|
HEX EDITOR
ok... so, on my brothers computer I went to a site, and i got a virus, actually a trojan.... it took me about a week to realize that the reason why I couldn't get rid of the virus... is because it has attached itself to a WINDOWS file... and I do not have access to them... even on the administrator user... sooo... how can I get rid of the virus, my friend told me to get a HEX EDITOR, and I did.... but I don't know how to use one??? it had a lot of blocks... and I can enter numbers... and a symbol will come up on the other side...??? I have no clue wat to do, if anyone has any other simpler way of getting rif of this PLEASE help me...if it helps its C:\WINDOWS\comdlg64.dll is the file that is infected
[ ]
Want to answer more questions in the Technology category?
Maybe give some free advice about: Computers?
Well, you know this type of virus that you are describing is probably a Troajn.vundo or a Trojan.Hachillem or a Sonar.Heuristic.120 or a spyware.Go to the site below and follow the instructions below too.
[Link](Mouse over link to see full location)
now :
1) Download the antivirus software by clicking "Download free trial" box.
2) when it's downloaded just install
3) When installed open it and press "Live Update" then press the "Live Update" box.
4) When completed, close the antivirus software and reopen it again.
5) Press the "SCAN" box
6) Then press NORTON POWER ERASER (NPE)
7) Install it if it is required
8)run norton power eraser
9) Press the "SCAN FOR RISKS" BOX
10) wait untill scan is finished.
11) Then (the program might requires for a restart ) if not just press "FIX NOW" and then restart your computer.If it needs restarting before that , you should restart your computer and wait until the NORTON POWER ERASER pop-up
.Then press "fix now " and restart your computer.
]
That's part of a trojan. You'll have to delete it. It will be very difficult. Here's how to get rid of the dll only, though it's very likely the problem will still persist, as this is part of the BraveSentry trojan.
-restart the computer
-after it beeps on startup, hold F8
-at the menu, select safe mode with command line
-log into administrator
-at the prompt type
del /f C:windowscomdlg64.dll
-if it gave you an error, type these lines, seperatly, one after the other
cd C:windows
regsvr32 /u comdlg64.dll
rename comdlg64.dll comdlg64.old
del comdlg64.old
Here's how to remove the entire trojan
-be in safe mode w/ command line
-type and press enter to each line of the following list
cd C:windows
regsvr32 /u bravesentry0.dll
regsvr32 /u bravesentry1.dll
regsvr32 /u bravesentry2.dll
regsvr32 /u bravesentry3.dll
regsvr32 /u comdlg64.dll
regsvr32 /u msupdate32.dll
regsvr32 /u tio[X1].dll
regsvr32 /u winbixnkq32.dll
regsvr32 /u zlbw.dll
-Go into regular safe mode(not just command line) for the rest of this
-go to start, then run, then type regedit and click ok
-doubleclick HKEY_CURRENT_USER then software then rightclick bravesentry and select delete
-remove these entries the same as above:
HKEY_CURRENT_USERsoftwarebravesentryscan
HKEY_CURRENT_USERsoftwarebravesentrysystemsecurity
HKEY_CURRENT_USERsoftwarebravesentryupdates
HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionrunbravesentry
HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionuninstallbravesentry
BraveSentry
--------------
-go to start>search
-search for the following files. Try to delete exact matches. Some are actual programs you shouldn't delete, if it's in C:windowssomething don't delete it unless you know it's a bad file.
bravesentry.exe
vxgamet[X2].exe
vxh8jkdq[X2].exe
win32.exe
xpupdate.exe
bravesentry0.dll
bravesentry1.dll
bravesentry2.dll
bravesentry3.dll
comdlg64.dll
msupdate32.dll
tio[X1].dll
winbixnkq32.dll
zlbw.dll
alg.exe
kerneles8.exe
maxd64.exe
services.exe
taskdir.exe
voi[X1].exe
vxgame[X2].exe
desktop.html
Explorer 2238
dxvwabxj.exe
BraveSentry
BraveSentry.lnk
]
Hi there,
First thing first: Don't take any more tech advice from your friend. ;-)
I would tell you how to just remove that one file, but I am afraid it would trigger a destructive payload hidden in another file on your system.
Without knowing which trojan you have, I cannot point you to specific removal instructions for that exact one.
Common ones that use that file are:
Wupd
BraveSentry
AlfaCleaner
Looksky-BX
... among others.
These usually seem to piggyback on bogus anti-spyware programs. They will not actually remove it unless you pay to register their program. :-(
Have you have already run the common free tools for cleaning your system?
The free on-line scanner from TrendMicro, is always a good place to start:
[Link](Mouse over link to see full location)
... Then you should download SpyBot Search and Destroy:
[Link](Mouse over link to see full location)
... and it can't hurt to have LavaSoft's AdAware SE personal edition(free):
[Link](Mouse over link to see full location)
... if you have run ALL of those and are not free of this virus, trojan or spyware beasty... try the following:
Now, if you don't know the name of the trojan, have a look at this search and see if anything jogs your memory:
... if you do know the name, try this:
... As you can see, your friend telling you to get a hex editor, has absolutely nothing to do with fixing your problem. No more tech advice from that one. ;-)
Let me know in feedback how you make out, and what trojan it turned out to be.
DN.
]
More Questions: |