Question
-
CreatorTopic
-
December 1, 2008 at 10:15 pm #2166490
A virus problem in our enterprise with ~dulla@204 errors
Lockedby dessbirr · about 15 years, 4 months ago
Our enterprise has a problem regarding a virus problem. Most of our pc uses Windows XP SP2, but all the machiens are infected by a virus called dulla.
Symptoms:- it stops all pdf, word, Mozila files.when we try to open, it shows ~dulla@204.
– at local services and Registry Edit, it adds a file like ~bmjlbexn~Topic is locked -
CreatorTopic
All Answers
-
AuthorReplies
-
-
December 1, 2008 at 10:15 pm #2976775
Clarifications
by dessbirr · about 15 years, 4 months ago
In reply to A virus problem in our enterprise with ~dulla@204 errors
Clarifications
-
December 1, 2008 at 10:19 pm #2976773
have you tried
by .martin. · about 15 years, 4 months ago
In reply to A virus problem in our enterprise with ~dulla@204 errors
anti virus programs? (McAfee, Norton, Trend Micro, AVG)
next try ComboFix (http://tinyurl.com/2yct9u)
next: reinstall windows
-
December 7, 2008 at 2:59 am #2990979
I have simillar problem
by ayelgndes · about 15 years, 3 months ago
In reply to have you tried
I have tried to remove (clean) the virus, i did clean with kaspersky and avast, but my problem is recovering the corrupted files, i’ve tried some recovery softwares… but endup with no success.
I really need help!
Thank you all!
-
-
December 9, 2008 at 8:27 am #2973064
I Suggest zis to control it
by mteb2003 · about 15 years, 3 months ago
In reply to A virus problem in our enterprise with ~dulla@204 errors
the virus is knowen with a name caveduck.a i used the Mcafee Product to kick it away!
Use the McaFee 8.5i product and update the DAT file and the Scan Engeen too.Here is the link to McaFee Products Free Download :
http://www.mcafee.com/apps/downloads/security_updates/dat.aspBut i can tell u an immediate relife from the Virus.
Here is its natur. It Hides itself in each of executable applications (EXE files) in your computer. I couldnt clean my files without antivirs. but i resisted the virus from further damage.
Do this.
go to the services window and you will find atleast some services named in a simillar way with the ~dulla@204~ thing.
Disable each of these services
In the logon tab of the service property, Uncheck the “Allow services to interact with the desktop”
Do the same for all simillar services.Go to the registory editor(run>regedit)
1.HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services
2.HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Servicesin these services edito, delete all the registories named in simillar way like ~dulla@204~
and at last, go to your WINDOWS/system32 directory and delete all applications with 43kb except ipsec6.exe and possibly those that are real componet of your applications. you can hardly recognize them.
Now atleast you Minimize your further damage
Enjoy!
Minilik Tesfaye -
December 9, 2008 at 8:27 am #2973063
I Suggest zis to control it
by mteb2003 · about 15 years, 3 months ago
In reply to A virus problem in our enterprise with ~dulla@204 errors
the virus is knowen with a name caveduck32 i used the Mcafee Product to kick it away!
Use the McaFee 8.5i product and update the DAT file and the Scan Engeen too.Here is the link to McaFee Products Free Download :
http://www.mcafee.com/apps/downloads/security_updates/dat.aspBut i can tell u an immediate relife from the Virus.
Here is its natur. It Hides itself in each of executable applications (EXE files) in your computer. I couldnt clean my files without antivirs. but i resisted the virus from further damage.
Do this.
go to the services window and you will find atleast some services named in a simillar way with the ~dulla@204~ thing.
Disable each of these services
In the logon tab of the service property, Uncheck the “Allow services to interact with the desktop”
Do the same for all simillar services.Go to the registory editor(run>regedit)
1.HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services
2.HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Servicesin these services edito, delete all the registories named in simillar way like ~dulla@204~
Now atleast you Minimize your further damage
Enjoy!
Minilik Tesfaye, Ethiopia -
December 18, 2008 at 1:06 pm #2985643
Solution for Dulla
by amine_teklay2000 · about 15 years, 3 months ago
In reply to A virus problem in our enterprise with ~dulla@204 errors
Mart:
I am Security Professional. Let me put something about the dulla virus.Dulla virus is win32 virus that attaches itself to executable files and corrupts different types of files.
– It has two basic virus components:
a) Propagation – by attaching to .exe files.
b) Payload – corrupting documents.The best solution should be holistic:
1) Short-Term Solution(Reactive)
a) Executable File Repairing
– If you are already infected , use Tsere-Dulla(newer version, do not use previous version)(from http://www.insa.gov.et/downloads.jsp?prod=\’INSA-TSERE-DULLA’)
to repair infected executable files , remove stand-alone virus programs in system32 , and remove services related with Dulla. (Disinfection Process)
– Then use Kaspersky or avira for prevention. Do not use kaspersky or avira before disinfecting , because these two anti-viruses are not capable of repairing infected files(They will corrupt or delete your files).
b) Corrupted Files Recovery
– No full solution , but insa.gov.et has said they are working to solve this problem. Let us wait.
2) Long-Term Solution(Proactive)
– Information Security – Initiatives (Strategies , Policies , Standards , Secuirty solutions). Bringing information security with the participation of the people.
For detailed information visit http://www.insa.gov.et/downloads.jsp?prod=\’INSA-TSERE-DULLA’
-
December 31, 2008 at 4:09 pm #2980788
I found the solution! The dulla antivirus.
by denis2eth · about 15 years, 3 months ago
In reply to A virus problem in our enterprise with ~dulla@204 errors
Just go to http://www.dulla-virus.wikidot.com
-
-
AuthorReplies