Question

  • Creator
    Topic
  • #2166490

    A virus problem in our enterprise with ~dulla@204 errors

    Locked

    by dessbirr ·

    Our enterprise has a problem regarding a virus problem. Most of our pc uses Windows XP SP2, but all the machiens are infected by a virus called dulla.

    Symptoms:- it stops all pdf, word, Mozila files.when we try to open, it shows ~dulla@204.
    – at local services and Registry Edit, it adds a file like ~bmjlbexn~

All Answers

  • Author
    Replies
    • #2976775

      Clarifications

      by dessbirr ·

      In reply to A virus problem in our enterprise with ~dulla@204 errors

      Clarifications

    • #2976773

      have you tried

      by .martin. ·

      In reply to A virus problem in our enterprise with ~dulla@204 errors

      anti virus programs? (McAfee, Norton, Trend Micro, AVG)

      next try ComboFix (http://tinyurl.com/2yct9u)

      next: reinstall windows

      • #2990979

        I have simillar problem

        by ayelgndes ·

        In reply to have you tried

        I have tried to remove (clean) the virus, i did clean with kaspersky and avast, but my problem is recovering the corrupted files, i’ve tried some recovery softwares… but endup with no success.
        I really need help!
        Thank you all!

    • #2973064

      I Suggest zis to control it

      by mteb2003 ·

      In reply to A virus problem in our enterprise with ~dulla@204 errors

      the virus is knowen with a name caveduck.a i used the Mcafee Product to kick it away!
      Use the McaFee 8.5i product and update the DAT file and the Scan Engeen too.

      Here is the link to McaFee Products Free Download :
      http://www.mcafee.com/apps/downloads/security_updates/dat.asp

      But i can tell u an immediate relife from the Virus.
      Here is its natur. It Hides itself in each of executable applications (EXE files) in your computer. I couldnt clean my files without antivirs. but i resisted the virus from further damage.
      Do this.
      go to the services window and you will find atleast some services named in a simillar way with the ~dulla@204~ thing.
      Disable each of these services
      In the logon tab of the service property, Uncheck the “Allow services to interact with the desktop”
      Do the same for all simillar services.

      Go to the registory editor(run>regedit)
      1.HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services
      2.HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services

      in these services edito, delete all the registories named in simillar way like ~dulla@204~

      and at last, go to your WINDOWS/system32 directory and delete all applications with 43kb except ipsec6.exe and possibly those that are real componet of your applications. you can hardly recognize them.

      Now atleast you Minimize your further damage
      Enjoy!
      Minilik Tesfaye

    • #2973063

      I Suggest zis to control it

      by mteb2003 ·

      In reply to A virus problem in our enterprise with ~dulla@204 errors

      the virus is knowen with a name caveduck32 i used the Mcafee Product to kick it away!
      Use the McaFee 8.5i product and update the DAT file and the Scan Engeen too.

      Here is the link to McaFee Products Free Download :
      http://www.mcafee.com/apps/downloads/security_updates/dat.asp

      But i can tell u an immediate relife from the Virus.
      Here is its natur. It Hides itself in each of executable applications (EXE files) in your computer. I couldnt clean my files without antivirs. but i resisted the virus from further damage.
      Do this.
      go to the services window and you will find atleast some services named in a simillar way with the ~dulla@204~ thing.
      Disable each of these services
      In the logon tab of the service property, Uncheck the “Allow services to interact with the desktop”
      Do the same for all simillar services.

      Go to the registory editor(run>regedit)
      1.HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services
      2.HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services

      in these services edito, delete all the registories named in simillar way like ~dulla@204~

      Now atleast you Minimize your further damage
      Enjoy!
      Minilik Tesfaye, Ethiopia

    • #2985643

      Solution for Dulla

      by amine_teklay2000 ·

      In reply to A virus problem in our enterprise with ~dulla@204 errors

      Mart:
      I am Security Professional. Let me put something about the dulla virus.

      Dulla virus is win32 virus that attaches itself to executable files and corrupts different types of files.

      – It has two basic virus components:

      a) Propagation – by attaching to .exe files.
      b) Payload – corrupting documents.

      The best solution should be holistic:

      1) Short-Term Solution(Reactive)

      a) Executable File Repairing

      – If you are already infected , use Tsere-Dulla(newer version, do not use previous version)(from http://www.insa.gov.et/downloads.jsp?prod=\’INSA-TSERE-DULLA’)

      to repair infected executable files , remove stand-alone virus programs in system32 , and remove services related with Dulla. (Disinfection Process)

      – Then use Kaspersky or avira for prevention. Do not use kaspersky or avira before disinfecting , because these two anti-viruses are not capable of repairing infected files(They will corrupt or delete your files).

      b) Corrupted Files Recovery

      – No full solution , but insa.gov.et has said they are working to solve this problem. Let us wait.

      2) Long-Term Solution(Proactive)

      – Information Security – Initiatives (Strategies , Policies , Standards , Secuirty solutions). Bringing information security with the participation of the people.

      For detailed information visit http://www.insa.gov.et/downloads.jsp?prod=\’INSA-TSERE-DULLA’

    • #2980788

      I found the solution! The dulla antivirus.

      by denis2eth ·

      In reply to A virus problem in our enterprise with ~dulla@204 errors

Viewing 5 reply threads