Backdoor OptixPro 12 
Author Message
 Backdoor OptixPro 12

Is anyone having any success in removing the Backdoor Optixpro 12 virus?  I
looked at the removal instructions but the regedit entry that I'm supposed
to have doesn't exist.
I do know that the file, "winampw.exe" is my infected file and that in
regedit, the open command for .exe files has been altered to point to
winampw.exe.
I tried changing the value to kernel32.exe but it disappeared.
Help!


Wed, 06 Jul 2005 05:49:26 GMT  
 Backdoor OptixPro 12
So this virus is quite the little {*filter*}.  Is how it works is it hooks
itself to the registry key for executable files, so that every time you
run a program it gets called first.  If you just delete the infected
file without correcting the registry key, you wont be able to run any
executable files.  In order to correctly remove this virus and have
every thing work you should follow these steps.

First, run a virus scanning program (Norton Antivirus 2002) and
determine which files are infected.  Write them down, DO NOT REMOVE YET!
 Second, run RegEdit and search for the infected files, note which
registry keys are affected.  Third, search Microsoft.com and find out
what the infected registry keys should be.  Fourth, correct the infected
registry keys, run virus scan again and this time REMOVE the infected
files.

In my case the infected file was c:\windows\winampw.exe.  It had
changed the
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command
registry key to a value of winampw.exe "%1" %*, when it should have
been just "%1" %*.  I corrected the registry key, quarantined, and
then removed the virus.

So far all is well and working and there is no trace of the virus.  If
you would like to review the sources for this information they can be
found at the following web pages:
http://www.*-*-*.com/
ml, http://www.*-*-*.com/ ,
http://www.*-*-*.com/ %3ben-us%3b310585.

--
Posted via http://www.*-*-*.com/ the faster web2news on the web



Thu, 07 Jul 2005 04:56:16 GMT  
 
 [ 2 post ] 

 Relevant Pages 

1. How to remove Backdoor.OptixPro.12

2. backdoor.optixpro.12

3. #(#feet 1/12) give me (#feet 1 $/ 12)

4. US-NY-NYC - Smalltalk technical lead - 12 + 12 month contract

5. What's difference between {Helvetica -12 bold} and {Helvetica 12 bold}?

6. JOBS: 12 Smalltalkers needed in Virginia / DC area

7. Beginner's J question #12 - locales

8. USENIX Very High Level Languages Symp.- PRE-REG DEADLINE 10/12

9. DOLPH-BeginGuide/Chap 7-12

10. Intermediate Smalltalk Developers 2 Positions- Contract 12-24 months - West Toronto

11. 2nd Phase - junior and Intermediate Smalltalk Developers 3 Positions- Contract 12-24 months - West Toronto

12. JOB -- DC Contract 6 - 12 months

 

 
Powered by phpBB® Forum Software