Klone Virus...need help [DreamInCode.net]

Virus Removal help

Page 1 of 1

13 Replies - 15584 Views - Last Post: 11 January 2006 - 05:09 AM

#1 Israel  Icon User is offline

  • D.I.C Addict
  • member icon

Reputation: 7
  • View blog
  • Posts: 818
  • Joined: 22-November 04

Klone Virus...need help [DreamInCode.net]

Posted 18 December 2005 - 04:06 AM

I've been trying to get rid of a virus I found on the computers here at work. Apparently while I was off someone flooded these things with trojans and the klone virus. AVG, Norton, Hijack This, and Adaware clean-up the trojans good. Unfortunately nothing seems to really get rid of the klone virus. I googled around for it too but came up empty handed. Oh, and I can't use Trend Micros Housecall because I can't get online after removing the trojans. Is anyone fimilar with how to get rid of this?

Is This A Good Question/Topic? 0
  • +

Replies To: Klone Virus...need help [DreamInCode.net]

#2 Amadeus  Icon User is offline

  • g+ + -o drink whiskey.cpp
  • member icon

Reputation: 248
  • View blog
  • Posts: 13,506
  • Joined: 12-July 02

Re: Klone Virus...need help [DreamInCode.net]

Posted 18 December 2005 - 08:09 AM

Have you tried deleting the files manually?
Was This Post Helpful? 0
  • +
  • -

#3 Israel  Icon User is offline

  • D.I.C Addict
  • member icon

Reputation: 7
  • View blog
  • Posts: 818
  • Joined: 22-November 04

Re: Klone Virus...need help [DreamInCode.net]

Posted 18 December 2005 - 09:18 AM

You mean through the command line? Or just the file without using the anti-virus?
Was This Post Helpful? 0
  • +
  • -

#4 Israel  Icon User is offline

  • D.I.C Addict
  • member icon

Reputation: 7
  • View blog
  • Posts: 818
  • Joined: 22-November 04

Re: Klone Virus...need help [DreamInCode.net]

Posted 18 December 2005 - 08:04 PM

I don't know about all that. Stopping the process won't necessarialy get rid of a virus. And I know sometimes you need to be out of safe mode for some types of trojans and such so the anti-virus can see it in its entirity. I also saw on google that people were complaining avg didn't get rid of the clone virus. Which I already tried anyway...
Was This Post Helpful? 0
  • +
  • -

#5 Lee Allers  Icon User is offline

  • D.I.C Regular

Reputation: 0
  • View blog
  • Posts: 492
  • Joined: 06-November 01

Re: Klone Virus...need help [DreamInCode.net]

Posted 18 December 2005 - 10:25 PM

There is a program called bazooka I think, you should try that out and see if it gets you anywhere
Was This Post Helpful? 0
  • +
  • -

#6 Israel  Icon User is offline

  • D.I.C Addict
  • member icon

Reputation: 7
  • View blog
  • Posts: 818
  • Joined: 22-November 04

Re: Klone Virus...need help [DreamInCode.net]

Posted 18 December 2005 - 11:05 PM

Got it!
Was This Post Helpful? 0
  • +
  • -

#7 Nova Dragoon  Icon User is offline

  • The Innocent Shall Suffer, Big Time
  • member icon

Reputation: 36
  • View blog
  • Posts: 6,169
  • Joined: 16-August 01

Re: Klone Virus...need help [DreamInCode.net]

Posted 18 December 2005 - 11:13 PM

What did you do to get the virus?

So that others searching will know
Was This Post Helpful? 0
  • +
  • -

#8 Israel  Icon User is offline

  • D.I.C Addict
  • member icon

Reputation: 7
  • View blog
  • Posts: 818
  • Joined: 22-November 04

Re: Klone Virus...need help [DreamInCode.net]

Posted 19 December 2005 - 01:36 AM

Well, honestly I'm not sure cause my boss worked on it while I was asleep (this happened to a computer at work) but he got rid of most of the infected files which allowed us to get back on the internet. From there I ran the free housecall scan from Trend Micro. This got the rest of it. Seems like Trend Micro and PC Pitstop have the most up-to-date definitions lately. These links go to free online scans. But if the virus won't let you online, they won't help you much...

