• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

Win32.TrojanRunner attack!! Help needed!

M

MIDIman

Diamond Member
As I was updating my virus checker (AVP), I got an error signifying Win32.TrojanRunner in C:\Windows\dsnekqg.exe. After some troubles with the updating process (it appears that AVP is getting rid of their old line of virus checking, and it didn't get all the files), I rebooted, uninstalled AVP, and installed a newer version.

It found the virus and could not "disinfect" and so opted to delete the exe, which I did, however it appears the attacker did something beforehand.

Long story short - Now, anytime I try to run ANY exe file (including all the bootup programs), I get the windows error "Couldn't find c:\Windows\dsnekqg.exe, please locate." Looking at the file associations list, ("File Types&quot😉, .exe files are associated with dsnekqg.exe rather than the usual [Executable], with no option to remove or edit the association! I can't run any exe files, including regedit.exe, which is where I probably need to be.

Help Me! Feel free to reply to this, e-mail, or pm me.

 
I'm on Win98, and currently backing up to reformat (was going to do it soon anyway, so this was just the extra needed incentive!)

Still curious how to fix this...funny, but if I copy another program, like Notepad.exe, then rename it to the original host trojan program (dsnekqg.exe), it will act like notepad any time I load an exe. Unfortunately, this still can't get me into regedit.exe, because even when an associated file with regedit is loaded, it acts as if it is adding to the registry...

Nonetheless, I am able to run programs by loading an associated file, such as a *.txt to load notepad, or for instance I created a new text document, labelled it as a fake *.cl4 file, and am using it to load Easy CD Creator to backup my needed files on CDR.

This sucks!!
 
I got that one, too, and once Norton AV deleted the files I couldn't run anything. I made 3 registry patches to kill the attachments to executables, and found the line in win.ini loading it. I can send you the reg patches via email if you want them, or make them yourself. It'll still let you enter them by double clicking.
 
YGM chemwiz - I feel like this should be in the Hot Deals section!!

Please e-mail the files to me ASAP!!

Thx!
 
Just send them, CYM. I sent them individually so they don't get zipped by my browser. Good luck, hope it works for you too!
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top