How To Delete This Virus And Restore The Homepage

Dear Sir

Opening miniclip website for online games bought problems for me. I did not have any antivirus installed then but I downloaded the free Avira Antivir Personal Edition when I suspected that my PC is infected. This suspicion arose as my yahoomail homepage is replaced with http://quicknews.info/ and when this file automatically loads then Antivir Detection says that a virus or unwanted program was found with details as follows - "C:\Documents and Settings\...\temp[1].htm Contains signature of the Java ****** virus JS/Dldr.Tantar". I delete the file but this prompts the web page to be directed to "http://72.232.123.170/~windy/auct_photo/temp/" site automatically.

I repeatedly deleted the file but everytime I open the web browser the whole process starts again. I am a novice. I have also tried with BD online scanner but it doesn't work. Can you please guide me in removing the virus and restoring the homepage to yahoomail. looking forward for a prompt reply.

thank you

Find more posts tagged with

Comments

Dear Sir?madam

Here is the scan report of BD online scanner. it says that the computer is still infected. hope this helps you giving me better advise for my above query. thanq

Scanned File

Status

C:\autorun.inf

Infected with: Trojan.Autorun.EU

C:\autorun.inf

Disinfection failed

C:\autorun.inf

Deleted

C:\WINDOWS\autorun.inf

Infected with: Trojan.Autorun.EU

C:\WINDOWS\autorun.inf

Disinfection failed

C:\WINDOWS\autorun.inf

Deleted

\autorun.inf

Infected with: Trojan.Autorun.EU

\autorun.inf

Disinfection failed

\autorun.inf

Deleted

E:\autorun.inf

Infected with: Trojan.Autorun.EU

E:\autorun.inf

Disinfection failed

E:\autorun.inf

Deleted

E:\FOUND.000\FILE0000.CHK

Infected with: Trojan.Autorun.EU

E:\FOUND.000\FILE0000.CHK

Disinfection failed

E:\FOUND.000\FILE0000.CHK

Deleted

F:\autorun.inf

Infected with: Trojan.Autorun.EU

F:\autorun.inf

Disinfection failed

F:\autorun.inf

Deleted

F:\FOUND.000\FILE0000.CHK

Infected with: Trojan.Autorun.EU

F:\FOUND.000\FILE0000.CHK

Disinfection failed

F:\FOUND.000\FILE0000.CHK

Deleted

F:\Wallpapers\screen saver\Matrix inside.exe=>wise0014

Infected with: Dropped:Trojan.Dloader.HK

F:\Wallpapers\screen saver\Matrix inside.exe=>wise0014

Disinfection failed

F:\Wallpapers\screen saver\Matrix inside.exe=>wise0014

Deleted

F:\Wallpapers\screen saver\Matrix inside.exe

Update failed

F:\Wallpapers\screen saver\Matrix inside.exe=>wise0015

Infected with: Dropped:Application.Adware.NewDotNet.A

F:\Wallpapers\screen saver\Matrix inside.exe=>wise0015

Disinfection failed

F:\Wallpapers\screen saver\Matrix inside.exe=>wise0015

Deleted

F:\Wallpapers\screen saver\Matrix inside.exe

Update failed

After you delete the ******, open registry editor, by going to Start -> Run. Type in regedit, then hit enter. Then, in the left panel, browse to the following location, by double-clicking on the nodes:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main.

Then, to the right, there are different values, Seek the value called "Start page" and double-click it. Enter then "http://mail.yahoo.com" or whatever your want. Repeat this process with the following registry location:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main.

Andrei

Dear Andrei

Thanks for your reply. But am not able to open registry editor as when i click START, i cannot find RUN icon. Click on START shows icons like all programs/control panel/connect to, but no RUN icon.

I want to clarify if this change in registry editor helps only in restoring the homepage or does it also help in removing the virus JS/Dldr.Tantar which pops up repeatedly. If not, can u also let me know how to get rid of this virus.

Thank you

Hello vckk

You can also get to run when pressing on win+r (pressing the windows button together with the r key). After that you can follow Andrei's suggestions. The registry edit will only change your home page.

Where did the online scanner found vckk? The best thing is that you download the free version

Update it start BitDefender go to antivirus,scanning and choose deep scan. When the scan is completed copy the scan report and post it here.

Regards

Niels

Hi Neils

thanks for your reply. i deep scanned with bit defender and here is the result. You can see that it found 2 viruses but could not disinfect or move it. What can I do to get rid of them. thank you.

//-----------------------------------------------------------------

//

// Product BitDefender Free Edition v10

// Product 10.2

//

// Created on: 01/01/2003 00:43:53

//

//-----------------------------------------------------------------

Virus Statistics

Scan path : C:\

\

E:\

F:\

Folders : 8473

Files : 330011

Memory processes scanned : 41

Archives : 21339

Runtime packers : 20332

Identified viruses : 2

Infected files : 2

Memory processes infected : 0

Suspect files : 0

Warnings : 0

Disinfected files : 0

Deleted files : 0

Moved files : 0

I/O errors : 27

Scan time : 01:30:11

Scan speed (files/sec) : 60

Spyware Statistics

Registry keys scanned : 1670

Registry keys infected : 0

Cookies scanned : 302

Cookies infected : 0

Spyware files infected : 0

Spyware threats detected : 0

Virus definitions : 817256

Scan plugins : 16

Archive plugins : 41

Unpack plugins : 6

Mail plugins : 6

System plugins : 5

Virus scan options

Detection

[X] Scan boot sectors

[X] Memory Processes

[X] Scan archives

[X] Scan runtime packers

[X] Scan email

File mask

[ ] Programs

[X] All files

[ ] User defined extensions:

