Comments for Security and Tech Blogs

Comment on defender-review.com by Perfect Defender 2009 - Threat Center

Perfect Defender 2009 - Threat Center — Mon, 23 Jan 2012 08:13:32 +0000

[...] defender-review.com [...]

Comment on ~dulla@204 Virus by mo

mo — Wed, 28 Dec 2011 13:53:47 +0000

I am sorry but this virus replaces the original file even the dulla programmer can not recover the data but removing the virus is pz of cake

Comment on Virus.Win32.Virut.ce by pakcik

pakcik — Wed, 11 May 2011 14:19:41 +0000

Only one thing I have in my mind right now…..kill those son of a @&%**…….
I have 3 hd in my pc…..one of them is my system….others…all my works….and im already too late…everything must be reformat again…..include my works…cos, everything already infected….. in really crazy mad grrrrrr…….

Comment on ~dulla@204 Virus by chank

chank — Sun, 08 May 2011 09:13:42 +0000

well i think it is good tutorial thanks aman

Comment on Virus.Win32.Virut.ce by Bipul

Bipul — Tue, 26 Apr 2011 14:29:45 +0000

Hello my pc infected with win32 virut.ce i have kaspersky antivirus. its detected the virus but results shows that postponed. please guide me how to clean the virus.

Comment on ~dulla@204 Virus by Dula's nemesis

Dula's nemesis — Thu, 21 Apr 2011 20:00:15 +0000

Zis dula aint nothin comared with the new upcoming virus called ‘abadula’ No antivirus could stop it. Dula wont be a virus after this. u will miss ur desktop interface after u r infected and z best thing is u cant even format ur PC!!! (It wont work on win98 and mac) but unfortunetly about 91% of z ethiopian ppl use xp and newer versons of windows. Then ur pc would a piece of junk that wo uld throwen to z garbage.

Comment on Lsas.Blaster.Keyloger by stephen

stephen — Mon, 11 Apr 2011 18:59:25 +0000

read number 6,…it really does work,but put your pc in safe mode first….and im runnin windows xp….

Comment on ~dulla@204 Virus by Binyam Letarge

Binyam Letarge — Sun, 30 Jan 2011 12:07:33 +0000

Tell me, how can i get z antivirus for dulla?

Comment on ~dulla@204 Virus by theodros

theodros — Mon, 17 Jan 2011 07:30:02 +0000

Please, tell me how I can load this anti virus. My computer was affected by virus and not properly operated.

Comment on Lsas.Blaster.Keyloger by Bob

Bob — Thu, 16 Dec 2010 12:02:25 +0000

12/15/10 – I too was infected. Thanks for all of your comments,but especially to Kenny (#29 & 30). Starting in Safe Mode in Windows 7 worked for me. I did not get the option to be ‘Administrator’, but I was able to access System Restore. I picked a point a couple of days prior to the incident and that solved the problem.

Comment on ~dulla@204 Virus by afe

afe — Thu, 11 Nov 2010 11:39:14 +0000

10Q it creats business to me b/c i have got the solution for the courapted file,so any one can send mail to have got the solution.

Comment on Virus.Win32.Virut.ce by thon

thon — Tue, 26 Oct 2010 20:50:22 +0000

the best solution is to format and re install os,and try avira free anti virus,the virus will gone in 2 hours,

Comment on go.google – go.yahoo by Michael

Michael — Sat, 04 Sep 2010 04:29:37 +0000

If you can’t find TDSSserv.sys in DEVICE MANAGER (as Mike described above); then click START > RUN > Open: regedit > EDIT > FIND > TDSSserv — delete (if you also see go.yahoo delete that too) — then click FIND NEXT — delete any others found then FIND for go.yahoo — delete any found. Exit Registry Editor.

Comment on Spyware Protect 2009 by Joe UPS

Joe UPS — Sat, 10 Jul 2010 16:13:39 +0000

After uninstalling the virus i lost HTTP internet browsing capabilities. Service was restored by unchecking “use proxy” under LAN settings in IE8 > tools > internet options > connections > LAN setiings

Comment on ~dulla@204 Virus by mesfin Adugna

mesfin Adugna — Wed, 07 Jul 2010 12:22:42 +0000

how i am gone to fix the virus dulla

Comment on ~dulla@204 Virus by mesfin

mesfin — Sun, 27 Jun 2010 06:28:22 +0000

Please send Tsere dulla Antivrus. My documents are at riskThe file already corrupted, so how can i recover the excel files?

Comment on ~dulla@204 Virus by mesfin

mesfin — Sun, 27 Jun 2010 06:27:09 +0000

Please send Tsere dulla Antivrus. My documents are at riskThe file already corrupted, so how can i recover the excel files? help me now!!

Comment on ~dulla@204 Virus by kabiand

kabiand — Wed, 16 Jun 2010 17:50:31 +0000

i really appriciate your innvention but could you give me your offer please to get out of this mess. thank y0u

Comment on ~dulla@204 Virus by kabiand

kabiand — Wed, 16 Jun 2010 14:39:49 +0000

i am really angry that my laptop is highley affected please a little solution

Comment on Virus.Win32.Virut.ce by oh noes

oh noes — Wed, 09 Jun 2010 06:08:42 +0000

Captured new virut.ce variant; infected userinit.exe , control.exe and cmd.exe from /system32.. confirmed infected by jotti- AVG’s Win32/Virut tool does not detect these infected files. Malwarebytes doesn’t see them either. ~.~

Comment on Virus.Win32.Virut.ce by seena seena

seena seena — Tue, 18 May 2010 04:23:47 +0000

Blogs are always a main source of getting accurate information and provide you the handy results; you can get instant and reliable information which surely helps you in any field of your concern. I am post graduate in IT and HR. These days I am doing preparation of different online certifications and I found mcdba is the best helping source which is providing 100% authentic material. I also spend my extra time in surfing internet, listening music and playing games. After my exams I would like to join your group.

Comment on Lsas.Blaster.Keyloger by debb

debb — Mon, 12 Apr 2010 13:49:49 +0000

I can not do step 6. I’ve tried numerous times and nothing happens. I’ve tried downloading different virus removers, (spybot, Malware etc) it says it’s downloaded buy it’s not showing up on my computer. I’ve ran a search and nothing is there. I restarted in Safe Mode and ran a Rogers virus scan and it’s still not going away… I’m so frustrated. Please help!

