Help -- Virus Fix -- download.trojan??!!

[Guest]

Archived from groups: alt.sys.pc-clone.dell (More info?)

Could use some advice. This morning booted up and got message that
file "c:\windows\system32\refe744f.dll" was infected with
download.trojan. I quarantined that file with Norton Anti-Virus.

Norton also found three other files infected (also in \system32\),
which were quarantined:
ba949344.dll
ie758e49.dll
li508e47.dll

But when I boot up now, get error message, "Error Loading", apparently
something is looking for refe744f.dll and ie748e49.dll.

Questions:
1. Are these files Windows systems files [refe744f.dll and
ie748e49.dll], are they needed, and should they be replaced? [Can do
that I suppose off DELL CD.)

2. Is there still a bad boy on the system looking for infected files?


3. If I think the infection was sometime yesterday, could I use
System Restore, and go back a week and perhaps undo all the problems?

Thx.

JB

 

[Guest]

Archived from groups: alt.sys.pc-clone.dell (More info?)

"Boad" <jboad@hotmail.xxx> wrote in message
news:40b736b6.3136281@news.bellatlantic.net...
> Could use some advice. This morning booted up and got message that
> file "c:\windows\system32\refe744f.dll" was infected with
> download.trojan. I quarantined that file with Norton Anti-Virus.
>
> Norton also found three other files infected (also in \system32\),
> which were quarantined:
> ba949344.dll
> ie758e49.dll
> li508e47.dll
>
> But when I boot up now, get error message, "Error Loading", apparently
> something is looking for refe744f.dll and ie748e49.dll.
>
> Questions:
> 1. Are these files Windows systems files [refe744f.dll and
> ie748e49.dll], are they needed, and should they be replaced? [Can do
> that I suppose off DELL CD.)
>
> 2. Is there still a bad boy on the system looking for infected files?
>
>
> 3. If I think the infection was sometime yesterday, could I use
> System Restore, and go back a week and perhaps undo all the problems?
>
> Thx.
>
> JB

1. None of these files are windows files. Suspect they all are
from the Trojan. Delete them
2. Probably there's a *run* entry calling the file.
Check with msconfig and disable it or remove
it with regedit.
3. Yes you could roll back if you can't do 2.

 

[Guest]

Archived from groups: alt.sys.pc-clone.dell (More info?)

jboad@hotmail.xxx (Boad) wrote:

>Could use some advice. This morning booted up and got message that
>file "c:\windows\system32\refe744f.dll" was infected with
>download.trojan. I quarantined that file with Norton Anti-Virus.
>
>Norton also found three other files infected (also in \system32\),
>which were quarantined:
>ba949344.dll
>ie758e49.dll
>li508e47.dll
>
>But when I boot up now, get error message, "Error Loading", apparently
>something is looking for refe744f.dll and ie748e49.dll.
>
>Questions:
>1. Are these files Windows systems files [refe744f.dll and
>ie748e49.dll], are they needed, and should they be replaced? [Can do
>that I suppose off DELL CD.)
>
>2. Is there still a bad boy on the system looking for infected files?
>
>
>3. If I think the infection was sometime yesterday, could I use
>System Restore, and go back a week and perhaps undo all the problems?

See:

http://www.sarc.com/avcenter/venc/auto/index/indexD.html, for the
"D" list of viruses listed at the Symantec Antivirus Research
center, where you will find links to info on:
Download.trojan
Download.trojan.B
Download.trojan.PSK

The info on these three includes "how to remove" instructions.
Often SARC provides a program that will do a removal for you,
although it didn't for these three. Even though you've done some
of the clean-up, at least one of those Download.trojans did put
something into the registry that has to be deleted. That may be
the source of that "Error Loading" message.

Whether or not you are a NAV user, SARC can be a good resource
for info on viruses/trojans/worms/etc., what they do and how to
remove them.
--
OJ III
[Email sent to Yahoo address is burned before reading.
Lower and crunch the sig and you'll net me at comcast.]

 

[Guest]

Archived from groups: alt.sys.pc-clone.dell (More info?)

Pen, you are a smart guy. Yes, checked with regedit, there are run
instructions for refe744f and ie758e49 in registry!! Get rid of those
and assume the "Error Loading" messages will vanish.

