Author: Rhian D. Block
rhian@vazoom.com
who the heck am I ? I am a Senior Level IT Consultant with 2 cats!
NOTE: THIS ARTICLE IS STILL IN A DRAFT STATE AND I AM STILL FINISHING IT UP! Don't YELL about my Grammar!
=======
In my July 24th blog entry I listed the methods to remove the Trojan virus which would insert itself into the APPInit_DLLs registry key.
The method of renaming the Windows folder to a new name temporarily in order to remove the bad entry worked fine for the workstation that originally inspired me to write the article. Today however I came across another machine which was infected with the Download.Trojan and was not basically fixed until I performed other steps.
To start, I renamed the 'Windows' folder to 'Windows2' and then deleted the entire APPInit_DLLs entry on the right side of the regedit screen. I refreshed the screen by use of the F5 key and to my suprise this Trojan had created a new entire 'Windows' registry Key!! So now I had a 'Windows' and 'Windows2' key listed in my registry! Doh!
Finally after working on the issue for over 45 minutes. In the Windows\System32 resided the .dll which was being called during every program opening. Attempting to delete this file proved to be impossible as the command line spit back that Access is Denied.
Hmmmm so now what. Well this worked for me.
1. Reboot the computer into Safe Mode with Command Prompt
2. Go to the Windows\System32 folder
3. Type ren fileshowninregistrykey.dll deleteme.dll
4. Reboot the computer back into safe mode with networking. Open regedit and navigate to the path described in the July 24th article. Remove the entire APPInit_DLLs key line. If possible download or run an updated copy of Adaware or Spybot to get the system clean afterwards.
5. Reboot back into normal mode
6. Eventually Norton or Symantec will pop up telling you that is has quarantined the deleteme.dll file.
7. Open up the quarantine and delete its contents.
Your machine should now be saved and the Symantec dialog box should no longer pop up whenever you click to open a program.
A bit more to come but that is the big part of it.