Trojan.Virantix.B
Trojan.Virantix.B uses rootkit technology to avoid anti-virus detection. It will modify Internet Explorer home page settings and assign an unwanted URL. Trojan.Virantix.B will attempt to end process that belongs to antivirus application. System tool are also disabled by making changes on Windows registry. Next, it will display fake security alert and prompt user to download a copy of rogue security program.
Windows Security Alert
Warning! Potential Spyware Operation!
Your computer is making unauthorized copies of your system and
Internet files. Run full scan now to prevent any unathorised access
to your files! Click here to download Spyware Remover
Damage Level: Medium
Systems Affected: Windows 9x, 2000, XP, Vista
How to Remove Trojan.Virantix.B:
FIRST AID TO STOP Trojan.Virantix.B:
Trojan.Virantix.B infection can execute changes on system settings and inject itself to legitimate Windows files. System Restore is the right tool to bring back clean files and restore system to earlier configuration. If you have saved previous restore point, please restore Windows to an earlier date.
MANUAL REMOVAL OF Trojan.Virantix.B:
1. If an anti-virus program is present, update the definition file.
2. Reboot Windows in Safe Mode
- After turning on the power, press F8 on the keyboard.
- From the menu, select Safe Mode.
3. Run a full system scan and clean/delete all infected file(s).
4. Delete/Modify any values added to the registry if present.
- To edit the registry, click on Start. Search or Run regedit.exe.
Note: For a complete guide on Safe Mode and Registry Editor, please see tutorial links on the sidebar.
5. Exit registry editor and restart Windows.
ADDITIONAL TOOLS AND PROGRAMS:
Scan with Norton Power Eraser:
A free removal tool from Norton Antivirus was developed to remove virus and unfamiliar threats without using the traditional AV signatures. Download the tool from this location and start scanning the computer for viruses.
Technical Details and Additional Information:
Other functionalities of this Trojan:
- It modifies registry entries to change Internet Explorer settings and security configuration.
- Trojan.Virantix.B will configure to run automatically when Windows is started.
- The Trojan will end security-related process to stop anti-virus and firewall application.
Malicious Files Added by Trojan.Virantix.B:
%System%\user32.dat
%Windir%\medichi.exe
%Windir%\medichi2.exe
%Windir%\murka.dat
File Location for Windows Versions:
- %System% for all versions of Windows it is located under C:\Windows\System32
- %Windir% refers to the installation folder of the operating system.
Associated Windows Registry Entries:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\Current Version\Windows\”AppInit_DLLs” = “%Windir%\murka.dat”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\Run\”Medichi” = “%Windir%\medichi.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\Run\”Medichi2″ = “%Windir%\medichi2″
Coolham23
Jan 13, 2008 @ 01:32:36
Thank you for this. I forgot where to get the instructions again as I had seen them a few days ago. After Medichi infected my computer, it proceeded to disable most of my antivirus software. I was then open to many virus’ such as mllml.dll… etc.
I SUGGEST YOU SCAN YOUR COMPUTER WITH SDFIX AFTER YOU KILL OFF MEDICHI!
- Coolham23 -
hazinto
Apr 11, 2008 @ 10:43:52
I can help you remove that medichi virus and its component without formatting and reinstalling the windows XP or Vista, with a little amount in return, ICQ me at 238559719