Would like to delete/disable these instructions (as well as always
annoying realsched) ... but not informed on using regedit. Do I just
delete lines from registry -- are changes automatically saved (don't
see any save function in regedit)? Do I need to do backup? Or is
there a better tool to do registry changes?

Thanks.

JB


On Fri, 28 May 2004 10:01:37 -0400, "Pen" <pen34us_nospam@hotmail.com>
wrote:

>"Boad" <jboad@hotmail.xxx> wrote in message
>news:40b736b6.3136281@news.bellatlantic.net...
>> Could use some advice. This morning booted up and got message that
>> file "c:\windows\system32\refe744f.dll" was infected with
>> download.trojan. I quarantined that file with Norton Anti-Virus.
>>
>> Norton also found three other files infected (also in \system32\),
>> which were quarantined:
>> ba949344.dll
>> ie758e49.dll
>> li508e47.dll
>>
>> But when I boot up now, get error message, "Error Loading", apparently
>> something is looking for refe744f.dll and ie748e49.dll.
>>
>> Questions:
>> 1. Are these files Windows systems files [refe744f.dll and
>> ie748e49.dll], are they needed, and should they be replaced? [Can do
>> that I suppose off DELL CD.)
>>
>> 2. Is there still a bad boy on the system looking for infected files?
>>
>>
>> 3. If I think the infection was sometime yesterday, could I use
>> System Restore, and go back a week and perhaps undo all the problems?
>>
>> Thx.
>>
>> JB
>
>1. None of these files are windows files. Suspect they all are
> from the Trojan. Delete them
>2. Probably there's a *run* entry calling the file.
> Check with msconfig and disable it or remove
> it with regedit.
>3. Yes you could roll back if you can't do 2.
>

 

[Guest]

Archived from groups: alt.sys.pc-clone.dell (More info?)

Regedit saves automatically, so the best thing is to set a
restore point just before you do anything. then you right
click the item and select delete.
You could also run msconfig first, under startup item just
uncheck the 2 lines. then test the system and if all is well
then do the regedit.

"Boad" <jboad@hotmail.xxx> wrote in message
news:40b7688e.1448578@news.bellatlantic.net...
> Pen, you are a smart guy. Yes, checked with regedit, there are run
> instructions for refe744f and ie758e49 in registry!! Get rid of those
> and assume the "Error Loading" messages will vanish.
>
> Would like to delete/disable these instructions (as well as always
> annoying realsched) ... but not informed on using regedit. Do I just
> delete lines from registry -- are changes automatically saved (don't
> see any save function in regedit)? Do I need to do backup? Or is
> there a better tool to do registry changes?
>
> Thanks.
>
> JB
>
>
> On Fri, 28 May 2004 10:01:37 -0400, "Pen" <pen34us_nospam@hotmail.com>
> wrote:
>
> >"Boad" <jboad@hotmail.xxx> wrote in message
> >news:40b736b6.3136281@news.bellatlantic.net...
> >> Could use some advice. This morning booted up and got message that
> >> file "c:\windows\system32\refe744f.dll" was infected with
> >> download.trojan. I quarantined that file with Norton Anti-Virus.
> >>
> >> Norton also found three other files infected (also in \system32\),
> >> which were quarantined:
> >> ba949344.dll
> >> ie758e49.dll
> >> li508e47.dll
> >>
> >> But when I boot up now, get error message, "Error Loading",
apparently
> >> something is looking for refe744f.dll and ie748e49.dll.
> >>
> >> Questions:
> >> 1. Are these files Windows systems files [refe744f.dll and
> >> ie748e49.dll], are they needed, and should they be replaced? [Can
do
> >> that I suppose off DELL CD.)
> >>
> >> 2. Is there still a bad boy on the system looking for infected
files?
> >>
> >>
> >> 3. If I think the infection was sometime yesterday, could I use
> >> System Restore, and go back a week and perhaps undo all the
problems?
> >>
> >> Thx.
> >>
> >> JB
> >
> >1. None of these files are windows files. Suspect they all are
> > from the Trojan. Delete them
> >2. Probably there's a *run* entry calling the file.
> > Check with msconfig and disable it or remove
> > it with regedit.
> >3. Yes you could roll back if you can't do 2.
> >
>