-
Think I have something for you:
Backdoor.SilverFTP is a backdoor Trojan that gives an attacker unauthorized access to your computer. Backdoor.SilverFTP copies itself as %Windir%\Wincfg32.exe.
Also Known As: Backdoor.SilverFTP.10 [KAV], Backdoor:Win32/SilverFTP.1_0 [RAV]
Type: Trojan Horse
Infection Length: 13,312 bytes
Systems Affected: Windows 95, Windows 98, Windows NT, Windows 2000, Windows XP, Windows Me
Systems Not Affected: Windows 3.x, Microsoft IIS, Macintosh, OS/2, UNIX, Linux
AND---
Click Start, and then click Run. (The Run dialog box appears.)
Type regedit
Then click OK. (The Registry Editor opens.)
Navigate to the key:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
In the right pane, delete the value:
Windows Config Loader %Windir%\Wincfg32.exe
Exit the Registry Editor.
-------------------------------------------------------------------
So, in answer to your question, YES! Kill da beastie!
Also, there are removal instructions:
http://securityresponse.symantec.com...silverftp.html
Hope this helps.
-
I was hit by a virus that did this before. The trouble was figuring out how to get rid of it, as I dod not know what it was, and without the registry editor or the task manager, it was impossible to find out. I had to open the task manager and switch to the processes listing at boot time, and in the time between its appearance on the list and its shutting the task manager down, I got a screenshot for future reference. Since the file was loaded in memory and the virus did not lock it, I was able to delete the file from wherever it was and rebooted the computer.
After this I was able to delete the registry key which caused it to start at boot time. Answers above explain how to do that. I think it was the Wincfg32 file mentioned by rapier57. Try getting a screenshot of the processes list before the virus shuts it down and see if this appears there.
But when I submitted the file to Norton, they did not find a virus contained in it. The file in question was scanned with a 3 day old sig file before running it.
Otherwise, percussive reconstruction might help. :killcompu:
Viruses suck.
-
Finally got everything working back to normal. The problem was infact being caused by wincfg32.exe
I deleted it from the registry, but it kept coming back. So I downloaded taskmanager2003, which lets you kill processes. As soon as I killed the wincfg32.exe process, everything began working normally again. Only task at hand now is to keep it that way. ;) many thanks to all those that contributed their time and ideas to helping me fix this.
-
well now go to one of the AV companies sites and read up on how to remove the malware.. then you won't need to worry as much.. BTW: how current were your AV definitions b4 this happened and how current were the defs for the various AV progs you ran to find this thing.. remember some AV's have trouble detecting when the malware is already active....
You will find that many of these progs have a second component hidden in the machine that is reinstalled by more than two other keys.. ..
cheers
