| View Question |
|
|
 | ||
|
| Subject:
What is Windllloader.exe???
Category: Computers > Operating Systems Asked by: mweaver54-ga List Price: $5.00 |
Posted:
14 Jul 2003 21:47 PDT
Expires: 13 Aug 2003 21:47 PDT Question ID: 231125 |
I have been trying to restore my computer from a virus attack. The latest message I get I cannot seem to find an answer for. When I launch Windows Explorer I get a box that says "Program not Found" and inside the box it says "Windows cannot find windllloader.exe" "This program is needed for opening files of type "Application" Where can I find this file?? What does it do? Mark | |
| |
| |
| |
|
| ||
|
| There is no answer at this time. |
| ||
|
| Subject:
Re: What is Windllloader.exe???
From: amitbhargava-ga on 14 Jul 2003 22:19 PDT |
your machine registry is still infacted by some Torjon Virus please make sure that machine is virus free. About winloder.exe : Remote Access / Steals passwords / EXE Binder May alter Win.ini and/or System.ini. Based on SubSeven. Some of the files are packed with the UPX 1.01. It comes with several different skins and supports plug-ins, so features may change. With Undetected, the hacker is able to write and execute different types of scripts, such as .bat and .vbs files, on the infected machine. regards Amit |
| Subject:
Re: What is Windllloader.exe???
From: mweaver54-ga on 15 Jul 2003 03:51 PDT |
Thank you folks for all of your helpful ideas. When I run msconfig I get the same error message. I have scanned the drive with Norton, McAfee and PC-cillin and no viruses are detected. It may help to know that this all started immediately after I did a Scandisk and defrag on my hardrive. Any other ideas out there? |
| Subject:
Re: What is Windllloader.exe???
From: jimmyjrosu-ga on 15 Jul 2003 09:19 PDT |
more info can be found here http://support.microsoft.com/?kbid=319813 |
| Subject:
Re: What is Windllloader.exe???
From: themza-ga on 17 Jul 2003 15:48 PDT |
Un-Detected 2.3a is a small trojan similar to the SubSeven trojan. Un-Detected supports plugins, which means new features could be created any time. The plugins are uploaded to your computer's windows directory in the form of pluginname.dll. This trojan also comes with an edit server. The edit server allows the infection routine, filenames, port and password to be changed. There is also a file binder with the edit server. The file binder can make a normal file and the Un-Detected server combined look like a RAR archive or install file. This version of Un-Detected just was recompiled to avoid virus detection. How To Remove =========================== *Please note %trojan file% is your "windllloader" =========================== Manual removal: Note that trojan file could be any file. Open the system.ini in Notepad (Usually c:\windows\system.ini) and rename the key under [boot] shell=Explore.exe %trojan file% to only: shell=explore.exe =========================== Now open the win.ini(Usually c:\windows\win.ini) and remove the key under [Windows]: load=%trojan file% =========================== Now click Start-> Run and type regedit In RegEdit navagate to: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run Once there click on CheckRegistry and press delete. --------------------------------------------- Now navagate to: HKEY_LOCALE_MACHINES\Software\Classes\exefile\shell\open\command Change what says "%trojan file%" "%1"%* to "%1"%* Reboot the computer or close %trojan file% using ctrl+alt+delete. Delete the trojan file %trojan file% in the windows directory. |
If you feel that you have found inappropriate content, please let us know by emailing us at answers-support@google.com with the question ID listed above. Thank you. |
| Search Google Answers for |
| Google Home - Answers FAQ - Terms of Service - Privacy Policy |