General discussion

Locked

virus

By sundaravadhaanan ·
what is the remedy for redlof virus

This conversation is currently closed to new comments.

3 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

by jschein In reply to virus

go here (remove any spaces)

http://vil.nai.com/vil/alphar.asp

Do a search for redlof ... there are 6 variants which each have different methods of removal. Find your variant and follow those steps.

Good luck

Collapse -

by dmiles In reply to virus

The REDLOF infects VBS, HTM, HTML, ASP, PHP, JSP, and HTT files. It spreads via email and is activated when the email is read.

REMOVAL INSTRUCTIONS:

1. Run Vbuster.Exe and delete all infected files.
2. Delete all temporary Internet files (Tools/Internet Options for IE5)
3. Run REGEDIT and delete the following lines in the Registry:
HKEY_CURRENT_USER\Identities\(default user ID)\Software\Microsoft\Outlook Express\ 5.0\Mail\Compose Use Stationery=??
HKEY_CURRENT_USER\Identities\(default user ID)\Software\Microsoft\Outlook Express\5.0\Mail\Stationery Name=??
HKEY_CURRENT_USER\Identities\(default user ID)\Software\Microsoft\Outlook Express\5.0\Mail\Wide Stationery Name=??
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows_Messaging_Subsystem\Profiles\Microsoft_Outlook_Internet_Settings\
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows_NT\CurrentVersion\Windows_Messaging_Subsystem\Profiles\Microsoft_Outlook_Internet_Settings\
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\10.0\Common\MailSettings\NewStationery\


4. Delete the user code for each user:
HKEY_USERS\(user code)\Software\Microsoft\Windows\
5. Delete the following:
HKEY_LOCAL_MACHINE\Software\Microsoft\\Windows\CurrentVersion\Run \Kernel32=??
6. Run Vbuster.Exe, press "F1" and then "S" to search for files with HTT extensions. Delete all files with HTT extensions. Search for KJWALL.GIF and delete it.
7. Click on "Tools/Option", "Compose" to reset Outlook
8. Install the patch from Microsoft: http://www.microsoft.com/technet/security/bulletin/ms00-075.asp

Collapse -

by tjc In reply to virus

Get an anti-virus package. Like www.norton.com or www.macafee.com and install and disinfect.

Back to Web Development Forum
3 total posts (Page 1 of 1)  

Related Discussions

Related Forums