[The Lamp]

Recently one of my friends computer got infected by "Rahul'sVirusprotection.Vbe" and I tried to remove it using the same trick as that on my PC a few days ago.


1) In Windows Explorer
Tools -- Folder Options --View
Show hidden files and folders ---checked this one
Hide prorected operation system file(Recommended) --Unchecked this one

2) Went To System Directoty ex: (C:\windows\ system32)
found this file "Rahul'sVirusprotection.vbe" and tried to delete this file,
but couldn't

Then

1)opened the TaskManager(press Ctrl+Alt+Del key) then in
process Tab found ths Process "wscript.exe" and Deleted the process

2) Then opened Registry Editor using "Regedit" and modified the following keys
HKEY_CURRENT_USER\ SOFTWARE\ MICROSOFT\ INTERNET EXPLORER\MAIN
[Window Title = ""] This string was absent I created it
[Start Page = "www.google.com"] I typed without inverted commas
HKEY_LOCAL_MACHINE\SOFTWARE\ MICROSOFT\Windows NT\ CurrentVersion
\Winlogon
[Userninit = "C:WINDOWS\system32\userinit.exe"] I typed without inverted commas

Then I went back to C:\windows\system32 and deleted the file "Rahul'sVirusprotection.vbe" and this time it got deleted.

I then rebooted the machine only to find login/logout loop as follows
The desktop wallpaper appears momentarily,
Then immediately i get the message "saving your personalised settings" and system logs me out into login screen
and this continues again and again.

I tried all options in the stratup options "safemode, safe mode cmd prompt, ....." but of no use.

The machine (HCL BuzzyBee, Pentium 4) runs on Win XP SP2, Version 5.1 Build 2600 the same as that of mine.

But few months ago the above trick worked fine on my system but here i have gone blank.

can anybody help??

[Advertisements]

Hi The Lamp,

Welcome to Geekstogo. My name is Salagubang and I'll be helping you with this problem.

I am still a trainee so all my posts will be checked by an Expert. It's your advantage that there are two people looking at your log but responses may be a little delayed so please be patient.

• Please read all of my response through at least once before attempting to follow the procedures described. I would recommend printing them out, if you can, as you can check off each step as you complete it. If there's anything you don't understand or isn't totally clear, please come back to me for clarification.
  
• Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply. You can do this in separate posts if it's easier for you
  
• English is not my first language, so please do not use slang or idioms, as this makes it difficult to understand for me.

On the clean computer.

• Download the attached Scan.txt and save it to your USB stick.
   scan.txt   405bytes   371 downloads
• Download OTLPENet.exe to your desktop
• Ensure that you have a blank CD in the drive
• Double click OTLPENet.exe and this will then open imgburn to burn the file to CD

On the infected computer.

• Reboot your system using the boot CD you just created.
  Note : If you do not know how to set your computer to boot from CD follow the steps here
• As the CD needs to detect your hardware and load the operating system, I would recommend a nice cup of tea whilst it loads
  
• Your system should now display a Reatogo desktop.
  Note : as you are running from CD it is not exactly speedy
• Double-click on the OTLPE icon.
• Select the Windows folder of the infected drive if it asks for a location
• When asked "Do you wish to load the remote registry", select Yes
• When asked "Do you wish to load remote user profile(s) for scanning", select Yes
• Ensure the box "Automatically Load All Remaining Users" is checked and press OK
• OTL should now start.
• Double click Custom scans and fixes box, a dialogue box will appear. Choose the scan.txt saved previously on your USB drive.
• Press Run Scan to start the scan.
• When finished, the file will be saved in drive C:\OTL.txt
• Copy this file to your USB drive if you do not have internet connection on this system.
• Right click the file and select send to : select the USB drive.
• Confirm that it has copied to the USB drive by selecting it
• You can backup any files that you wish from this OS
• Please post the contents of the C:\OTL.txt file in your reply.

[Salagubang]

Hi The Lamp,

Welcome to Geekstogo. My name is Salagubang and I'll be helping you with this problem.

I am still a trainee so all my posts will be checked by an Expert. It's your advantage that there are two people looking at your log but responses may be a little delayed so please be patient.

• Please read all of my response through at least once before attempting to follow the procedures described. I would recommend printing them out, if you can, as you can check off each step as you complete it. If there's anything you don't understand or isn't totally clear, please come back to me for clarification.
  
• Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply. You can do this in separate posts if it's easier for you
  
• English is not my first language, so please do not use slang or idioms, as this makes it difficult to understand for me.

On the clean computer.

• Download the attached Scan.txt and save it to your USB stick.
   scan.txt   405bytes   371 downloads
• Download OTLPENet.exe to your desktop
• Ensure that you have a blank CD in the drive
• Double click OTLPENet.exe and this will then open imgburn to burn the file to CD

On the infected computer.

• Reboot your system using the boot CD you just created.
  Note : If you do not know how to set your computer to boot from CD follow the steps here
• As the CD needs to detect your hardware and load the operating system, I would recommend a nice cup of tea whilst it loads
  
• Your system should now display a Reatogo desktop.
  Note : as you are running from CD it is not exactly speedy
• Double-click on the OTLPE icon.
• Select the Windows folder of the infected drive if it asks for a location
• When asked "Do you wish to load the remote registry", select Yes
• When asked "Do you wish to load remote user profile(s) for scanning", select Yes
• Ensure the box "Automatically Load All Remaining Users" is checked and press OK
• OTL should now start.
• Double click Custom scans and fixes box, a dialogue box will appear. Choose the scan.txt saved previously on your USB drive.
• Press Run Scan to start the scan.
• When finished, the file will be saved in drive C:\OTL.txt
• Copy this file to your USB drive if you do not have internet connection on this system.
• Right click the file and select send to : select the USB drive.
• Confirm that it has copied to the USB drive by selecting it
• You can backup any files that you wish from this OS
• Please post the contents of the C:\OTL.txt file in your reply.

[Essexboy]

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.