View: 5099|Reply: 26
|
SubSeven trojan removal... help...
[Copy link]
|
|
My PC constantly got attacked by SubSeven trojan (the "runtime error 216" messages). So far I used spyware removal but none succeed. I read the manual removal but do not know which version of the SubSeven.
Any suggestion? Is there any one shot removal software to remove this particular trojan? |
|
|
|
|
|
|
|
Reply #1 alien7749's post
Removal -
The order to remove this trojan is complicated by the depth to which the trojan hooks the operating system.
One trick that AVERT has discovered is to rename the registry editing program from their original .EXE to a .COM extension (as in REGEDIT.COM). This will by pass the limitations created by removing the trojan prior to editing the registry. This will allow you to remove references of trojans and Internet worms.
To repair the registry via a registry script file, download this http://download.nai.com/products ... tand_alone/undo.reg, and open it.
<--- Manual Removal Instructions ---
1) Identify and note the files associated with this trojan as detected by the scanner.
2) Click START|RUN, type
COMMAND /C COPY %WINDIR%\REGEDIT.EXE %WINDIR%\REGEDIT.COM
and hit ENTER
3) Click START|RUN, type REGEDIT.COM and hit ENTER
4) Remove references to the trojan from these keys of the registry
HKCR\exefile\shell\open\command\
HKLM\Software\CLASSES\exefile\
shell\open\command
They should contain only the value not including brackets
[''%1'' %*].
5) If applicable, remove any keys that run the main trojan under
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\
CurrentVersion\RunServices\
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\
CurrentVersion\Run\
HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\
Installed Components\KeyName\
6) If applicable, delete the registry key if it exists
HKEY_CLASSES_ROOT\.dl
and exit Regedit
7) If applicable, edit WIN.INI and remove the reference to the trojan from the run= line in the [windows] section.
8) If applicable, edit SYSTEM.INI and remove the reference to the trojan from the shell= line in the [boot] section. It should just contain the file EXPLORER.EXE.
9) Restart the system.
10) Delete the trojan program(s). If all is well the files should be deleted OK. If you get an error message saying that windows is unable to delete the file because it is in use, then you have made an error in the above procedure. Repeat steps 1 to 9 and try again. |
|
|
|
|
|
|
|
ok, I run the trojan killer program but it cannot find the subseven. Yet, after reboot, the runtime error 216 message vanised. I suspect the thing goes to dormant mode.
I did try the manual removal, but from step 4 onward, i cannot find the respective files. |
|
|
|
|
|
|
|
Reply #4 alien7749's post
have u try scan in safe mode? |
|
|
|
|
|
|
|
did it.
detection gave the same result. |
|
|
|
|
|
|
|
sekadar pandangan orang kebanyakkan
popup tu dah hilang kan?
jadi rasanya seperti regisrty problem,
coz fail tu pun alien tak jumpa.
popup hilang
kira solved la kan? rite?
atau ada problem lain lagi? |
|
|
|
|
|
|
|
cek jugak kat startup, BHO, dan lelain autorun/autorun.inf dlm hddisk jika ada. |
|
|
|
|
|
|
|
dari mana subseven ni datang? is there any tools to block it? sbb kalau kene, memang tensen giler. Ada sekali tu, semua *.exe fail tak leh bukak. kene format hardisk. |
|
|
|
|
|
|
|
apa error yang keluar bila jalankan fail .exe tu? |
|
|
|
|
|
|
|
takde error msg, cuma die tak run. nothing happen. |
|
|
|
|
|
|
|
ko guna antivirus apa ek, AVG aku leh detect banyak trojan...
|
|
|
|
|
|
|
|
Reply #13 mehacomp_91's post
laju? takde kene mengene dgn detection virus/trojan.
kalu laju update, mmg la tu penting. avira manjang sangkut je. skrg ni je la stabil sikit kot.
tapi scara jujor nya, aku prefer AVG. avira aku kasi experimen kat pc opis ni, so far update dia asyik bukak advertising je suruh upgrade. tak malu tol.
p/s: keygen tu utk aku buat bisnes... |
|
|
|
|
|
|
|
Reply #14 bzzts's post
no maksud meha pc punya performance jadi slow sikit
masa nak start komp selalu camtu
pasal advertising tu no komen:re:
[ Last edited by mehacomp_91 at 20-2-2008 12:17 PM ] |
|
|
|
|
|
|
|
Reply #15 mehacomp_91's post
maybe setting pc + startup pc meha lain kot.
bzzts punya pc okey je. masa boot, dia akan update.
dan paling penting, avg ni disablekan scan on startup kat automatic scheduler; buang daily scan.
|
|
|
|
|
|
|
|
Reply #16 bzzts's post
nanti insyallah meha try |
|
|
|
|
|
|
|
Reply #17 mehacomp_91's post
kalo tak, kena babap. |
|
|
|
|
|
|
|
Reply #18 bzzts's post
meha nak try kat pc customer
tanak buat kat pc sendiri |
|
|
|
|
|
|
|
beli baru aje meha oiiiii.. apa nak try kat pc customer plak.. :@ :@ :@ |
|
|
|
|
|
|
| |
|