Anyone know how to destroy this annoying virus?
My antivirus detect it but cannot delete it. Manual deleting of this file (redirect5.exe) from the indicated location also unsuccessful.
Thanks
SPYW_DCTOOLBAR.B
2 posts
• Page 1 of 1
SPYW_DCTOOLBAR.B
by Legendary » Tue Jun 14, 2005 7:20 pm
-
Legendary - Posts: 28
- Joined: Tue Jun 14, 2005 4:21 pm
- Location: USA
by admin » Tue Jun 14, 2005 7:20 pm
Below is what I found at http://www.trendmicro.com
Terminating the Spyware Program
This procedure terminates the running spyware process. You will need the name(s) of the file(s) detected earlier.
Open Windows Task Manager.
» On Windows 95, 98, and ME, press
CTRL+ALT+DELETE
» On Windows NT, 2000, and XP, press
CTRL+SHIFT+ESC, then click the Processes tab.
In the list of running programs*, locate the spyware file(s) detected earlier.
Select one of the detected files, then press either the End Task or the End Process button, depending on the version of Windows on your system.
Do the same for all detected spyware files in the list of running processes.
To check if the spyware process has been terminated, close Task Manager, and then open it again.
Close Task Manager.
--------------------------------------------------------------------------------
*NOTE: On systems running Windows 95, 98, and ME, Windows Task Manager may not show certain processes. You can use a third party process viewer such as Process Explorer to terminate the spyware process. Otherwise, continue with the next procedure, noting additional instructions.
Removing Autostart Entries from the Registry
Removing autostart entries from the registry prevents the spyware from executing during startup.
Open Registry Editor. To do this, click Start>Run, type REGEDIT, then press Enter.
In the left panel, double-click the following:
HKEY_LOCAL_MACHINE>Software>Microsoft>
Windows>CurrentVersion>Run
In the right panel, locate and delete the entry or entries:
Redirect = %Spyware Path%redirect5.exe
(Note: %Spyware Path% is the location of the executed program.)
Close Registry Editor.
Additional Windows ME/XP Cleaning Instructions
Running Trend Micro Antivirus
Download the latest spyware pattern file and scan your system. Then, delete all files detected as SPYW_DCTOOLBAR.B.
Details:
This memory-resident spyware program is similar to its earlier variant SPYW_DCTOOLBAR.A, with only minor modifications on its routines.
This spyware redirects URL requests entered in the Internet Explorer (IE) browser to the following Web site:
http://www.dotcomtolbar.com/redirect/url.asp?url=
This redirection allows the Web site to log a target machine’s IP address and its original requested site. The said Web site then redirects the user to the correct URL.
It creates the following registry entry to that it runs every time the system restarts:
HKEY_LOCAL_MACHINESoftwareMicrosoftWindows
CurrentVersionRun
Redirect = %Spyware Path%redirect5.exe
(Note: %Spyware Path% is the location of the executed program.)
This autostart technique only works if the file name is REDIRECT5.EXE. Otherwise, the spyware does not execute on next system startup.
It is created using Microsoft Visual Basic, a high-level programming language.
Terminating the Spyware Program
This procedure terminates the running spyware process. You will need the name(s) of the file(s) detected earlier.
Open Windows Task Manager.
» On Windows 95, 98, and ME, press
CTRL+ALT+DELETE
» On Windows NT, 2000, and XP, press
CTRL+SHIFT+ESC, then click the Processes tab.
In the list of running programs*, locate the spyware file(s) detected earlier.
Select one of the detected files, then press either the End Task or the End Process button, depending on the version of Windows on your system.
Do the same for all detected spyware files in the list of running processes.
To check if the spyware process has been terminated, close Task Manager, and then open it again.
Close Task Manager.
--------------------------------------------------------------------------------
*NOTE: On systems running Windows 95, 98, and ME, Windows Task Manager may not show certain processes. You can use a third party process viewer such as Process Explorer to terminate the spyware process. Otherwise, continue with the next procedure, noting additional instructions.
Removing Autostart Entries from the Registry
Removing autostart entries from the registry prevents the spyware from executing during startup.
Open Registry Editor. To do this, click Start>Run, type REGEDIT, then press Enter.
In the left panel, double-click the following:
HKEY_LOCAL_MACHINE>Software>Microsoft>
Windows>CurrentVersion>Run
In the right panel, locate and delete the entry or entries:
Redirect = %Spyware Path%redirect5.exe
(Note: %Spyware Path% is the location of the executed program.)
Close Registry Editor.
Additional Windows ME/XP Cleaning Instructions
Running Trend Micro Antivirus
Download the latest spyware pattern file and scan your system. Then, delete all files detected as SPYW_DCTOOLBAR.B.
Details:
This memory-resident spyware program is similar to its earlier variant SPYW_DCTOOLBAR.A, with only minor modifications on its routines.
This spyware redirects URL requests entered in the Internet Explorer (IE) browser to the following Web site:
http://www.dotcomtolbar.com/redirect/url.asp?url=
This redirection allows the Web site to log a target machine’s IP address and its original requested site. The said Web site then redirects the user to the correct URL.
It creates the following registry entry to that it runs every time the system restarts:
HKEY_LOCAL_MACHINESoftwareMicrosoftWindows
CurrentVersionRun
Redirect = %Spyware Path%redirect5.exe
(Note: %Spyware Path% is the location of the executed program.)
This autostart technique only works if the file name is REDIRECT5.EXE. Otherwise, the spyware does not execute on next system startup.
It is created using Microsoft Visual Basic, a high-level programming language.
-
admin - Site Admin
- Posts: 938
- Joined: Tue Jun 14, 2005 3:41 pm
2 posts
• Page 1 of 1
Who is online
Users browsing this forum: No registered users and 4 guests