Favorite Set as home Contact Us
Google
Home | More Virus Remove Instruction | Free Virus Remover | Virus Remove Help Forum
Anti virus,Free Antivirus forum,Trojan Horse Remover,AntiSpyware,Antispam
      How to remove Trojan.VB.DJ
How to remove Trojan.VB.DJ
Author:Trojan.VB.DJ Hits: UpdateTime:2008-5-8 12:05:06
How to remove Trojan.VB.DJ Trojan.VB.DJ remover Trojan.VB.DJ removal process For remove Trojan.VB.DJ virus,please run antivirus Run a full system scan and clean/delete all Trojan.VB.DJ infected files and Delete/Modify any values added to the registry.
Trojan.VB.DJ description as following: details:

Trojan.VB.DJ

( Virus.Win32.VB.al, TR/VB.DJ, W32/BRONTOK.BN!worm ) Spreading: low Download removal tool Damage: medium Size: 81920 bytes Discovered: 2006 Apr 12

SYMPTOMS:

Presence of the virus EXE, with the size of 81920 bytes in one or more of the following places:
  • %WINDIR%\system32\ISASS.exe
  • %SYSTEMDRIVE%\WINDOWS\explosex.exe
  • %SYSTEMDRIVE%\WINDOWS\system32.exe
  • %WINDIR%\system32\LNETINFO.exe
  • %HOMEDRIVE%%HOMEPATH%\My Documents\My Pictures\My Pictures.exe

Also, when run, the virus disables (among others) the Task Manager, the Run option from the Start menu and the use of the registry editor (regedit). If the user tries to press Ctrl+Shift+ESC to open the Task Manager, the virus usually restarts the computer. Frequent system restarts in various conditions are also specific for the virus.

The virus runs under a process names ISASS, but as the Task Manager is diabled, you can only see it using another tool (like Process Explorer).

TECHNICAL DESCRIPTION:

When run, the virus create a copy of itself and places it into many places, like:
  • %WINDIR%\system32\ISASS.exe (for ex. C:\WINNT\system32\ISASS.exe)
  • %SYSTEMDRIVE%\WINDOWS\explosex.exe (for ex. C:\WINDOWS\explosex.exe)
  • %SYSTEMDRIVE%\WINDOWS\PCHEALTH\HELPCTR\hkcmd.bat
  • %SYSTEMDRIVE%\WINDOWS\security\kernel32.bat
  • %SYSTEMDRIVE%\WINDOWS\system32.exe
  • %ALLUSERSPROFILE%\Start Menu\Programs\Startup\Temp.pif (for ex. C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Temp.pif)
  • %WINDIR%\system32\LNETINFO.exe
  • %HOMEDRIVE%%HOMEPATH%\My Documents\My Pictures\My Pictures.exe (for ex. C:\Documents and Settings\softwin\My Documents\My Pictures\My Pictures.exe)
  • %HOMEDRIVE%%HOMEPATH%\My Documents\Data VIRTUAL2000.exe
The virus modifies a set of system registry keys to restrict the posibilities of the user to detect its presence. The virus usually does the following steps:
  • removes the Run and Search options from the Start menu
  • denies the use of the command shell (CMD.EXE)
  • denies the use of Task Manager
  • denies the use of the default registry editor (REGEDIT)
  • disables the Folder Options under the Explorer | Tools menu
  • setup several registry keys to enable automatic execution of the virus on system startup
The virus also displays from time-to-time a window with the following message:

"--Hentikan kebobrokan di negeri ini--

1.Penjarakan Koruptor,Penyelundup, Tukang Suap, & Bandar NARKOBA
(Send to: NUSAKAMBANGAN)

... [removed] ...

Babat.A
Terinspirasi oleh:
KIAMAT YANG SUDAH DEKAT

Fatek Unsrat, April'06
By_mr.4'5

ANDA SETUJU?"