Comment on Lsas.Blaster.Keyloger by Jennifer

Jennifer — Sat, 10 Apr 2010 22:46:39 +0000

I have had all the same problems that everyone has spoken about here! I am currently in safe mode and waiting for the malware to finish as I chose to do all users rather than just mine. I unfortunately am waiting a bit longer than 5 min but that’s okay if it gets rid of the stupid virus! :( In addition I got the worm while being on facebook!!!

Comment on Lsas.Blaster.Keyloger by bradley

bradley — Tue, 06 Apr 2010 18:31:26 +0000

m8 just rang me he had this was driving him mad just told him to do system restore took it back to march 8th worked a treat thanks for the info

Comment on Virus.Win32.Virut.ce by Musik Anima

Musik Anima — Sat, 03 Apr 2010 08:11:22 +0000

this shity i got it from a crack …

yesterday i ran Kaspersky full scan and i got 12 infection of this virus.

And I think all is good now..

Kaspersky maybe has erased all the infections..

I have put the scan to “high”, and it took 12hrs to scan all..

i have no problem actually..but dunno if in future i will get problems..

I will do another scan, to stay assured that there is none of these infections…

this virus is owesome.. :) pc slows a lot during scan also..

pc started to lag…

1st thing to do: update Kaspersky
2nd: disconect from net
3rd: deep very deep scan
4th: restart pc
5th: again a deep deep scan..

then good.. I think problem solved..

Comment on ~dulla@204 Virus by million tsegaye

million tsegaye — Fri, 02 Apr 2010 11:34:19 +0000

ohhhhh the best solution .i have lost a lots of data so this one might be solution.anyways thnx
guys

Comment on Lsas.Blaster.Keyloger by martyn

martyn — Thu, 01 Apr 2010 13:33:23 +0000

i should also have said i got no option to run in safe mode either

Comment on Lsas.Blaster.Keyloger by martyn

martyn — Thu, 01 Apr 2010 13:32:09 +0000

i’ve got this on my laptop it sneaked in through facebook. i have tried everything suggested here and on other sites to no avail. i can’t restore as it’s removed that option. i can’t run any new files as it’s says it got a virus and refuses to play. can anyone help? and reading thought others coments if we find the one responsible i’ll cut his balls off

Comment on Lsas.Blaster.Keyloger by Drewski

Drewski — Wed, 31 Mar 2010 17:59:06 +0000

Well, I did instructions on step 6 and it worked for me. I spent 3 hours trying to find online instructions and after doing step 6 it was back to nornal in 5 mins. Computer place wanted to charge me $130.00 to fix. Thank you.

Comment on ~dulla@204 Virus by Get

Get — Tue, 23 Mar 2010 06:35:49 +0000

I have seen that your virus software, but what differs you from the civilized one your anti-virus never recover every corrupted data/file please learn more do once.

Comment on Lsas.Blaster.Keyloger by Tammy

Tammy — Mon, 22 Mar 2010 00:08:37 +0000

im having the same problem as everyoe else. except i cant go on safe mode. when i hit enter to enter safe mode a whole bunch of writing like file names comes up & its there forever unless i turn it off. i need help so bad!! ive tried everything!!!!! what should i do?

Comment on Lsas.Blaster.Keyloger by Sandra

Sandra — Sun, 21 Mar 2010 02:52:18 +0000

I have Windows 7 and don’t know how to start it in Safe Mode. It is infested with this virus and I have had no success in downloading malaware either from the internet or from a CD. I would like to try to restore to an earlier date, but it won’t let me change the date either. Help please!

Comment on Lsas.Blaster.Keyloger by gump

gump — Sat, 13 Mar 2010 16:31:31 +0000

thanks alot peaple you helped me out a shitload…
i could do shit even lost my background tryed to use avg but it wouldn’t let me. after comeing here i realized i had to start in safe mode do a sys. restore from there then use my avg but it’s done and up in running agen so thanks

hey dude you find him i’ll hold him down while you kick him in the balls a few times as long as i in black both his eyes. and may break a finger or 2 lol

Comment on Lsas.Blaster.Keyloger by Steve

Steve — Mon, 01 Mar 2010 00:31:31 +0000

I was browsing online and then was suddenly hit with the worm…. First time with a virus. on a new laptop to.
I have no virus block at the moment Ill try to Download Malwarebytes’ Anti-Malware.. (any suggestions) … Thanks….
It said it is eating it’s way through my computer trying to send credit card info. lookin for passwords
pop ups kept on appearing with security tool. tried to deleate security tool but just came back so I turned off the computer.

would someone please find the person
that started this worm and kick him in the balls.
greatly appreaciated.

Comment on Lsas.Blaster.Keyloger by JoeAdmin

JoeAdmin — Tue, 23 Feb 2010 15:25:25 +0000

A VERY important note is included at the end of this article:
1) Download mabm-setup.exe from a non-affected computer. Save the file to the desktop.

2) Re-Name mbam-setup.exe to something else with the .exe extension (like JoeAdmin.exe)

3) Copy the re-named .exe file to a memory stick, or write it to a CD/DVD

4) Restore it to the desktop of your infected PC
and execute it (Scan entire disk).

5) If you have any problems doin this with your current login (which should be a administrator) try creating a new login with administrator privs, loging in as that new login and follow the same instructions.

Comment on ~dulla@204 Virus by simon

simon — Mon, 22 Feb 2010 01:47:23 +0000

I very very sorry by the dulla virus plz give me the solution b/c I do any thing with the virus dulla help me how can i remove from my PC . We can’t do with messanger and an other documents please send me a solution

Comment on Lsas.Blaster.Keyloger by gazza

gazza — Sun, 21 Feb 2010 11:18:58 +0000

i have this virus….its terrible. i first up did a system recovery….big mistake, i wiped everything thinkin it would rid me of this thing…it didnt! Now i can’t do a system restore point (which i should have done first up) because as far as the computers concerned, it had this virus from the start! ahhhhhh its drivin me nuts.

Comment on Virus.Win32.Virut.ce by Bingo

Bingo — Tue, 16 Feb 2010 12:04:19 +0000

Hello All.
I see this little bugger is still doing the rounds. Vicious little sod!
This is a repost of my messages from July 2009 detailing how I got rid of the problem. It is possible that new victims may not read that far back and I hope my experiences are helpful. Good luck! By the way, still free from this virus.

