superantispyware.com
>
From: "Lisa Simpson" <none@none.com>
| It definitely does not remove it! Not sure how I would submit samples to
| you?
|
Place the infected files in a password protected ZIP file with the password being; infected
{ password = infected }
Use the following Email URL to send the ZIP file...
mailto:samples@superantispyware.com?subject=Suspec t%20Files
--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm
Reporting results so far: finally identified as BKDR_HAXDOOR.JG
- Ewido was useless for this particular nasty
- AVG similarly useless
- SuperAntiSpyware similarly useless
- Avast similarly useless
- Since it was stopping me from getting online I could not do any online
scans, so they are useless in these cases
- TrendMicro is worse than useless since it requires you to "Activate" via
the web (see above)
What seems to have worked was to:
- delete (caution! heavily abbreviated regkeys here!)
HKLM>SW>MS>NT>CV>Winlogon>Notify>yvbb01
- delete (caution! heavily abbreviated regkeys here!)
HKLM>SYS>CurrentControlSet>Control>SafeBoot>Minima l>yvbb02.sys
- delete (caution! heavily abbreviated regkeys here!)
HKLM>SYS>CurrentControlSet>Control>SafeBoot>Networ k>yvbb02.sys
then:
search for lps.dat & kgctini.dat & delete
"David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message
news:c%H0h.2346$Wy6.1815@trnddc01...
> From: "Lisa Simpson" <none@none.com>
>
> | It definitely does not remove it! Not sure how I would submit samples
to
> | you?
> |
>
> Place the infected files in a password protected ZIP file with the
password being; infected
> { password = infected }
>
> Use the following Email URL to send the ZIP file...
>
> mailto:samples@superantispyware.com?subject=Suspec t%20Files
>
> --
> Dave
> http://www.claymania.com/removal-trojan-adware.html
> http://www.ik-cs.com/got-a-virus.htm
>
>
From: "Lisa Simpson" <none@none.com>
< snip >
|
| What seems to have worked was to:
|
< snip >
Because you Multi-Posted this instead of Cross-Posting this, you will have to see my OTHER
reply.
--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
Reply With Quote