Trojan worm... computer reboots itself

Skidmark · 04-17-2007, 10:25 AM

My parents computer has a Trojan worm (zhelatin) in it. Once you turn it on it will go to the windows welcome screen and reboot itself.

I was able to get into windows through safe mode, turn off system restore so it doesn't spread, and do a scan with AVG. It found the worm and deleted it, but the problem stays.

I restored back to a known good spot and it still will reboot itself.

Any ideas? I'm stuck on this one...

Thanks, Brien

lowthreeohz · 04-17-2007, 10:34 AM

"zhelatin + removal" in google will find you an answer.

Hunt4m3x · 04-17-2007, 12:35 PM

http://www.f-secure.com/v-descs/emai...latin_cq.shtml

Skidmark · 04-17-2007, 09:02 PM

I still can't get it off!

Tx Redneck · 04-17-2007, 09:16 PM

http://usa.kaspersky.com/trials/tria...pter=146481750

If this won't get rid of nothing will.

[email protected] · 04-17-2007, 09:17 PM

Try turning off the RPC protocol. Restart in safe mode, right click on "my computer", go to "manage", click "services and applications", click "services", scroll down to "Remote Procedure Call". Highlight it with a single left click, then do a single right click, you should see a menu drop down, go to properites and click on the "Recovery" tab. You will see three drop down boxes, make sure they are set at "take no action". If they are not then set them and click "OK". Do that for both RPC features (they are on top of each other in the system menu). That should fix the rebooting until you can complete the removal.

I am assuming this is an XP system?

Eric

Skidmark · 04-17-2007, 09:21 PM

Quote:

Originally Posted by Tx Redneck

http://usa.kaspersky.com/trials/tria...pter=146481750

If this won't get rid of nothing will.

I just got the program installed and scanning... so far 28 files of zhelatin.

Quote:

Originally Posted by [email protected]

Try turning off the RPC protocol. Restart in safe mode, right click on "my computer", go to "manage", click "services and applications", click "services", scroll down to "Remote Procedure Call". Highlight it with a single left click, then do a single right click, you should see a menu drop down, go to properites and click on the "Recovery" tab. You will see three drop down boxes, make sure they are set at "take no action". If they are not then set them and click "OK". Do that for both RPC features (they are on top of each other in the system menu). That should fix the rebooting until you can complete the removal.

I am assuming this is an XP system?

Eric

Yes this is home XP... I will try that next if this program will not solve the issue

[email protected] · 04-18-2007, 12:34 AM

That program should work. I would diable the auto restart in the RCP anyways, just in case you get something in the future. The auto restart is a very common bug.

Eric

Tx Redneck · 04-18-2007, 08:32 PM

Did that fix it?

Skidmark · 04-19-2007, 07:39 AM

I put their HD in my PC and scanned it with Kapersky. It found and deleted the worm...

I also set the RPC to do not take action and it is still rebooting itself.

[email protected] · 04-19-2007, 09:18 AM

You set both RPC's to take no action on all three menu's? You might just have to back up what you can and do a format and reinstall.

Eric

Skidmark · 04-19-2007, 09:21 AM

Quote:

Originally Posted by [email protected]

You set both RPC's to take no action on all three menu's? You might just have to back up what you can and do a format and reinstall.

Eric

I think that's gonna be my best bet... thanks for the help guys

mikeb · 04-19-2007, 02:22 PM

If you can get it on the net in safe mode (or with their drive in your box) try the trendmicro scan. It gets a lot of stuff that others miss.

www.trendmicro.com

Click on online services and use the online housecall button.

JACKASS RACING · 04-19-2007, 05:24 PM

wow,i know who to pm when my pc screws up.....all the previous post read just like chinese arithmatic.......

Stng5Pnt8 · 04-19-2007, 05:29 PM

Quote:

Originally Posted by mikeb

If you can get it on the net in safe mode (or with their drive in your box) try the trendmicro scan. It gets a lot of stuff that others miss.

www.trendmicro.com

Click on online services and use the online housecall button.

another vote for Trendmicro, I use Trendmicro for our computers at the office and it works GREAT!!

Tx Redneck · 04-19-2007, 07:04 PM

Quote:

Originally Posted by Stng5Pnt8

another vote for Trendmicro, I use Trendmicro for our computers at the office and it works GREAT!!

That's what I use personally but Kapersky has the best detection/removal of all antivir programs out.

Thread Tools
Show Printable Version Show Printable Version Email this Page Email this Page
Display Modes
Linear Mode Linear Mode Hybrid Mode Switch to Hybrid Mode Threaded Mode Switch to Threaded Mode

Register Now

Log-in

Premium Vendor Showcase

Recent Discussions

Remove Advertisements Sponsored Links
DFWStangs.net Advertisement

Posting Rules
You may post new threads You may post replies You may not post attachments You may not edit your posts BB code is On Smilies are On [IMG] code is On HTML code is On Trackbacks are On Pingbacks are On Refbacks are On Forum Rules

vBulletin Message

Cancel Changes

Recent Discussions
50 JKS Performance Open... Today 05:45 AM by billywhitman
0 Is it a Good Idea to... 05-30-2020 12:52 AM by silverfoxgarage
28 Online Job Searches 05-28-2020 09:53 AM by Breana
0 Give your Mustang an... 05-28-2020 05:42 AM by carid
1 I'm a Newbie 05-26-2020 01:52 AM by carid
0 Take advantage of... 05-25-2020 07:12 AM by carid
0 Look out for these Signs... 05-23-2020 12:00 AM by silverfoxgarage
0 Breathtaking... 05-22-2020 06:27 AM by carid
0 Update the rear of your... 05-20-2020 06:46 AM by carid
31 List of Services... 05-20-2020 05:09 AM by johnmartin1458