Bingo
July 22nd, 2009 at 1:28 pm 56

Hello everybody. Only became aware of this thing about 5 days ago when the computer started shutting down and various programs became unworkable. Also, all files on my key drive disappeared and the drive had to be reformatted. Can’t swear that the virus did this but I cnn’t think of anything else to explain it. Windows Firewall (I’m running XP Pro) reported that I had a Virtob infection but AVG, Zone Alarm, and Ad-aware reported nothing. So after a bit of researching, I found the Kaspersky online scanner. This revealed that quite a lot of files were infected with win32.virut.ce but these could not be deleted by the online scanner. However, Kaspersky are doing a Full 30 day trial of Kaspersky Internet Security 2010 and I installed this. On checking drives C, D, and External Drive F, Kaspersky found and disinfected, or deleted, about 700 infected files. Reran the program and a few more files were found and treated. I am completed my third scan and the infection seems to have gone. Can’t say this will work for everyone but it seems to have worked for me. Worth a try and good luck to you. This is one awkward sob. I will report back if the infection recreates itself in the next few days, but so far it’s looking good

Bingo
July 22nd, 2009 at 10:48 pm 57

Following on from earlier post, I found that a few vrt.tmp files were appearing in C:\Documents and Settings\LocalService\Local Settings\Temp but Kaspersky was preventing them loading or connecting to the net. I ran the scan next in Safe Mode and this disinfected the few files which could not be done in normal mode. As of this moment, this machine is now completely free, as far as I can see, of Virut and anything else. All programs and files seem to be working normally and the Kaspersky Network Monitor is showing that there are no suspect connections. Just for information, my operating system is XP Pro SP3. Kaspersky seems to have given me the complete solution to this pest. Well worth giving it a try. Free 30 day trial could rid you of this problem.

Bingo
July 31st, 2009 at 8:35 am 59

Well, just to tie up the story on my experiences, I am now a week on from installing Kaspersky and ridding myself of Virut and it has not reappeared. That about says it all. Would highly recommend Kaspersky for ridding yourself of Virut

Comment on Lsas.Blaster.Keyloger by Herbert

Herbert — Tue, 16 Feb 2010 00:09:49 +0000

Thanks! The information on this blog helped me recover from the LSAS virus…..

Comment on Lsas.Blaster.Keyloger by pat

pat — Sun, 14 Feb 2010 13:45:44 +0000

do system restore it works even if restor says not completed

Comment on Virus.Win32.Virut.ce by ken.absolute

ken.absolute — Fri, 12 Feb 2010 21:34:53 +0000

I slaved a SATA drive via USB adapter to copy some data off of it…This som’bitch was on it and it jumped to the hosting PC!

It must get deep into all drives that it finds to make them autorun. Anyway – Sunbelts Vipre anti-malware caught it on the hosting computer and kept it from spreading.

The lesson anyway: be sure and hold down the shift key as you insert a USB drive (even if it’s a adapter for IDE/serial/SCSI) to keep it from auto-running.

wow – this thing… it gets deep into sysvol and even maintenance partitions.

I used Darik’s Boot and Nuke (http://sourceforge.net/projects/dban/) for the guest drive (inc maint partition) after reading about the issues here and I’ve not heard from it again.

My guess is people keep on getting reinfected by using their infected-auto-running USB drives or accessing infected .exe’s that they backed up – unless their is some bios component it can load into that I’ve been luckily enough not to have encountered.

Comment on Lsas.Blaster.Keyloger by D Mulyana

D Mulyana — Thu, 28 Jan 2010 15:52:29 +0000

i have tried the save mode way n run the mbam-setup exe (i renamed it first). Yup the mwalbytes can fixed the lsas blaster. Thanx to you all, especially webmaster, now my laptop run normally again

Comment on Virus.Win32.Virut.ce by AZ

AZ — Mon, 25 Jan 2010 08:19:26 +0000

THIS IS THE NASTIEST VIRUS HUMANS HAVE EVER FACED!!!!!!!!! 12 YEARS PC PROFICIENT HAS GIVEN UP AFTER REINSTALLING 64BIT VISTA, WIN 7 XP PRO 10 TIMES…..will completely format now. Installing new OS doesn’t help either, it infects the new OS as well..ANY SUGGESTIONS??????????

Comment on ~dulla@204 Virus by Assi

Assi — Fri, 22 Jan 2010 12:09:19 +0000

In one hand it is good to see ethiopians to create this things!!
Don’t to be stupid to loss somebodies file? create antivirus for dulla ! to be prised by 8000000 peoples of ethiopia

Comment on Spy Guard 2008 by Stacy

Stacy — Wed, 20 Jan 2010 03:54:56 +0000

Great program…thank you from the bottom of my heart! It found over 91 infections on a computer that had been rendered useless and removed them. Can’t boost enough…definite go!!!

Comment on Virus.Win32.Virut.ce by Liane

Liane — Mon, 18 Jan 2010 00:48:18 +0000

I found out I had this virus last night.
Kaspersky just detected backdoor.win32.papras.t
It’s go time. *-*

Comment on Lsas.Blaster.Keyloger by chuck

chuck — Sat, 16 Jan 2010 20:31:29 +0000

I had the same problem re lsas virus. I shut the system down, reopened in “safe” mode, then did a “systems restore” dated 2 weeks ago. This is in Windows XP. Took me about 2 minutes and so far it is working.

Comment on ~dulla@204 Virus by Cyber Dan

Cyber Dan — Fri, 15 Jan 2010 09:52:33 +0000

Dear Persons

i want to express my deep concern on this virus from a technical point of view and becuse i have related profession ..but not virsus making lolz! i have made few virus but not like dulla and i have not released them becuse they are for educational purpose only. What i have understood from ~dulla204 is it insert the string ~dulla204 in each file that have extensions like .xlsx .vbp.asp.aspx. and so on…and it strats using a service application(as a windows helpfull application) but.it’s not i have seen some of the prtion of code by opening it in a notpad i have come to undrrstood that it is written in delphi programing language….

