Help With Virus Removal

[Bill in SD, CA]

Not for me but for a friend.

Got 2 viruses here: W32.Randex.gen and Backdoor.Ranky.

From Symantec:

W32.Randex.gen

and

Backdoor.Ranky

Seems like the only way to remove them is in safe mode and then go into regedit and manually remove the references to them.

Anyone with experience on this?

Will there be multiple references to them in the registry?

Would it be safe to do both at the same time or better to do one at a time?

Thanks,

Bill

[Martoch]

Haven't had to edit registry entries to remove viruses before...but, whatever you do, export your registry first!

You can open your registry and do a "find" for any references to those nasty buggers...not sure where they would be hiding, but a search should find them all.

Good luck my friend!


EDIT:

Hmm...should be very easy if you follow Symantec's instructions.

Quote:

Click Start, and then click Run. (The Run dialog box appears.)

Type regedit
Then click OK. (The Registry Editor opens.)
Navigate to the key:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Run

In the right pane, delete any values that refer to the worm files, which were detected in step 4.

Exit the Registry Editor.

[TrendyMartini]

TrendMicro gives pretty good removal instructions..

For BKDR_RANKY,here

That worm drops itself in C$\WINNT\System32, as the file MSMONK32.EXE, and will show up in the registry once as Microsoft Windows Runtime DLL Services=msdevdll32.exe

For W32.Randex.gen, here

Hope thats helpful, Good luck!

[Bill in SD, CA]

One thought .........................

Would a "registry cleaner" find them after deleting the files?

Bill

[Martoch]

Shouldn't find them after you manually delete them...all a registry cleaner does is automatically find/remove items for you.

[John Prophet]

sometimes symantec and others make "tools" for removal of viruses..have you checked symantecs site yet?

[ppelliniq]

John is correct, you can go to www.symantec.com (or McAfee's site) and use their free virus removal tools, even if you don't own their product.

My brother's was unaware that his friend who owned a local computer business, who built and sold him a computer with software did not install any virus program (would never recommend him myself), and couldn't get rid of the virus for him when called 2 months ago. I went to symantec on his computer, ran their free virus checker, it found the virus, ran their free removal tool from the site, and computer's been fine ever since.

Of course I told my brother, go out tomorrow and get a virus program, especially with a cable modem.

[annierenee]

I was following all the messages everyone put in about this virus. However I still have one problem. I keep getting this virus popup from norton about w32.randex.gen. I went through the steps to remove it, only it doesn't show up on my computer. Does this mean that something has blocked it from actually settling down in the computer? Or am I missing something? Even though I don't see msdevdll32.exe anywhere that it should be.. I'm still getting the pop up. Nothing has went wrong with my computer that I know of yet other than the popups. Thanks, Annie