How To Delete This Virus And Restore The Homepage

vckky
vckky
in Malware talk

Dear Sir


Opening miniclip website for online games bought problems for me. I did not have any antivirus installed then but I downloaded the free Avira Antivir Personal Edition when I suspected that my PC is infected. This suspicion arose as my yahoomail homepage is replaced with http://quicknews.info/ and when this file automatically loads then Antivir Detection says that a virus or unwanted program was found with details as follows - "C:\Documents and Settings\...\temp[1].htm Contains signature of the Java ****** virus JS/Dldr.Tantar". I delete the file but this prompts the web page to be directed to "http://72.232.123.170/~windy/auct_photo/temp/" site automatically.


I repeatedly deleted the file but everytime I open the web browser the whole process starts again. I am a novice. I have also tried with BD online scanner but it doesn't work. Can you please guide me in removing the virus and restoring the homepage to yahoomail. looking forward for a prompt reply.


thank you

Comments

  • vckky
    vckky

    Dear Sir?madam


    Here is the scan report of BD online scanner. it says that the computer is still infected. hope this helps you giving me better advise for my above query. thanq


    Scanned File


    Status


    C:\autorun.inf


    Infected with: Trojan.Autorun.EU


    C:\autorun.inf


    Disinfection failed


    C:\autorun.inf


    Deleted


    C:\WINDOWS\autorun.inf


    Infected with: Trojan.Autorun.EU


    C:\WINDOWS\autorun.inf


    Disinfection failed


    C:\WINDOWS\autorun.inf


    Deleted


    D:\autorun.inf


    Infected with: Trojan.Autorun.EU


    D:\autorun.inf


    Disinfection failed


    D:\autorun.inf


    Deleted


    E:\autorun.inf


    Infected with: Trojan.Autorun.EU


    E:\autorun.inf


    Disinfection failed


    E:\autorun.inf


    Deleted


    E:\FOUND.000\FILE0000.CHK


    Infected with: Trojan.Autorun.EU


    E:\FOUND.000\FILE0000.CHK


    Disinfection failed


    E:\FOUND.000\FILE0000.CHK


    Deleted


    F:\autorun.inf


    Infected with: Trojan.Autorun.EU


    F:\autorun.inf


    Disinfection failed


    F:\autorun.inf


    Deleted


    F:\FOUND.000\FILE0000.CHK


    Infected with: Trojan.Autorun.EU


    F:\FOUND.000\FILE0000.CHK


    Disinfection failed


    F:\FOUND.000\FILE0000.CHK


    Deleted


    F:\Wallpapers\screen saver\Matrix inside.exe=>wise0014


    Infected with: Dropped:Trojan.Dloader.HK


    F:\Wallpapers\screen saver\Matrix inside.exe=>wise0014


    Disinfection failed


    F:\Wallpapers\screen saver\Matrix inside.exe=>wise0014


    Deleted


    F:\Wallpapers\screen saver\Matrix inside.exe


    Update failed


    F:\Wallpapers\screen saver\Matrix inside.exe=>wise0015


    Infected with: Dropped:Application.Adware.NewDotNet.A


    F:\Wallpapers\screen saver\Matrix inside.exe=>wise0015


    Disinfection failed


    F:\Wallpapers\screen saver\Matrix inside.exe=>wise0015


    Deleted


    F:\Wallpapers\screen saver\Matrix inside.exe


    Update failed

  • AndreiASM
    AndreiASM

    After you delete the ******, open registry editor, by going to Start -> Run. Type in regedit, then hit enter. Then, in the left panel, browse to the following location, by double-clicking on the nodes:


    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main.


    Then, to the right, there are different values, Seek the value called "Start page" and double-click it. Enter then "http://mail.yahoo.com" or whatever your want. Repeat this process with the following registry location:


    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main.


    Andrei

  • vckky
    vckky

    Dear Andrei


    Thanks for your reply. But am not able to open registry editor as when i click START, i cannot find RUN icon. Click on START shows icons like all programs/control panel/connect to, but no RUN icon.


    I want to clarify if this change in registry editor helps only in restoring the homepage or does it also help in removing the virus JS/Dldr.Tantar which pops up repeatedly. If not, can u also let me know how to get rid of this virus.


    Thank you

  • Niels
    Niels

    Hello vckk


    You can also get to run when pressing on win+r (pressing the windows button together with the r key). After that you can follow Andrei's suggestions. The registry edit will only change your home page.


    Where did the online scanner found vckk? The best thing is that you download the free version


    Update it start BitDefender go to antivirus,scanning and choose deep scan. When the scan is completed copy the scan report and post it here.


    Regards


    Niels

  • vckky
    vckky

    Hi Neils


    thanks for your reply. i deep scanned with bit defender and here is the result. You can see that it found 2 viruses but could not disinfect or move it. What can I do to get rid of them. thank you.


    //-----------------------------------------------------------------


    //


    // Product BitDefender Free Edition v10


    // Product 10.2


    //


    // Created on: 01/01/2003 00:43:53


    //


    //-----------------------------------------------------------------


    Virus Statistics


    Scan path : C:\


    D:\


    E:\


    F:\


    Folders : 8473


    Files : 330011


    Memory processes scanned : 41


    Archives : 21339


    Runtime packers : 20332


    Identified viruses : 2


    Infected files : 2


    Memory processes infected : 0


    Suspect files : 0


    Warnings : 0


    Disinfected files : 0


    Deleted files : 0


    Moved files : 0


    I/O errors : 27


    Scan time : 01:30:11


    Scan speed (files/sec) : 60


    Spyware Statistics


    Registry keys scanned : 1670


    Registry keys infected : 0


    Cookies scanned : 302


    Cookies infected : 0


    Spyware files infected : 0


    Spyware threats detected : 0


    Virus definitions : 817256


    Scan plugins : 16


    Archive plugins : 41


    Unpack plugins : 6


    Mail plugins : 6


    System plugins : 5


    Virus scan options


    Detection


    [X] Scan boot sectors


    [X] Memory Processes


    [X] Scan archives


    [X] Scan runtime packers


    [X] Scan email


    File mask


    [ ] Programs


    [X] All files


    [ ] User defined extensions:


    [ ] Exclude extensions: ;


    Action


    Infected objects


    [ ] Ignore


    [X] Disinfect


    [ ] Delete


    [ ] Move to quarantine


    [ ] Prompt user


    Second action


    [ ] Ignore


    [ ] Delete


    [X] Move to quarantine


    [ ] Prompt user


    Virus scan options


    [X] Enable warnings


    [X] Enable heuristics


    [ ] Show all files in log


    [X] Report file: C:\Documents and Settings\All Users.WINDOWS\Application Data\Bitdefender\Desktop\Profiles\Logs\deep_scan\1041362033.log


    Spyware scan options


    [X] Scan for riskware


    [ ] Skip dial and applications from scan


    [X] Registry keys


    [X] Cookies


    Summary:


    F:\Wallpapers\screen saver\Matrix inside.exe=>wise0014 Infected: Dropped:Trojan.Dloader.HK


    F:\Wallpapers\screen saver\Matrix inside.exe=>wise0014 Disinfection failed


    F:\Wallpapers\screen saver\Matrix inside.exe=>wise0014 Move failed


    F:\Wallpapers\screen saver\Matrix inside.exe=>wise0015 Infected: Dropped:Application.Adware.NewDotNet.A


    F:\Wallpapers\screen saver\Matrix inside.exe=>wise0015 Disinfection failed


    F:\Wallpapers\screen saver\Matrix inside.exe=>wise0015 Move failed

  • Niels
    Niels

    Hello vckk


    All what you have to do is delete Matrix inside.exe. BitDefender can't just move the infections and rebuild it.


    Regards


    Niels

  • vckky
    vckky

    Hi Neils and Andrei


    ya, bit defender deleted the files when i changed the settings from disinfect to delete. But can you please answer me the 2 following issues -


    Issue 1. I don't think the virus is dleted although the report says it is deleted, because if i run the deep scan again the same virus comes up in the report (as shown below) and it says that it is deleted again. but i feel the virus is still there and it will show up again in the next scan.


    F:\Wallpapers\screen saver\Matrix inside.exe=>wise0011 OK


    F:\Wallpapers\screen saver\Matrix inside.exe=>wise0012 OK


    F:\Wallpapers\screen saver\Matrix inside.exe=>wise0013 OK


    F:\Wallpapers\screen saver\Matrix inside.exe=>wise0014 Infected: Dropped:Trojan.Dloader.HK


    F:\Wallpapers\screen saver\Matrix inside.exe=>wise0014 Deleted


    F:\Wallpapers\screen saver\Matrix inside.exe Archive repacking has failed (marked actions not taken)


    F:\Wallpapers\screen saver\Matrix inside.exe=>wise0015 Infected: Dropped:Application.Adware.NewDotNet.A


    F:\Wallpapers\screen saver\Matrix inside.exe=>wise0015 Deleted


    F:\Wallpapers\screen saver\Matrix inside.exe Archive repacking has failed (marked actions not taken)


    F:\Wallpapers\screen saver\Matrix inside.exe=>wise0016 OK


    F:\Wallpapers\screen saver\Matrix inside.exe=>wise0017 OK


    Issue 2. the home page that has changed to somethin else is restored to msn because i clicked the "reset web settings" in internet options\programs. But i am not able to change the homepage through internet options\general. Is this an indication of virus still being there.


    thanks a lot for your help and enlightening me about these issues.

  • Niels
    Niels

    Hello vckk


    That is because BitDefender denied access. Sorry I forgot to say that.


    You can choose how that you wanted to remove the installer:


    You can use unlocker. Install it rightclick on the installer choose unlocker,select delete,and press on unlock all.


    Temporary disable the realtime protection: rightclick on the red icon near the system clock go to antivirus and disable realtime protection. After you deleted the installer do the same for re enabling.


    Reboot your pc into safe mode. To do that reboot your pc but press several times on the F8 button before the windows loadingscreen choose safe mode press enter. Log in with your account and delete the installer.


    Try this for your second problem go into your registry: for instructions see Andrei's post. Expand HKEY_CURRENT_USER and the following folders and subfolders,software,policies,microsoft,internet explorer,control panel at the right side you will find an entry that is called HomePage rightclick on it choose modify,and enter this 00 00 00 00. Go also to [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] - DWORD "NoSetHomePage"=dword:00000001


    [HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Restrictions] - DWORD "NoSetHomePage"=dword:00000001


    Both entries must have value 0


    Exit the registry editor and reboot your pc.


    Regards


    Niels

  • vckky
    vckky

    Hi niels


    1. I tried to open wallpaper folder with unlocker but it says there is no handle to unlock. This means that BD is not denied access as it is not locked but could not delete it. Now, the question is how to delete this virus.


    2. I am not able to run the BD in safe mode. infact, I could not open any folder, not even connect to internet.


    3. Does the free version of the BD provide only on-demand scan or it even offer real time protection. if so, i have problem switching off the real time protection.


    thanks for guidance

  • Niels
    Niels

    Hello vckk


    It's normal that you can't establish an internet connection in safe mode. But it isn't normal that you can't open folders. Take a look here If that fails.Try logging in with the administrator account instead of your user account.


    The free edition doesn't have realtime protection.


    Best regards


    Niels

All Time Leaders

Categories

Defenders of the month