Comment on Virus.Win32.Virut.ce by psog_choudai

psog_choudai — Tue, 12 Jan 2010 23:27:04 +0000

This stupid bugger’s put me a week of hard work into this computer.

I can’t say that I’m 100% free of the stupidity this thing does, but… I might have easy tips for getting rid of the virus, and some pointers to note for people who might be having issues:

1. The virus indiscriminantly infects all .exe and .scr files (even inside .zip, .rar, .7z, or any other kind of archive.) It also infects mostly system .dll files.

2. It does NOT infect any other “media” file. These include .mp3, .ogg, .wav, .avi, .mpg extensions and the like.

3. It doesn’t matter if you have more than one internal or external HDD or Flash drive (or any media that is rewritable), anything that meets the infection criteria WILL get infected.

4. Even if one file is already infected, the virus and any instances running WILL re-infect the same file in a different section of the coding. Thus, multiple scans are necessary to make sure the file is ABSOLUTELY clean.

So… I have a LOT of music and videos that I’m a little too attached to and that I don’t want to lose. When I noticed that this stupid thing targets executables, I realized that I needed to reformat the HDD carrying the OS. I did, and the virus came back.

I then noticed some strange occurrences. Obviously, port 65520 was being accessed by winlogon.exe and explorer.exe. Even though this was a fresh install, I needed to reformat again already.

So, I took up the task of arming myself to clear out this virus from my system with the following tools:

1. Windows XP CD
2. Hiren’s Boot CD v. 10.0
3. Ubuntu v. 8.04 Live CD

Here’s how that worked.

1. I turned off my computer and unplugged the power cord and the Ethernet cable. Left off for 30 min, then plugged the power cord (not ethernet) back in, then booted to Hiren’s Boot CD.
2. I used Hiren’s Boot CD’s partition tools to delete all partitions and destroy the data in the HDD carrying Windows XP.
3. I used the HDD Regenerator in the Hard Disk tools section to check for corrupted sectors. Usually this only applies to physical errors and not so much to data, but if a section has been damaged it’s good to know. Everything came back clean.
4. Went back to Partition Tools and formatted out an NTFS partition for Windows XP.

5. Rebooted and used the Ubuntu Live CD. Using this I was able to get the drivers for anything that I needed on the computer, and clean virus free copies of them because Linux doesn’t have these kinds of virus issues. I also downloaded Virut Removal Tools and Comodo Internet Security and Dr. Web Cure It!. This is good for people that have lost their recovery CDs or their motherboard or display drivers. I placed all these into a clean USB Flash drive. When I copied everything in, I ejected and disconnected the drive.

6. I rebooted into the Windows XP CD. When asked for the desired partition, I performed yet another Format (not quick) on the blank NTFS partition. Proceeded with installing Windows.

7. When Windows loaded, I connected the USB Flash drive and placed its contents on the desktop. Proceeded with installing everything, starting with the basic motherboard drivers all the way to the AV tools and Security software. Ethernet cable is STILL disconnected.

8. Here I noticed none of the system files were behaving erratically. When Comodo Internet Security asked me to update the Virus DB, I then connected the Ethernet cable. Connections were safe, and port 65520 was not being accessed by any program. Definitions were updated, and port 65520 was eventually blocked.

9. Used Dr. Web Cure It! and performed a complete scan of the computer and all disks connected (USB Flash disconnected) overnight. Found a ridiculous amount of instances of Win32.Virut.56. Also found a few miscellaneous backdoors and other trojans.

10. Removed all files mentioned by the Dr. Web scan. Proceeded to scan computer again with Comodo Internet Security AV scan. Few more infections came up, proceeded to remove those as well.

11. Noticed that none of the removed content was on C:\. Proceeded with a deep scan of both HDDs’ “System Volume Information” folder. Found another ridiculous set of instances of Win32.Virut.Ce. Removed them all.

12. This is where I find myself.

Every time I idle my computer and it accesses the screen saver, I notice that my computer has found yet another instance of Virut in the non-Windows HDD’s “System Volume Information” folder. I did just scan again and found more instances, so I removed those.

I just can’t seem to tell whether the virus is still active, or if it’s just remnants. When I use the system, Comodo does not alert me of anything. Also, websites are not blocked, and media files from that HDD do not further aggravate the system as I use them.

Though, I think I’m pretty clear! Hope this helps as another guide and alternative to clear out Virut.

Comment on ~dulla@204 Virus by MEEEE

MEEEE — Tue, 05 Jan 2010 17:44:06 +0000

change the file extension to something else, like readme.pdf ==> readme.pdf.SSS
tHIS WILL FOOL THE VIRUS, i HOPE…..GOOD LUCK!

Comment on Lsas.Blaster.Keyloger by How to remove Lsas.Blaster.Keyloger | Jon Murphy Dot Net

How to remove Lsas.Blaster.Keyloger | Jon Murphy Dot Net — Tue, 05 Jan 2010 12:55:26 +0000

[...] Tags: how to remove Lsas.Blaster.Keyloger, Lsas Blaster Keyloger, Lsas.Blaster.Keyloger, Lsas.Blaster.Keyloger removal tool, Lsas.Blaster.Keyloger virus via precisesecurity.com [...]

Comment on ~dulla@204 Virus by shebaw

shebaw — Sat, 02 Jan 2010 16:32:15 +0000

@Jaffer, why is my comment not costructive? Is that because it pointed out the truth, im confused here!

“We have a number of IT solution providers who are solving a number of problems”… what problems, do you call a stupid straight froward database to calculate some stupid calculations real programming? Where were they when dulla struck? Any real programmer can program a remover for dulla but it took them ages before they can manage that, that shows how inexperienced and dumb they are.

If you have evidences, why don’t you post it here. You make it sound like some type of mesterious mission. And if programming a PE infector is that easy, then why did it take them so long. And how many of the CS graduates here can program a remover for it, how many? I bet 99.99% of the graduates don’t even know the difference between PE infector and some other script “viruses”, let alone knowing the structure of PE and programming a remover for a PE infector virus!!!