[ ] Exclude extensions: ;

Action

Infected objects

[ ] Ignore

[X] Disinfect

[ ] Delete

[ ] Move to quarantine

[ ] Prompt user

Second action

[ ] Ignore

[ ] Delete

[X] Move to quarantine

[ ] Prompt user

Virus scan options

[X] Enable warnings

[X] Enable heuristics

[ ] Show all files in log

[X] Report file: C:\Documents and Settings\All Users.WINDOWS\Application Data\Bitdefender\Desktop\Profiles\Logs\deep_scan\1041362033.log

Spyware scan options

[X] Scan for riskware

[ ] Skip dial and applications from scan

[X] Registry keys

[X] Cookies

Summary:

F:\Wallpapers\screen saver\Matrix inside.exe=>wise0014 Infected: Dropped:Trojan.Dloader.HK

F:\Wallpapers\screen saver\Matrix inside.exe=>wise0014 Disinfection failed

F:\Wallpapers\screen saver\Matrix inside.exe=>wise0014 Move failed

F:\Wallpapers\screen saver\Matrix inside.exe=>wise0015 Infected: Dropped:Application.Adware.NewDotNet.A

F:\Wallpapers\screen saver\Matrix inside.exe=>wise0015 Disinfection failed

F:\Wallpapers\screen saver\Matrix inside.exe=>wise0015 Move failed

Hello vckk

All what you have to do is delete Matrix inside.exe. BitDefender can't just move the infections and rebuild it.

Regards

Niels

Hi Neils and Andrei

ya, bit defender deleted the files when i changed the settings from disinfect to delete. But can you please answer me the 2 following issues -

Issue 1. I don't think the virus is dleted although the report says it is deleted, because if i run the deep scan again the same virus comes up in the report (as shown below) and it says that it is deleted again. but i feel the virus is still there and it will show up again in the next scan.

F:\Wallpapers\screen saver\Matrix inside.exe=>wise0011 OK

F:\Wallpapers\screen saver\Matrix inside.exe=>wise0012 OK

F:\Wallpapers\screen saver\Matrix inside.exe=>wise0013 OK

F:\Wallpapers\screen saver\Matrix inside.exe=>wise0014 Infected: Dropped:Trojan.Dloader.HK

F:\Wallpapers\screen saver\Matrix inside.exe=>wise0014 Deleted

F:\Wallpapers\screen saver\Matrix inside.exe Archive repacking has failed (marked actions not taken)

F:\Wallpapers\screen saver\Matrix inside.exe=>wise0015 Infected: Dropped:Application.Adware.NewDotNet.A

F:\Wallpapers\screen saver\Matrix inside.exe=>wise0015 Deleted

F:\Wallpapers\screen saver\Matrix inside.exe Archive repacking has failed (marked actions not taken)

F:\Wallpapers\screen saver\Matrix inside.exe=>wise0016 OK

F:\Wallpapers\screen saver\Matrix inside.exe=>wise0017 OK

Issue 2. the home page that has changed to somethin else is restored to msn because i clicked the "reset web settings" in internet options\programs. But i am not able to change the homepage through internet options\general. Is this an indication of virus still being there.

thanks a lot for your help and enlightening me about these issues.

Hello vckk

That is because BitDefender denied access. Sorry I forgot to say that.

You can choose how that you wanted to remove the installer:

You can use unlocker. Install it rightclick on the installer choose unlocker,select delete,and press on unlock all.

Temporary disable the realtime protection: rightclick on the red icon near the system clock go to antivirus and disable realtime protection. After you deleted the installer do the same for re enabling.

Reboot your pc into safe mode. To do that reboot your pc but press several times on the F8 button before the windows loadingscreen choose safe mode press enter. Log in with your account and delete the installer.

Try this for your second problem go into your registry: for instructions see Andrei's post. Expand HKEY_CURRENT_USER and the following folders and subfolders,software,policies,microsoft,internet explorer,control panel at the right side you will find an entry that is called HomePage rightclick on it choose modify,and enter this 00 00 00 00. Go also to [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] - DWORD "NoSetHomePage"=dword:00000001

[HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Restrictions] - DWORD "NoSetHomePage"=dword:00000001

Both entries must have value 0

Exit the registry editor and reboot your pc.

Regards

Niels

Hi niels

1. I tried to open wallpaper folder with unlocker but it says there is no handle to unlock. This means that BD is not denied access as it is not locked but could not delete it. Now, the question is how to delete this virus.

2. I am not able to run the BD in safe mode. infact, I could not open any folder, not even connect to internet.

3. Does the free version of the BD provide only on-demand scan or it even offer real time protection. if so, i have problem switching off the real time protection.

thanks for guidance

Hello vckk

It's normal that you can't establish an internet connection in safe mode. But it isn't normal that you can't open folders. Take a look here If that fails.Try logging in with the administrator account instead of your user account.

The free edition doesn't have realtime protection.

Best regards

Niels

Quick Links

All Categories
Recent Posts
Activity
Best Of