Tech Support Guy banner
Cancel
  • IMPORTANT: Only authorized members may reply to threads in this forum due to the complexity of the malware removal process. Authorized members include Malware Specialists and Trainees, Administrators, Moderators, and Trusted Advisors. Regular members are not permitted to reply, and any such posts will be deleted without notice or further explanation. Notice

Prombles with I-worm/Luder.A

3233 Views 16 Replies 2 Participants Last post by  Fln
F
Hello all,

I realize that there are other threads on Luder.a or Win32.dref and how to go about removing it, but it seems that each case is different enough to deem a thread of my own, so here it goes.

I seem to have spontainously acquired this virus while surfing the web last night. The virus library sites do not seem to have a lot of avaible information so I came here. I am running XP MC sp2 and using AVG Free. I also tried SpyBot which got ride of some spyware but nothing related to the virus I dont think. Currently I am scanning with AVG in safe mode, it claims that I have two files infected and three "Virus file Exploits", whatever that is. at the moment. I noticed that HTS is used a lot so I downloaded that and made a log from safe mode, if i run it in safe mode will it provide the needed info?

I will post the log and scan report soon.

Thank you for your help,

Fln
Save
Like
Status
Not open for further replies.
1 - 6 of 17 Posts
Cheeseball81
Hi and welcome :)
Please post the HJT log
Save
Like
Cheeseball81
I'd post a new Hijack This log.
The particular infection you have is a bad one. One where the computer should be completely reformatted.

This one goes into Local Machine settings as well and screws with associations.
The hidden destruction this one does is unbelieveable.
Tests on a VM & a live test machine have so far proved uncleanable and to try to reverse. The file associations etc needs windows to be reinstalled anyway so save yourselves weeks of trouble.
Save
Like
Cheeseball81
More than likely, yeah it's probably spread
One of our Moderators here (Derek) has done many tests on machines with this infection
He said for now this is the only solution
Save
Like
Cheeseball81
Do you wanna post Hijack This logs from the other machines
Save
Like
Cheeseball81
Computer 2 seems ok. Computer 3 the only somewhat dodgy one is O23 - Service: RDPSSW32 - Unknown owner - C:\WINDOWS\System32\RDPSSW32.EXE - do you recognize that?
I won't be online much today or tomorrow - so I'd suggest sending a PM to our Moderator dvk01 - he is much more famliar with this infection than I am.
Save
Like
Cheeseball81
You're very welcome.

Happy Holidays. :)
Save
Like
1 - 6 of 17 Posts
Status
Not open for further replies.
Tech Support Guy
A forum community dedicated to tech experts and enthusiasts. Come join the discussion about articles, computer security, Mac, Microsoft, Linux, hardware, networking, gaming, reviews, accessories, and more!
Full Forum Listing
Explore Our Forums
Hardware Virus & Other Malware Removal Off Topic Lounge Thread Games & Discussion Networking
Top