Comment on Lsas.Blaster.Keyloger by KENNY

KENNY — Tue, 29 Dec 2009 16:57:46 +0000

By the way… once my computer was restored, I installed the “Malwarebytes Anti-Malware” software via the Malwarebytes Anti-Malware Instillation Wizard generated from the mbam-setup link on betanews.com/malwarebytes/mbam-setup.exe

Comment on Lsas.Blaster.Keyloger by KENNY

KENNY — Tue, 29 Dec 2009 16:37:09 +0000

I was having “fits” trying to get rid of the Lsas.Blaster.keyloger worm virus that kept popping up and preventing me from accessing anything that would assist, or, give me a clue as to what was going on. Finally after two and a half hours of several failed repeated attempts to download and run various softwware and clean up tools and devices. I shut off my computer and restarted it. While it was re-booting I pushed the F8 key before the “Windows” started. The computer entered the “safe mode”. I pushed the “enter” key, this allowed me the option to “click-on” as “the administrator”. Once I did this I was given the window option “to,or, not to” enter the safe mode. Choosing “not to” allowed me finally… the option to restore my computer. I clicked “not to” and was then given the option to restore my computer to a previous setting. Since I had been going at the failed attempts to get rid of the Lsas.Blaster.Keyloger worm virus for several hours, I just restored my computer to the previous day. Everything restored perfectly! It worked. This is a slight variation of the suggestion that I recieved in this comment section, except that I didn’t try to run the embam-setup.exe from the “safe mode”. Basically, I made the right decisions by following the instruction options that I was presented with. And as each suceeding window opened during this navigation process I took a breath of reliefe because I could see as I was going in the right direction. Try it! WHATEVER WORKS, RIGHT!!! THANKS

Comment on ~dulla@204 Virus by Jaffer

Jaffer — Mon, 28 Dec 2009 19:57:02 +0000

Dear Shebaw, ur comment is not constructive. Are sure about what u wrote, i don’t think. We have a number of IT solution providers who are solving a number of problems. anyway u can email me for real evidences.

there r a number of C++ virus scripts on hackers and P2P site anyone with little programming skill specially in C++ can modify and increase the risk of the virus. Its is not a big deal nowadays.

for those who r suffering from ~dulla^@204~ u files could be recovered partially, if u uses Easy Recovery Professional or Advanced Word repair programs. If can’t find the Software emailme at jaffermohATyahooDOTcom
wishing u all including ephrem, all the best.

Comment on Virus.Win32.Virut.ce by zizo

zizo — Tue, 22 Dec 2009 08:28:17 +0000

helooooooooooooooooooooooooo

Comment on Virus.Win32.Virut.ce by Maybe

Maybe — Tue, 15 Dec 2009 23:37:17 +0000

Hiya all. I don’t recommend this unless you are positive that you have the right firmware. Flash you BIOS. clean computer up, flash again, then clean again. Hope it helps a bit

Comment on ~dulla@204 Virus by shebaw

shebaw — Tue, 08 Dec 2009 20:32:43 +0000

@ephrem you are very stupid, you can’t even differentiate between Macro virus and PE infecter VIRUS!!! First of all, do you even know the definition of Macro Virus, i guess you don’t. Even though the creator of Dulla used his knowledge for destructive ends, the coding of Dulla isn’t stupid! Infact its brilliant coz almost none of the CS “graduates” can code innovative stuff coz the only thing they know is VB and JAVA and they consider themselves to be knowledgable!!! Ephrem, you are the perfect example!! CS is one of the hardest subjects to master, and even takes decades to be a good programmer. There will be almost none in Ethiopia because no one chooses what he likes to study on the University Level, almost all of the CS students here in Ethio got to CS schools because of their LOW results! Thats why its hard to find Ethiopians who love their Job, almost all of the high school students want to join Medical School on the hope of relatively high salary! How would you expect anyone to be good at anything if he joined it without interest! The CS graduates in Ethiopian are stupids without any knowledge in programming, and Ephrem if you claim that making the virus is easy, then why wouldn’t you make the antivirus coz its easier than making the Virus!! Everyone here reading this post, if you joined something only by considering the salary, you won’t ever be good at it and for all of the CS “graduates” in ethiopia, you don’t know anything and you will never know anything if you continue like this!!! Check out rohitab.com, its filled with genius highschool students that make programs that even the Professor in Ethiopia will never know how to make them!

Comment on ~dulla@204 Virus by Netwolf

Netwolf — Tue, 08 Dec 2009 10:29:42 +0000

look ephrem or bla bla.The creator Dulla virus is not s—-d or b—–d rather you are the b—–d he did what he can do or he wants to do may be you are the one who make it.u said it can be made by a junior CS student. plz show me what you can code the biggest and main problem of ethiopians are we know a lil bit and we talk million times that’s why we are not changing you might know vb.net(it is for dummies and kids) then you will laugh at c codders dont be stupid and as you aid you can make a virus like that so post something you programmed ideot!!!!

Comment on ~dulla@204 Virus by Tadele

Tadele — Mon, 07 Dec 2009 08:48:19 +0000

Please make visible you loading option. How can I get this option?

Comment on ~dulla@204 Virus by Muller Digital

Muller Digital — Mon, 30 Nov 2009 08:07:02 +0000

it’s good but it can’t protect z new worm, INSA-Worm, can u tell me about famous INSA?

Comment on ~dulla@204 Virus by dawit

dawit — Wed, 25 Nov 2009 12:57:17 +0000

good but how con i recovered my corrupted file
tell me what can i do

Comment on Virus.Win32.Virut.ce by eparico

eparico — Sat, 21 Nov 2009 16:23:24 +0000

I’ve been lucky so far but I’m working on a friends laptop, a mini with no CD ROM drive, that was/is infected with Virut & Delf…the bastards. I didn’t know much about this virus and was unaware it attached itself to flash drives. Lesson learned! My AV program picked up this virus on a flash drive I was moving between my comp and the laptop. I created a bootable USB XP installation, reinstalled the OS on the mini only to find out the flash drive I used was infected. Now, I have to go back and reinstall a second time.

After several scans using McAfee and Kaspersky online scanner (so far), luckily, my computer has not been infected. After doing a bit of research and reading a bunch of message boards, a lot of them say that the best resolution is to format and reinstall the OS. From what I’ve read (check out Spybot S & D message boards and search for Virut), this virus is said to attach itself to exe, scr, htm, html, asp, php, pdf, doc and even jpg files. There might be more that I’m unaware of but to say the least, this has to be one of the nastiest viruses I’ve ever run into.

