Tech Support Guy banner
  • IMPORTANT: Only authorized members may reply to threads in this forum due to the complexity of the malware removal process. Authorized members include Malware Specialists and Trainees, Administrators, Moderators, and Trusted Advisors. Regular members are not permitted to reply, and any such posts will be deleted without notice or further explanation. Notice

Prombles with I-worm/Luder.A

3233 Views 16 Replies 2 Participants Last post by  Fln
Hello all,

I realize that there are other threads on Luder.a or Win32.dref and how to go about removing it, but it seems that each case is different enough to deem a thread of my own, so here it goes.

I seem to have spontainously acquired this virus while surfing the web last night. The virus library sites do not seem to have a lot of avaible information so I came here. I am running XP MC sp2 and using AVG Free. I also tried SpyBot which got ride of some spyware but nothing related to the virus I dont think. Currently I am scanning with AVG in safe mode, it claims that I have two files infected and three "Virus file Exploits", whatever that is. at the moment. I noticed that HTS is used a lot so I downloaded that and made a log from safe mode, if i run it in safe mode will it provide the needed info?

I will post the log and scan report soon.

Thank you for your help,

Not open for further replies.
1 - 6 of 17 Posts
I'd post a new Hijack This log.
The particular infection you have is a bad one. One where the computer should be completely reformatted.

This one goes into Local Machine settings as well and screws with associations.
The hidden destruction this one does is unbelieveable.
Tests on a VM & a live test machine have so far proved uncleanable and to try to reverse. The file associations etc needs windows to be reinstalled anyway so save yourselves weeks of trouble.
More than likely, yeah it's probably spread
One of our Moderators here (Derek) has done many tests on machines with this infection
He said for now this is the only solution
Do you wanna post Hijack This logs from the other machines
Computer 2 seems ok. Computer 3 the only somewhat dodgy one is O23 - Service: RDPSSW32 - Unknown owner - C:\WINDOWS\System32\RDPSSW32.EXE - do you recognize that?
I won't be online much today or tomorrow - so I'd suggest sending a PM to our Moderator dvk01 - he is much more famliar with this infection than I am.
1 - 6 of 17 Posts
Not open for further replies.