Keylogger.trojan. How to remove? [modem connections] [nasty attack]
Q: I have a nasty attack by a large number of viruses, worms and Trojan horse because of an open firewall on my modem. Most of them have been established, but one of them, Keylogger.trojan, refuses to go. It create4d a registry entry that has a file in the Windows system32 directory lol.dll creates. This file refuses to delete. I tried deleting the file in safe mode but then again it is made reboot.
Any suggestions?
Best Answer: Crap. I hate ZLIB/ZLOB. Anyways, you can download http://safer-networking.org/ this, scan your computer, delete the files, and you'll be safe. FYI, scan your computer at least once a week, to make it like new.
Re:Boot to safe mode with networking
This is most forgotten when removing a virus properly.
Re:Boot to safe mode with networking
Use Trend Micro's Online Virus Scanner (http://housecall.trendmicro.com/housecall/start_corp.asp) and delete whatever it detects.
Use Panda's Online Virus Scan (http://www.pandasoftware.com/activescan/) and delete whatever it detects.
Install a quality Antivirus program on your PC (Nod32, AVG, NAV 2K3/2K4/Corp)
Re:Be sure you disable system restore before removing the files to keep windows from replacing them.
EDIT Trend Micro shows LOL.DLL as part of worm FRANCETTE.F
Might try what the say to do HERE (http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_FRANCETTE.F). Under the tab "technical details" they mention LOL.DLL.
It drops the file, LOL.DLL, which Trend Micro detects as TROJ_POPSPY.A. This .DLL file gathers information from the infected system and sends this information to a specific address.
Re:BTW I forgot to mention that my System has Win XP SP1 with a lot of patches installed.I also have norton antivirus 2003, updated to the latest virus definitions. The antivirus software regognizes the virus but is unable to delete the lol.dll file.
I did a google on this trojan and came to know that I have to edit registry in order to get rid of it.But I have'nt been able to get any entries which could point to this.
There is nothing in my startup list also to suggest the loading of this virus file. One peculiar thing which is also happening is that my computer is unable to stop/ reboot. I have been doing hard s/d . Fortunately for me , I have all the important data on a different drive than that on which the operating system is installed.
I will try one of those, TDS3 or Bo clean and then it is format for me I guess.
Re:You should download a trial of TDS 3 or Boclean or Moosoft's Cleaner and see whats up.
Re:Have you tried checking what's in your start up folder? Do you have an anti-virus/scanner? Try scanning with Ad-Aware.
Related posts
Tags: modem connections, nasty attack