Question

Locked

A virus problem in our enterprise with ~dulla@204 errors

By dessbirr ·
Our enterprise has a problem regarding a virus problem. Most of our pc uses Windows XP SP2, but all the machiens are infected by a virus called dulla.

Symptoms:- it stops all pdf, word, Mozila files.when we try to open, it shows ~dulla@204.
- at local services and Registry Edit, it adds a file like ~bmjlbexn~

This conversation is currently closed to new comments.

6 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Answers

Collapse -

have you tried

by .Martin. In reply to A virus problem in our en ...

anti virus programs? (McAfee, Norton, Trend Micro, AVG)

next try ComboFix (http://tinyurl.com/2yct9u)

next: reinstall windows

Collapse -

I have simillar problem

by ayelgndes In reply to have you tried

I have tried to remove (clean) the virus, i did clean with kaspersky and avast, but my problem is recovering the corrupted files, i've tried some recovery softwares... but endup with no success.
I really need help!
Thank you all!

Collapse -

I Suggest zis to control it

by mteb2003 In reply to A virus problem in our en ...

the virus is knowen with a name caveduck.a i used the Mcafee Product to kick it away!
Use the McaFee 8.5i product and update the DAT file and the Scan Engeen too.

Here is the link to McaFee Products Free Download :
http://www.mcafee.com/apps/downloads/security_updates/dat.asp

But i can tell u an immediate relife from the Virus.
Here is its natur. It Hides itself in each of executable applications (EXE files) in your computer. I couldnt clean my files without antivirs. but i resisted the virus from further damage.
Do this.
go to the services window and you will find atleast some services named in a simillar way with the ~dulla@204~ thing.
Disable each of these services
In the logon tab of the service property, Uncheck the "Allow services to interact with the desktop"
Do the same for all simillar services.

Go to the registory editor(run>regedit)
1.HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services
2.HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services


in these services edito, delete all the registories named in simillar way like ~dulla@204~

and at last, go to your WINDOWS/system32 directory and delete all applications with 43kb except ipsec6.exe and possibly those that are real componet of your applications. you can hardly recognize them.


Now atleast you Minimize your further damage
Enjoy!
Minilik Tesfaye

Collapse -

I Suggest zis to control it

by mteb2003 In reply to A virus problem in our en ...

the virus is knowen with a name caveduck32 i used the Mcafee Product to kick it away!
Use the McaFee 8.5i product and update the DAT file and the Scan Engeen too.

Here is the link to McaFee Products Free Download :
http://www.mcafee.com/apps/downloads/security_updates/dat.asp

But i can tell u an immediate relife from the Virus.
Here is its natur. It Hides itself in each of executable applications (EXE files) in your computer. I couldnt clean my files without antivirs. but i resisted the virus from further damage.
Do this.
go to the services window and you will find atleast some services named in a simillar way with the ~dulla@204~ thing.
Disable each of these services
In the logon tab of the service property, Uncheck the "Allow services to interact with the desktop"
Do the same for all simillar services.

Go to the registory editor(run>regedit)
1.HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services
2.HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services


in these services edito, delete all the registories named in simillar way like ~dulla@204~

Now atleast you Minimize your further damage
Enjoy!
Minilik Tesfaye, Ethiopia

Collapse -

Solution for Dulla

by amine_teklay2000 In reply to A virus problem in our en ...

Mart:
I am Security Professional. Let me put something about the dulla virus.

Dulla virus is win32 virus that attaches itself to executable files and corrupts different types of files.

- It has two basic virus components:


a) Propagation - by attaching to .exe files.
b) Payload - corrupting documents.

The best solution should be holistic:

1) Short-Term Solution(Reactive)

a) Executable File Repairing

- If you are already infected , use Tsere-Dulla(newer version, do not use previous version)(from http://www.insa.gov.et/downloads.jsp?prod=\'INSA-TSERE-DULLA')

to repair infected executable files , remove stand-alone virus programs in system32 , and remove services related with Dulla. (Disinfection Process)

- Then use Kaspersky or avira for prevention. Do not use kaspersky or avira before disinfecting , because these two anti-viruses are not capable of repairing infected files(They will corrupt or delete your files).

b) Corrupted Files Recovery

- No full solution , but insa.gov.et has said they are working to solve this problem. Let us wait.

2) Long-Term Solution(Proactive)

- Information Security - Initiatives (Strategies , Policies , Standards , Secuirty solutions). Bringing information security with the participation of the people.

For detailed information visit http://www.insa.gov.et/downloads.jsp?prod=\'INSA-TSERE-DULLA'

Collapse -

I found the solution! The dulla antivirus.

by denis2eth In reply to A virus problem in our en ...
Back to Malware Forum
6 total posts (Page 1 of 1)  

Related Discussions

Related Forums