re: trojan and joke programs Sunday, February 8, 2004 at 11:43 am Windows Me Annoyances Discussion Forum Posted by CWS (1 messages posted) Does this also apply to XP? I have the JOKR RUSS.A on my computer and want to remove! On Monday, January 5, 2004 at 12:35 pm, worm wrote: >Hi Jeff, > >Your AVG or Norton doesn't report this as a Trojan or virus because it isn't either. >What you've got there is a particularly nasty adware downloader that is capable of >respawning itself and creating new registry keys as it goes along. > >After purging the System Restore repository as Jack Gulley suggests and running Housecall >AV again, you need to do some checking to ensure "Checkin.b" hasn't left anything >behind. These are the steps to take. >1. Physically disconnect your computer from the Internet. This is vital because >as soon as you delete a file that belongs to this program, it will try to connect >to the server and download itself again. >2. Hit CTRL+ALT+DEL and look for these tasks: >owmngr >ttps >If you find them, end task on both. >3. Go to Start > Run > type Regedit and click OK. Navigate to this key, delete >the value owmngr in the right hand window and then reboot the computer immediately. > >HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run > >4. Open regedit again and navigate to the same key and delete sysreg in the >right hand window. >Once again, reboot immediately. >5. Go to this key and delete owmngr and reboot immediately. > >HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce > >6. Run regedit again and go to the same key and delete sysreg and reboot immediately. > >7. Double click My Computer > click "Tools" > choose "Folder Options" from the menu. >8. Checkmark the little circle where it says "Show Hidden Files & Folders". >9. Remove the checkmark where it says "Hide file extensions for known file types". >Click Apply/OK. >10. Go to Start > Search > Files & Folders > type "owmngr.exe" and delete that file. >Then do a search for "ttps.exe" and delete that too. >11. Do a search for "SBSRCH_V22.DLL" and delete that as well. >12. Do a search for "WINFGNET.DAT" and delete that as well. >13. Finally, empty the Recycle Bin. > >Even if Housecall AV tells you your system has been cleaned, I would err on the side >of caution if I were you and check the Registry for the above mentioned keys and >values just in case. > > > > > > > Written in response to: re: trojan and joke programs (worm: Monday, January 5, 2004 at 12:35 pm) There are presently no replies to this message. All messages in this thread [show all] trojan and joke programs (Jeff: Mon, Jan 5, 2004, 8:00 am) re: trojan and joke programs (Steve: Mon, Jan 5, 2004, 8:35 am) re: trojan and joke programs (Jack Gulley: Mon, Jan 5, 2004, 11:04 am) re: trojan and joke programs (worm: Mon, Jan 5, 2004, 12:35 pm) re: trojan and joke programs (CWS: Sun, Feb 8, 2004, 11:43 am) Reply or follow-up to this message Search this forum Start a new thread on a different subject Report abuse of the forum Return to the Windows Me Discussion Forum