Some people have said that this virus can be eliminated but I’m not willing to take this risk giving I transport some of my data between home and work with a flash drive. Good luck to anyone who spends days on end trying to fix instead of reinstalling their OS. Computers 101….ALWAYS back up your data in the event something like this should occur. You may spend several hours reinstalling all of your software but it beats spending days on end trying to fix a virus that might come back.

Microsoft has released a security bulletin (967940) with a patch (KB971029) that will disable the AutoRun feature for flash drives to prevent automatic installation of software included (U3, etc) and will help prevent the running of an infected exe file. Best of luck everyone…

Comment on Virus.Win32.Virut.ce by soulless

soulless — Tue, 17 Nov 2009 11:28:19 +0000

ive found that using hirens 10 both in windows and minixp and using the following apps – Kasperky, Malwarebyte, Superantipyware and smitfraudfx manages to get rid of the virus and then just going through the harddrive like c:, temp dirs, Windows, System32, Fonts, system volume information, recycler, Documents and Settings folders and deleting the weired files i find there such as Restorer_32a.exe and Reader_s.exe (Found a new one recently photo_id.exe) and also scanning the reg for them and removing them. This seems to be able to get rid of the virus but ive found a few times there are still bits and peices of it flying around so a few more scans and checking the folders and reg again pretty much cleared it up but Kaspersky can disinect the files but you will proably have to do a repair on you windows again.

In one of the earlier posts someone mentioned that he used a irc prog to connect to his computer and managed to ulter the options of the virus. Im curious to know if this is true.

Comment on Virus.Win32.Virut.ce by overkill

overkill — Tue, 10 Nov 2009 14:54:07 +0000

Here’s a question for you tech-savvy guys:

What exactly is the danger of the port (65520) that this thing uses ? Assuming you are able to clear the infection from your system (disk & memory), then is there any chance that it can re-enter ? I am assuming not.

Comment on Lsas.Blaster.Keyloger by Rebecca

Rebecca — Mon, 09 Nov 2009 22:48:18 +0000

I followed the instructions the webmaster gave above follow it… If it’s not working it might be because you might not be on the administrator user thingy of the computer!!!! I tried that and worked for me now my computer works!!!

Comment on Virus.Win32.Virut.ce by Arsby

Arsby — Sun, 08 Nov 2009 17:13:58 +0000

I had a happy ending, I think.
I got this bug on my Vista laptop on Friday by being stupid. Kaspersky slows down my downloads, so I turned it off. I forgot it was off and tried to install an app from the newsgroups. The first thing Virute did was set my system clock forward to 2049, so Kaspersky thought it had expired 40 years ago! Then it started eating my executables.
I took the laptop HD out and put it in a SATA USB enclosure attached to a Kaspersky-protected desktop. I started moving all the files I wanted to save onto the desktop, and ran Kaspersky against the HD in enclosure. I initially thought I fixed it with Kaspersky and moved it back, but it was still infected. I then adjusted the Kaspersky setting to Maximum Protection and pointed it explicitly to the USB drive. It found and deleted a trojan and 216 files (mostly exe’s) that were infected.
This morning, Sunday, I put the HD back into the laptop and turned it on, fully expecting to have to recover and wipe the HD. Signon went well, but it couldn’t find two dll’s. Kaspersky was still working on the laptop, and found nothing during its startup procedure. The internet is working, I’m posting from the laptop now. Some applications aren’t working because the executables are gone, but others, including MS Office, are.
So it looks like a happy ending.
So for the previous poster and others… IF it’s a laptop that’s infected, it’s really easy to pop out a laptop hard drive, then go to Best Buy or something like it and buy a USB enclosure for it. (Warning, there are two types, SATA and another one.) Attach it to another PC that’s virus protected, and have it run a full maximum check against the drive that’s now via USB. Have it delete anything that’s infected. (Kaspersky does the deletions *after* it finished the full scan.) Then put it back into the laptop and see if it works.

Comment on Lsas.Blaster.Keyloger by Cathy

Cathy — Sun, 08 Nov 2009 15:25:29 +0000

Sorry last post should read could NOT remove all infected items. ???

Comment on Lsas.Blaster.Keyloger by Cathy

Cathy — Sun, 08 Nov 2009 15:20:47 +0000

Hi- please help.
Did step 6 in safe mode, but could remove all infected items. I’m no further forward. Any ideas?

Comment on Lsas.Blaster.Keyloger by Simon

Simon — Fri, 06 Nov 2009 00:54:19 +0000

Ok all you guys,

I couldn’t access anything on my computer as it closed automatically (including Task manager, all programs and stuff) except the internet. So I downloaded the software Malwarebytes’ Anti-Malware (mbam-setup.exe) and restarted my computer in Safe MODE. Then I searched (while in safe mode) using start – search: “mbam-setup.exe” and installed the software.

Comment on Virus.Win32.Virut.ce by DonkeyDolck

DonkeyDolck — Tue, 03 Nov 2009 00:10:16 +0000

Hey.. I got these virus yeasterday (win32/virut and win32/heur) When i read about it that it infected all the .exe and possibly .jpg files i went nuts, turned of my computer unplugged my other 2 drives (D: and E:)on it and installed windows 7 64bit today. Downloaded avg free 9.0 and searched D: and it had 5 infected .exe files. wich it said that it was removed. So it hadn’t have the time to spread that far. Now i wonder if it still might spread into my C: where i have my windows or if it will continue to spread through my D: and E: (havn’t plugged E: in yet, so i don’t know how badly infected it is.) Or shall i just leave them unplugged until a bulletproof removal program for those viruses are released? Really don’t wanna mess up all my pictures and stuff there if it’s possible to avoid.. damn.. pics on there since 2002. :/ What to do? Any help would be mostly appreciated

Comment on Virus.Win32.Virut.ce by Szabolcs

Szabolcs — Sat, 31 Oct 2009 11:11:49 +0000

Confirmed. I agree with the first poster (and the most of you), it sneaked through avast’s protection, I fought this about a week long, that process let me figure out some important stuff.

