CariDotMy

 Forgot password?
 Register

ADVERTISEMENT

12Next
Return to list New
View: 5099|Reply: 26

SubSeven trojan removal... help...

[Copy link]
Post time 13-2-2008 05:33 PM | Show all posts |Read mode
My PC constantly got attacked by SubSeven trojan (the "runtime error 216" messages). So far I used spyware removal but none succeed. I read the manual removal but do not know which version of the SubSeven.

Any suggestion? Is there any one shot removal software to remove this particular trojan?
Reply

Use magic Report


ADVERTISEMENT


Post time 13-2-2008 06:01 PM | Show all posts

Reply #1 alien7749's post

Removal -

The order to remove this trojan is complicated by the depth to which the trojan hooks the operating system.

One trick that AVERT has discovered is to rename the registry editing program from their original .EXE to a .COM extension (as in REGEDIT.COM). This will by pass the limitations created by removing the trojan prior to editing the registry. This will allow you to remove references of trojans and Internet worms.

To repair the registry via a registry script file, download this http://download.nai.com/products ... tand_alone/undo.reg, and open it.

<--- Manual Removal Instructions ---

1) Identify and note the files associated with this trojan as detected by the scanner.

2) Click START|RUN, type

COMMAND /C COPY %WINDIR%\REGEDIT.EXE %WINDIR%\REGEDIT.COM

and hit ENTER

3) Click START|RUN, type REGEDIT.COM and hit ENTER

4) Remove references to the trojan from these keys of the registry

HKCR\exefile\shell\open\command\

HKLM\Software\CLASSES\exefile\
shell\open\command

They should contain only the value not including brackets
[''%1'' %*].

5) If applicable, remove any keys that run the main trojan under

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\
CurrentVersion\RunServices\

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\
CurrentVersion\Run\

HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\
Installed Components\KeyName\

6) If applicable, delete the registry key if it exists

HKEY_CLASSES_ROOT\.dl

and exit Regedit

7) If applicable, edit WIN.INI and remove the reference to the trojan from the run= line in the [windows] section.

8) If applicable, edit SYSTEM.INI and remove the reference to the trojan from the shell= line in the [boot] section. It should just contain the file EXPLORER.EXE.

9) Restart the system.

10) Delete the trojan program(s). If all is well the files should be deleted OK. If you get an error message saying that windows is unable to delete the file because it is in use, then you have made an error in the above procedure. Repeat steps 1 to 9 and try again.
Reply

Use magic Report

Post time 13-2-2008 06:02 PM | Show all posts
spyware remover is to remove spyware.

trojan need to use trojan remover.

try ni :

1- http://www.download.com/Trojan-K ... 5237.html?tag=lst-4
2- http://www.download.com/CWShredd ... 4216.html?tag=lst-7
Reply

Use magic Report

 Author| Post time 14-2-2008 12:54 PM | Show all posts
ok, I run the trojan killer program but it cannot find the subseven. Yet, after reboot, the runtime error 216 message vanised. I suspect the thing goes to dormant mode.

I did try the manual removal, but from step 4 onward, i cannot find the respective files.
Reply

Use magic Report

Post time 14-2-2008 02:10 PM | Show all posts

Reply #4 alien7749's post

have u try scan in safe mode?
Reply

Use magic Report

 Author| Post time 14-2-2008 02:38 PM | Show all posts
did it.

detection gave the same result.
Reply

Use magic Report

Follow Us
Post time 14-2-2008 02:51 PM | Show all posts

sekadar pandangan orang kebanyakkan

popup tu dah hilang kan?
jadi rasanya seperti regisrty problem,

coz fail tu pun alien tak jumpa.
popup hilang

kira solved la kan? rite?
atau ada problem lain lagi?
Reply

Use magic Report

Post time 14-2-2008 03:51 PM | Show all posts
cek jugak kat startup, BHO, dan lelain autorun/autorun.inf dlm hddisk jika ada.
Reply

Use magic Report


ADVERTISEMENT


 Author| Post time 18-2-2008 10:09 AM | Show all posts
dari mana subseven ni datang? is there any tools to block it? sbb kalau kene, memang tensen giler. Ada sekali tu, semua *.exe fail tak leh bukak. kene format hardisk.
Reply

Use magic Report

Post time 18-2-2008 02:30 PM | Show all posts
apa error yang keluar bila jalankan fail .exe tu?
Reply

Use magic Report

 Author| Post time 19-2-2008 11:30 AM | Show all posts
takde error msg, cuma die tak run. nothing happen.
Reply

Use magic Report

Post time 20-2-2008 11:43 AM | Show all posts
ko guna antivirus apa ek, AVG aku leh detect banyak trojan...

Reply

Use magic Report

Post time 20-2-2008 11:52 AM | Show all posts

Reply #12 bzzts's post

haaa keygen apa tu
semalam buat pc customer ni guna AVG 8 beta
byk gak virus yang dia tangkap
tapi masih tak dapat menandingi AVIRA ku
Avg ni slow sikit la berbanding AVIRA kenapa ye?
meha ingat lepas ni nak bagi customer pakai avg je sebab update dia laju
Reply

Use magic Report

Post time 20-2-2008 12:01 PM | Show all posts

Reply #13 mehacomp_91's post

laju? takde kene mengene dgn detection virus/trojan.

kalu laju update, mmg la tu penting. avira manjang sangkut je. skrg ni je la stabil sikit kot.
tapi scara jujor nya, aku prefer AVG. avira aku kasi experimen kat pc opis ni, so far update dia asyik bukak advertising je suruh upgrade. tak malu tol.



p/s: keygen tu utk aku buat bisnes...
Reply

Use magic Report

Post time 20-2-2008 12:15 PM | Show all posts

Reply #14 bzzts's post

no maksud meha pc punya performance jadi slow sikit
masa nak start komp selalu camtu

pasal advertising tu no komen:re:

[ Last edited by  mehacomp_91 at 20-2-2008 12:17 PM ]
Reply

Use magic Report

Post time 20-2-2008 12:24 PM | Show all posts

Reply #15 mehacomp_91's post

maybe setting pc + startup pc meha lain kot.

bzzts punya pc okey je. masa boot, dia akan update.
dan paling penting, avg ni disablekan scan on startup kat automatic scheduler; buang daily scan.

Reply

Use magic Report


ADVERTISEMENT


Post time 20-2-2008 12:35 PM | Show all posts

Reply #16 bzzts's post

nanti insyallah meha try
Reply

Use magic Report

Post time 20-2-2008 12:38 PM | Show all posts

Reply #17 mehacomp_91's post

kalo tak, kena babap.
Reply

Use magic Report

Post time 20-2-2008 12:46 PM | Show all posts

Reply #18 bzzts's post

meha nak try kat pc customer

tanak buat kat pc sendiri
Reply

Use magic Report

Post time 20-2-2008 07:13 PM | Show all posts
beli baru aje meha oiiiii.. apa nak try kat pc customer plak.. :@ :@ :@
Reply

Use magic Report

12Next
Return to list New
You have to log in before you can reply Login | Register

Points Rules

 

ADVERTISEMENT



 

ADVERTISEMENT


 


ADVERTISEMENT
Follow Us

ADVERTISEMENT


Mobile|Archiver|Mobile*default|About Us|CariDotMy

18-12-2024 02:12 PM GMT+8 , Processed in 0.307723 second(s), 32 queries , Gzip On, Redis On.

Powered by Discuz! X3.4

Copyright © 2001-2021, Tencent Cloud.

Quick Reply To Top Return to the list