|
| | | | anyone know what this GUID belongs to? I have several undeletable registry
keys associated with this GUID. On McAfee they associated this with either a
rootkit or a trojan. So, does anyone know anything about this? Microsoft has
a few non informative posts in the MSDN forums. Does anyone have a clue on
this?
Thanks!
|
| |
| | | | | Post in reply to: Post in reply to: FrigginMook
This is a multi-part message in MIME format.
------=_NextPart_000_0093_01C8ABDD.E0733D70
Content-Type: text/plain;
charset="utf-8"
Content-Transfer-Encoding: quoted-printable
That looks like one of these, at the least:
http://vil.nai.com/vil/content/v_137387.htm
=
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=3DTROJ_DE=
LF.DS&VSect=3DT
=
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=3DBKDR%5F=
UPROOTKIT%2EA&VSect=3DT
So yeah, I'd take your machine offline until this sorted out. =3D\
--=20
Speaking for myself only.
See http://zachd.com/pss/pss.html for some helpful WMP info.
This posting is provided "AS IS" with no warranties, and confers no =
rights.
--
registry=20
either a=20
Microsoft has=20
clue on=20
------=_NextPart_000_0093_01C8ABDD.E0733D70
Content-Type: text/html;
charset="utf-8"
Content-Transfer-Encoding: quoted-printable
=EF=BB=BF
That looks like one of these, at =
the=20
least:
href=3D"http://vil.nai.com/vil/content/v_137387.htm">
size=3D2>http://vil.nai.com/vil/content/v_137387.htm
href=3D"http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=3D=
TROJ_DELF.DS&VSect=3DT">
face=3DArial=20
size=3D2>http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=3D=
TROJ_DELF.DS&VSect=3DT
href=3D"http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=3D=
BKDR%5FUPROOTKIT%2EA&VSect=3DT">
face=3DArial=20
size=3D2>http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=3D=
BKDR%5FUPROOTKIT%2EA&VSect=3DT
So yeah, I'd take your machine offline =
until this=20
sorted out. =3D\
--
Speaking for myself =
only.
See=20
size=3D2>http://zachd.com/pss/pss.html
size=3D2> for some=20
helpful WMP info.
This posting is provided "AS IS" with no =
warranties, and=20
confers no rights.
--
"FrigginMook" <
href=3D"mailto:FrigginMook@discussions.microsoft.com">
size=3D2>FrigginMook@discussions.microsoft.com
face=3DArial=20
size=3D2>> wrote in message
face=3DArial=20
A>
face=3DArial size=3D2>... > =
anyone know what=20
this GUID belongs to? I have several undeletable registry
> keys=20
associated with this GUID. On McAfee they associated this with either a =
>=20
rootkit or a trojan. So, does anyone know anything about this? Microsoft =
has=20
> a few non informative posts in the MSDN forums. Does anyone =
have a clue=20
on
> this?
>
> Thanks!
------=_NextPart_000_0093_01C8ABDD.E0733D70--
|
| |
| | | | |
Hi FrigginMook
The following link has information on removing :
'Backdoor.CVM - Symantec.com'
(http://www.symantec.com/security_response/writeup.jsp?docid=2006-042011-2239-99&tabid=2)
I would also do a online virus scan.
Hope it helps you
--
scraggy
|
| |
| |
|