This post has been edited by Israel: 19 December 2005 - 01:39 AM

Was This Post Helpful? 0
  • +
  • -

#9 Monty  Icon User is offline

  • New D.I.C Head

Reputation: 0
  • View blog
  • Posts: 1
  • Joined: 21-December 05

Re: Klone Virus...need help [DreamInCode.net]

Posted 21 December 2005 - 03:16 AM

Well I've just spend an evening removing the Klone virus from mine and my girlfriends PC - seems it came from the Kaaza installation program :angry:

So the steps I took...

first I looked in the system32 folder for any exe's that were dated with that days date... klone if a self replicating trojan so it makes files

I deleted them - any that wouldn't delete were running as a process so I stopped that process in Task Manager

I did the same in the windows folder.

I checked and deleted and suspicious entries in the "run" and "runonce" registry keys

Finally to stop the virus coming back I noticed a strange entry in the registry

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\shell

which should only have a value "explorer.exe" had another program attached - so I put the value back to "explorer.exe"

rebooted - ran avg - everything was repaired

Hope this helps
Was This Post Helpful? 0
  • +
  • -

#10 spydir  Icon User is offline

  • New D.I.C Head

Reputation: 0
  • View blog
  • Posts: 4
  • Joined: 10-November 05

Re: Klone Virus...need help [DreamInCode.net]

Posted 21 December 2005 - 04:16 AM

Next time use Kaspersky the best AV you can find.!! :)
Was This Post Helpful? 0
  • +
  • -

#11 spydir  Icon User is offline

  • New D.I.C Head

Reputation: 0
  • View blog
  • Posts: 4
  • Joined: 10-November 05

Re: Klone Virus...need help [DreamInCode.net]

Posted 21 December 2005 - 12:30 PM

I would say Zone Alarm Pro.!! :)
Was This Post Helpful? 0
  • +
  • -

#12 dorknexus  Icon User is offline

  • or something bad...real bad.
  • member icon

Reputation: 1255
  • View blog
  • Posts: 4,618
  • Joined: 02-May 04

Re: Klone Virus...need help [DreamInCode.net]

Posted 10 January 2006 - 06:33 AM

Moved to software forum.
Was This Post Helpful? 0
  • +
  • -

#13 Thorian  Icon User is offline

  • Pirate Medic
  • member icon

Reputation: 22
  • View blog
  • Posts: 5,904
  • Joined: 06-June 02

Re: Klone Virus...need help [DreamInCode.net]

Posted 10 January 2006 - 09:34 AM

Monty, on 21 Dec, 2005 - 05:13 AM, said:

Well I've just spend an evening removing the Klone virus from mine and my girlfriends PC - seems it came from the Kaaza installation program :angry:

So the steps I took...

first I looked in the system32 folder for any exe's that were dated with that days date... klone if a self replicating trojan so it makes files

I deleted them - any that wouldn't delete were running as a process so I stopped that process in Task Manager

I did the same in the windows folder.

I checked and deleted and suspicious entries in the "run" and "runonce" registry keys

Finally to stop the virus coming back I noticed a strange entry in the registry

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\shell

which should only have a value "explorer.exe" had another program attached - so I put the value back to "explorer.exe"

rebooted - ran avg - everything was repaired

Hope this helps

Hey Thanks monty. that is some good info.
Was This Post Helpful? 0
  • +
  • -

#14 Israel  Icon User is offline

  • D.I.C Addict
  • member icon

Reputation: 7
  • View blog
  • Posts: 818
  • Joined: 22-November 04

Re: Klone Virus...need help [DreamInCode.net]

Posted 11 January 2006 - 05:09 AM

Better run Hijackthis too! The klone virus left some browser hijackers on my box that the AV didn't pick up.
Was This Post Helpful? 0
  • +
  • -

Page 1 of 1