Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

VBS/Redolf.A Virus - How do I clean it?

  • 24-12-2003 12:04pm
    #1
    Registered Users, Registered Users 2 Posts: 1,335 ✭✭✭


    Hey folks

    I was kindly given this virus by a mate when he backed up some data on my system.

    My understanding of how to remove it (found on some urdu language pages!!??) is to remove the kernal32 reg key from the registry at hklm/software/microsoft/windows/currentversion/run...

    however, when I get there there IS NO key referring to kernal32...

    command anti-virus will not get rid of it, neither does norton...

    How do I kill this virus?

    Any ideas?


Comments

  • Registered Users, Registered Users 2 Posts: 1,569 ✭✭✭maxheadroom


    what AV package discovered it?


  • Moderators, Recreation & Hobbies Moderators, Science, Health & Environment Moderators, Technology & Internet Moderators Posts: 93,604 Mod ✭✭✭✭Capt'n Midnight


    For a sec I thought you said Rudolf

    http://www.s-cop.com/virus-details.asp?selectID=155

    This is an encrypted VBS virus which appends itself to HTM, HTT, VBS and JS files. It also attaches itself to MS Outlook"s default stationery files and sets the Blank.HTM as the default stationery.

    Details : Any mail composed with MS Outlook subsequently will contain this virus and will infect the mail reciepients computer.


    So prob won't affect anyone with VB scripting turned off and doesn't use Outlook - can't ID it on the usual sites so probably an alias or variant of others.


  • Registered Users, Registered Users 2 Posts: 1,335 ✭✭✭Dr Bolouswki


    I'm using 'command anti-virus' by F-Prot...

    It picks it up but won't clean it. I saw the smart-cop site definition also - doesn't give any details on how to clean though....

    I'm trying other AV's - I'll see what happens...


  • Registered Users, Registered Users 2 Posts: 1,835 ✭✭✭BoB_BoT


    I remember coming across a removal method or program back around 7 months ago, had a customer with major problems and almost lost a lot of data due to redlof. I remember norton quarentined the files, then I took a look at the code and saw the virus code at the bottom of the code of the html files. I'm pretty sure I didn't clean over 2000 files manualy so i'll take a lookie to see if i can find the program at work.

    *edit* take a lookie here http://securityresponse.symantec.com/avcenter/venc/data/html.redlof.a.html read it all!! plus if you can get your hands on a copy of norton, update it and it might be able to clean the files, better yet go here http://housecall.trendmicro.com/ and you might be able to sort out your problem for free.


  • Registered Users, Registered Users 2 Posts: 1,335 ✭✭✭Dr Bolouswki


    Nice!

    Yep - currently downloading the trend micro fix... the symantec fix looks pretty comprehensive - I'll try that - thanks folks - I'll let you know how I get on...


  • Advertisement
Advertisement