This malware is probably added by Win32.Agent along with Win32.Delf and b.exe, just to mention the most critical ones and some others (3-4 more)

– It hides on your portable devices such as pendrives portable hard disk or other partitions.
– When you connect to the internet, this will download the whole pack again, causing you more trouble.
– These malware only works on 32-bit based Windows systems. You should consider updating to 64-bit (there are some drawback) or try Windows 7.
– Only Win32.Virut will infect files, others should create their own, which you can find in “C:\” and “C:\Windows\system32″ or in “Documents and Settings”

Note: A new version has come out in October 2009 and even Kaspersky Labs do not have an update for this infection yet. Although, Kaspersky is able to competely eradicate this virus, thanks to it’s more advanced and intelligent being, compered to other virusbusters.

Conclusion: I am now using Windows 7 x64, works quite well that far.

Comment on ~dulla@204 Virus by ephrem

ephrem — Thu, 29 Oct 2009 15:55:51 +0000

This is really bad fortune for Ethiopians that hears Dulla virus has been created by Ethiopian distractive guy or Association. You know creating very_low_risk and very ordinary system virus like Dulla is not a work of proud. Most educated Ethiopians suspect strongly who has created this gadium virus. In my belief the current stated antivirus for Dulla-Tsere Dulla creator has created the virus itself before. Because the name of a virus it self is Amharic word, besides the solution itself has found from Ethiopia by the association they called INSA. Don’t forget also most commercial antivirus producers ignore or don’t care about to get a solution for this virus. And do not forget Dulla virus is a kind of very easy and low risk ordinary virus that even a younger student of computer science student with out experience can create this kind of macro type of virus. If I were a creator of this virus, I would rather participate to create a kind problem solving projects for this poor country. Shame on this virus creator. Let me tell him what is he done is reflect he is ordinary, very easy and useless bastard gay. By the way I am not giving this opinion just being hot or affected by the virus. And let me tell him that even I can create such virus. But I wouldn’t be interested to be criminal. I am sorry to use irrational words.

Comment on ~dulla@204 Virus by tadesse

tadesse — Thu, 29 Oct 2009 09:33:07 +0000

Please send Tsere dulla Antivrus. My documents are at riskThe file already corrupted, so how can i recover the excel files?+

Comment on ~dulla@204 Virus by Alekaw

Alekaw — Tue, 27 Oct 2009 15:16:09 +0000

I appreciate Dull Virus creator man really !! For future I will expect more that used for our country ‘Ethiopia’ and pass to Next Generation !!

Comment on Lsas.Blaster.Keyloger by Aaron

Aaron — Thu, 22 Oct 2009 18:51:51 +0000

OR
None of these worked for me, even option 6. Try a slightly different way though:

I tried to go into safe mode, but it wouldn’t let me, so I selected to start up in normal windows.

As it was starting up, I pushed F10, and then maneuvered from back there. Click the tab that has the date, and change the date per option 6. Click save and continue to restart in normal mode. Everything was fixed.

Comment on go.google – go.yahoo by Hyoran

Hyoran — Tue, 20 Oct 2009 17:41:03 +0000

I’ve tried everything to find the TDSSserv.sys including the scan for hardware changes and i still can’t find it. Is there any other hardware you can disable that will help?

Also i seem to have problems with serial and npkcrypt. Why have they stopped working?

Comment on Lsas.Blaster.Keyloger by brandon

brandon — Mon, 19 Oct 2009 13:28:46 +0000

yyyyaaaay everyone do post six it works and takes under 3 minutes. go under safe mode to do yayayayayay tytyty

Comment on Lsas.Blaster.Keyloger by brandon

brandon — Mon, 19 Oct 2009 13:26:30 +0000

i did post six still waiting to see if it worked ;)

Comment on ~dulla@204 Virus by Biny

Biny — Thu, 15 Oct 2009 11:12:33 +0000

I’m still wondering who developed dulla virus,i’ll b very happy if INSA has something to say abt it.

Comment on ~dulla@204 Virus by Amaha Fikru

Amaha Fikru — Tue, 13 Oct 2009 06:40:04 +0000

The file already corrupted, so how can i recover the excel files?

Comment on Lsas.Blaster.Keyloger by ceri

ceri — Mon, 12 Oct 2009 13:02:02 +0000

I went to the microsoft site sorted it straight away

Comment on Virus.Win32.Virut.ce by uuzoo

uuzoo — Sat, 10 Oct 2009 12:08:18 +0000

This is a nasty virus! I got hit with it a couple of weeks ago from downloading programs. My antivirus at the time ( avast) detected it but couldn’t do nothing about it. So, I did some research on the net, and was told to download Kaspersky removal tool. It detected it, and was neutralizing it, but the virus was spreading like a forest fire. It got to about 3,000 files infected, and I said forget it. I ended up reformatting and reinstalling OS. It WORKED! What’s really interesting is that I didn’t know it at the time but my flashdrive was connected in the back of the tower, and it got infected. After reinstalling everything. I realized that my flashdrive was in too. I’m thinking oh no. I ran avast but nothing came up. I’ve now installed Vipre and ran scan on the flashdrive and it detected and neutralized the virus. Now I’m using Vipre. Been working well.

Comment on ~dulla@204 Virus by Ermias

Ermias — Thu, 08 Oct 2009 07:19:21 +0000

Please send Tsere dulla Antivrus. My documents are at risk

Comment on Virus.Win32.Virut.ce by itchy

itchy — Wed, 07 Oct 2009 23:06:14 +0000

ow also cleaned my external hard drive no problems there. my friend however who apparently didnt have anti-virus. and who waited to long is completely screwed. he cant even dl the avg removal tool

Comment on Virus.Win32.Virut.ce by itchy

itchy — Wed, 07 Oct 2009 23:04:07 +0000

i only used kaspersky 2010 and the avg link that was mentioned hxxp://www.avg.com/us.virus-removal.ndi-67762
and im done.
took me about 2 hours (because my pc was just rebooted there wasnt mutch to scan)

Comment on Virus.Win32.Virut.ce by SChalice

SChalice — Thu, 01 Oct 2009 02:34:44 +0000

This virus can get on compact flash sticks. You’ll need to be sure to wipe all those suckers clean or just throw them away if unsure..

Comment on ~dulla@204 Virus by Dawit

Dawit — Thu, 24 Sep 2009 08:43:54 +0000

Amanuel Kenna and AreMoh.

I think you two know how to recover pdf files that have been infected by the dulla virus using hex editor. I tried several times and I didn’t succeed. Please help. I am really anxious.

