Please help with Backdoor.trojan
Posted 19 July 2004 - 09:42 PM
Posted 19 July 2004 - 10:06 PM
Note - when the original owner here is cured, this thread will be closed.
Posted 19 July 2004 - 10:22 PM
I do not fully understand how you enter the commands you are refering to. Can you help?
Posted 19 July 2004 - 11:12 PM
Iíve been struggling with this about:blank problem unsuccessfully for the past three weeks. Yesterday, my updated Norton Antivirus 2003, as you have described, finally flagged this problem as a ďBackdoor TrojanĒ - over and over and over again. Although it identified the culprit file (in my case, wina.dll), it could not locate the file when I proceeded to run a system scan. I could not see the file either.
Following is how I eliminated the file and so far (keeping my fingers crossed) is how I expunged about:blank from my system.
First, Iím running Windows 2000. Second, everything that follows is taken from other membersí contributions. What follows is reasonably accurate and I havenít hosed my system but it might be best if one of the Site Experts helps you through this.
In short, I went to the registry and killed the key that launches the culprit, wina.dll, then I changed security permissions for system32 files to uncover/control the file, wina.dll, renamed the file and deleted it. Then I used HijackThis to clean a few more random BHOís and also CWShredder to clean out some more junk. Of course, I use SpyBot and Ad-aware regularly in addition to Surf Secret.
It appears that the AppInit_DLLs registry key launches the 57,344 B, wina.dll.
Go to HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs. I removed this key by first renaming the Windows folder to Windows2 and then deleted AppInit_DLLs. If you donít rename it, it will continue to reappear (Try deleting the key before renaming it, press F5, and you will see AppInit_DLLs return.). After I deleted AppInit_DLLs, I renamed the Windows2 folder back to Windows.
Now to delete wina.dll, I went to Start-Settings-Control Panel-Administrative Tools-Local Security Policy-Security Settings-Local Policies-Security Options and changed the Recovery Console options (2) to enable from disable. I then went to my system32 folder and changed the file permissions to allow Full Control for Administrators to Modify, Read & Execute, List Folder Contents, Read and Write. I removed all controls from file Creator Owner. I then rebooted in Safe Mode and the file, wina.dll, appeared under system32. I had to first rename the file to wina.junk and then I deleted it and emptied the Recycle Bin.
I then used AboutBuster and HijackThis to clean up remaining remnants of this very annoying problem; also used CWShredder.
About:Blank has now been totally gone for the past two days. Good luck and thanks to the many contributors to this fantastic site.
Posted 19 July 2004 - 11:44 PM
PLEASE DON'T PM ME OR EMAIL ME WITH HELP ON LOGS . POST IN THE FORUM INSTEAD
Posted 19 July 2004 - 11:52 PM
If you need this topic reopened, please request this by sending the moderating team an email with the address of the thread. This applies only to the original topic starter. Everyone else please begin a New Topic.
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users