If the user responds with YES, the message window closes. If the user answers with NO, then the system is restarted.

The virus will copy itself under many directories under the local drives, using different names. Also, when USB disks are plugged in, the virus quickly copies itself, usually under several names onto the disk.

Removal instructions:

Please let BitDefender delete your files. You shall also use the free removal tool for Trojan.VB.DJ from www.bitdefender.com to scan your system, as this tool also restores altered registry keys.

Please note however, that if you use the removal tool on system which had a security policy limitation set up by a system administrator, that is also used by the virus (like denying the use of Task Manager), then the removal tool will set up a default policy value (and so, it might give more priviledges to users than where before).

If you would like to manually restore the specific registry keys, you can use a different registry editor (like Registry Workshop) as the default registry editor (REGEDIT) is blocked by the virus. The keys you shall modify are:
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt -> set to 0
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Hidden -> set to 0
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoRun -> set to 0
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions -> set to 0
  • HKCU\Software\Policies\Microsoft\CurrentVersion\Policies\Explorer\NoFind -> set to 0
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools -> set to 0
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableCMD -> set to 0
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr -> set 0
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run\HotKeyCmds -> delete
  • HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell -> set "Explorer.exe"
  • HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Kiamat Sudah Dekat -> delete

ANALYZED BY:

Sndor LUK CS, BitDefender virus researcher



For successful remove Trojan.VB.DJ virus,you may also need do as following:
1. Temporarily Disable System Restore .

3. Update the virus definitions. Reboot computer in SafeMode;

4.Please download ATF Cleaner: IF you can not remove Trojan.VB.DJ virus successfully,you may seek help on Free Virus Remove Help forum URL:http://help.antiviruses123.com.Our anti virus experts will help you handle Trojan.VB.DJ virus:





End Of The Article How to remove Trojan.VB.DJ remove process
Trojan.Dropper.Cutwail.AT
Rootkit.Indag.A
ProcKill-EO
TR/Dldr.Agent.sisq
MultiDropper-SK
Trojan.JS.PYZ
TR/PSW.Magania.azha
Trojan.KillAV.PT
Proxy-Piky.dr
Proxy-Piky!a
Generic Dropper.dk…
Trojan.PWS.OnlineGames.KBXS
Trojan.Spy.Zeus.W
Generic Dropper!09eab7071cce…
Trojan.Buzus.CV
FakeAlert-SpywareProtect
Generic Dropper.k…
Trojan.PWS.OnlineGames.KBVT
Trojan.Downloader.FakeAV.BD
TR/PSW.Papras.JN
Trojan.PWS.Onlinegames.KBTP
Dropped:Trojan.Generic.1561399
Trojan.Swizzor.4
Trojan.Downloader.FakeAV.AH
2M Free Tetris…
Generic Rootkit.d!rootkit…
Trojan.Injector.CZ
TR/Crypt.ZPACK.Gen
Generic Rootkit.g…
Exploit-TaroDrop.g
Trojan.IFrame.GF
Trojan.Downloader.VBS.Psyme.JA
Generic Rootkit.w…
Trojan.Downloader.Small.ABFV
Trojan.Downloader.JLQZ
Adware.NaviPromo.Gen.5
JSP/FileBrowser
Trojan.Downloader.JS.Psyme.SR
Trojan.Downloader.JLPK
Trojan.IFrame.GA
Sponsors
Hot Antivirus Article
Elite Antivirus Article
Contact www.Antiviruses123.com Mail:Enservice668@yahoo.com.cn
Antivirus123Copyright ©2006-2010
Best view 1024*768 IE 6.0 Or above

Welcome to www.Antiviruses123.com, Antiviruses123 is a free anti virus web site.We will list the new virus,spam,spyware,worm,trojan horse remover and antivirus remove process.If the anti virus process we provide does not work,you may post your virus problem on our free antivirus forum(http://help.Antiviruses123.com),our antivirus expert will help you to deal the virus.