Comment on ~dulla@204 Virus by expertanalyzer

expertanalyzer — Tue, 22 Sep 2009 23:27:08 +0000

send me the teddy afro virus infected file sample i am expert virus anlayzer and i love to help people in my free time if you have teddy afro virus infected file attach and send it to my email: father@safe-mail.net i will give you free removal tool for free.
thanks.

Comment on Virus.Win32.Virut.ce by Joe

Joe — Sun, 20 Sep 2009 22:01:07 +0000

This virus infected my old HD, so I had no choice but to reinstall WinXP. Then today I accidently clicked an old executable on that HD and the virus is reinfected me. I was in no mood to reinstall so this is how I dealt with it.

DO NOT START ANY PROGRAMS YET, THEY WILL GET INFECTED

1. Pull the plug on your internet connection, because it will try to connect to its website (jL.chura.pl and maybe others) and download more crap to your PC

2. Go to Task Manager and kill ANY program that looks unfamiliar (this can be tricky, if you’re a not a computer geek)

3. Run services.msc and you’ll see at least 2 services running which have NO description. Stop them and then disable them (by right clicking). Also stop and disable Remote Access Connection Manager, and Background Intelligent Transfer System, if they are running. These are Windows processes, but I think the virus activates them.

4. Repeat step 2 just in case

5. Now you have a choice:
a)You can run restore, but you have to be very sure that the restore is clean
b) run your antivirus. A full scan is preferable, but at least C:\Windows\ and C:\Program Files\. The virus infected only logonui.exe in my case and changed the HOSTS file, and created a temporary file in the WINDOWS\TEMP directory, but nothing else. However, if you ran any program while the virus was loaded, that program will be infected too.

This is the stage on which I am myself. The virus is removed but my system is still a bit screwed up, because everytime I reboot a hidden process iexplore.exe is started, except it’s not connecting anywhere. I’m not sure what’s starting it, but I dealt with it by killing the process and moving iexplore.exe to a temporary folder.

Comment on Virus.Win32.Virut.ce by Fennec the sysop

Fennec the sysop — Sun, 20 Sep 2009 20:07:51 +0000

This virus is a pain but I have it contained ,my router is a good firewall and I have it set to block all incoming connections on port 65520 and all outgoing connections to Proxima.ircgalaxy.pl so that means the attackers cant use it I have also found that using IRC to connect to my local machine on port 65520 gives you control of this virus so now I am able to change the options and on my machine it only infects explorer.exe too bad it dosent have a disinfect command

Comment on ~dulla@204 Virus by amanuel girma (haramaya university)

amanuel girma (haramaya university) — Sat, 19 Sep 2009 22:25:35 +0000

HOW TO PARTIAL REPAIR OFFICE DOCUMENTS INFECTED WIZ “~dulla^@204~” VIRUS
Before you start this tutorial clean your pc wiz anti dulla software I recommend
Emopia® Virus Removal Pack (freeware) from emopia.com
Tools needed for this tutorial
• Notepad ++ (absolutely free download and install this software)
• Office 2007
• An infected file
1. Right click on the infected office document >>click “edit with notepad ++” now the document will be opened in notepad++ window
2. Click on “search” from the menu >>click on” find” >> click on “replace” tab
3. Type ‘~dulla^@204~\x00’ (without the quote) on “find what” box>> check the “regular expression” check box >> click on “find next” tab >> click on “replace all” tab >> ok >> done.
4. Click done >> click on the” save” from menu >> close notepad ++ >> open the infected(corrupted) document when a dialog box appear click yes
any question please email me :amangirma@gmail.com

Comment on ~dulla@204 Virus by Jiru

Jiru — Thu, 17 Sep 2009 10:22:35 +0000

Ther is a virus named Teddy afro which has characterstic feature of hiding your files and disabling ur cd driver…it is even difficult to remove it with command…i have tried avira, kaspersky,macaffe,avg,and NOD..non of them could remove that.You guys do you have any solution for that?EMOPIA ..it is just fake..it cant detect any virus…

Comment on ~dulla@204 Virus by Abdulkerim

Abdulkerim — Tue, 15 Sep 2009 12:02:02 +0000

People! Get over it! There is no method to recover corrupted files, you can see the reason on facebook, just go to emopia.com (they are the one who made emopia virus remover, and are professionals) and join their facebook page and in the discussion board, you can read the reason why dulla corrupted files can’t be recovered.

Comment on ~dulla@204 Virus by AreMoh

AreMoh — Mon, 07 Sep 2009 19:55:09 +0000

for Solution For Every Thing(160) what about *.xls or *.xlsx files? I need help.

Comment on ~dulla@204 Virus by AreMoh

AreMoh — Mon, 07 Sep 2009 19:52:18 +0000

for Amanuel Kenna(162) how can I recover dulla infected files with hex editor? I need additional information or the steps of recovering!

Comment on ~dulla@204 Virus by AreMoh

AreMoh — Mon, 07 Sep 2009 19:14:19 +0000

O! people, Is there any recovery methode or software for dulla infected MicroSoft Office files?

Comment on Virus.Win32.Virut.ce by Rob Cullum

Rob Cullum — Sun, 23 Aug 2009 13:30:06 +0000

Hi there, my desktop has been infected with this virus and it is creating havoc . Casn’t even get online (I’m on my laptop atm!)
Please help!
Kind regards
Rob

Comment on Virus.Win32.Virut.ce by The Tech Guy Tom

The Tech Guy Tom — Fri, 21 Aug 2009 23:54:43 +0000

I’ve removed this virus successfully without formatting. Email me thetechguytom@gmail.com for details, it’s a long hairy process but can be done. We had an outbreak within our internal network at my support office where a win2k3 server w/exchange and AD, tech machine, all computers that were on the bench etc. were infected by thumbdrives plugged in to machines when the virus first struck. Apparently it’s really really easy to spread it. Hit me up and I’ll paste my epic essay.

Comment on ~dulla@204 Virus by aman

aman — Fri, 21 Aug 2009 11:15:54 +0000

anti dulla is the stupidest anti virus i ever see it only uncheck the service file from “msconfig” it has no auto detect options
the virus some time even attack the anti dulla excutable files
the anti virus should have auto detect options
how ever i wrote the code for dulla. u had enough destroying our files please give us the solution.