html.redolf.a

Printable View

March 24th, 2003, 11:41 AM
shantz

html.redolf.a

Hi
I have just been infected by the html.redolf.a virus. it has corrupted my "c:\windows\system\kernel32.dll" file and it also infects any html file it finds. It also attempts to run some script at the startup of windows buyt is unable to as it is denied access by norton antivirus. Nav detects it but is unable to repair it. Pls help how shud i remove it. I have win XP and using norton av 2002
March 24th, 2003, 11:51 AM
MrLinus

Please tell me you made an AV boot disk? The only reason that it can't repair the kernel file is because it's in use. So if you don't have a recovery disk from the AV software, you're only next step is wipe and re-install. =P

Before you do anything, take a look here:

http://vil.mcafee.com/dispVirus.asp?virus_k=99476

They seem to have removal instructions. Check the bottom of the page for specific instructions on fixing Win ME/XP
March 24th, 2003, 12:04 PM
shantz

I also run win me on same box. so can i boot into win me and repair the file from there...
March 24th, 2003, 12:07 PM
MrLinus

Might be able to but check the instructions. They are probably the best bet.
March 24th, 2003, 12:23 PM
raghuveer

hey,
frankly I want to say one thing, if you had originallicense of the anti virus for the coopy you had, then your immmediate choice will be to contact the norton and send them a copy of the file you had.
then as you your AV had identified the virus, you better update the AV again so that the latest update may have the possibility or feature to remove the virus, I tink you understood what I mean, I think as Ms Mittens told, you can try with boot disk, if you have not already made, then get the boot disk made on your friend's system or so, and then scanyour system and try to remove things from DOS.
Also, I am not sure abou this, but may be ytou can try to replace the kernel32.dll, by copying it from your friend's system who is running winxp.
please donot balme me if it donot work, just an idea around, to do this if possible, you go to your friend's system or If I remember correctly, you can download almost all .dll files rom the website http://www.dll-files.com
So, an alternate choice you already had is win me rinstalled, then , even this copying and pasting of kernel32.dll can e done from win ME as at that time, it will be like one another file whcih can be easily copied and pasted on to your winxp kernel32.dll(hey donot copy win ME kernel32.dll, but another win XP system kernel32.dll, ) you cn tyr that option too.
then if you ffeel the installed things are important and you lose something, then try t contact the norton, ofcourse it may take sometime, but I feel you can get things done in a beter way(I confirm my words, and you do accorind, if your norton is a licensed one).
Then last bet is , just format that particular drive where you had installe the win Xp, and reinstall the OS.
I say this would be the last option
March 24th, 2003, 01:24 PM
raghuveer

hey

shantz. are you an indian, I too
great to which palce you belong, if you ar nearer to me, I think I can help you better
ofcourse not just for this alone, we can have some good discussion too.
I am from kakinada, andhra pradesh, india
March 24th, 2003, 02:16 PM
nirvanainheaven

Hey, I thnk you can go to norton.com and they have some online tools can check u dick for virus and u can update NAV
March 24th, 2003, 04:36 PM
blackart

i think u can also go to the site neworder.box.sk
there is an article on how the redlof html virus works and how to remove (scripts available)
i guess u should first of all delete all the folder.htt files and the desktop.ini files. after that replace ur explorer and some .dll files . i guess that should do the job
there is a paper on it in the above site titled Paper on the HTML.Redlof.A virus .
so get goin.
March 24th, 2003, 05:01 PM
onepercent

Strange, I cannot find a virus by that name in any antivirus data base.
March 24th, 2003, 05:13 PM
MrLinus

Just type in html as the search option. It took me a couple of tries with McAfee
March 24th, 2003, 06:14 PM
raghuveer

hey, is it that folder.ini virus

I thought some other virus, but felt it familiar with.

This one I got before one and half month I feel, at that time itself our aavg had identified it, later, now, even norton is identifying it ok,.
then I want to say you one thing, this viirus main property is to spread itself by copying itself to all the folders.
The main advantage it has is it is always accompanied with the desktop.ini files, and even if someone sees these files, initially they donot get a doubt, because these were the names used by operating system andaevery one knows that files with this extensions are responsible to the look of the OS. SO people would not suspect it in general.
In my experience, I saw this file initially in every folder of his systemm ,and as I got doubt, tried and removed them in the particular folder but when I go ointo the folder again, these two files appears.

Then, I opened the find utility from the start menu and searche for folder.htt file, a list of hundreds of folder.htt files appeared, likewise for desktop.ini, I had selected them all and had deleted them using shift+delete.
I think it didnot come into back again.
The main disadvantage of this virus, is it doesnot destroy any files or something, but it will kill the processor, Imean the performance will be drasticallly reduced.
and later I found AVG identifying as a virus, and I felty happy for identifying it by its activity and removing it sucessfully from my friend's system.
At that time, once again, while making some file transfer from harddisk to harddsk, my friend got the virus again, it had affected the kernel.dll and really at that time I know, avg cannot heal all types of viruses, only it can identify effectively.
But for my surprise, it haled the KERNEL>DLL file successfullly and we had avided formatting the system at that time, just to remove this virus.
SO I RECOMMEND TO USE AVG AND you may feel at least near to what I felt.
It is effective I can say.
if you want t omanually remove, do as I said above, and try the avg, it can heal I thinkI felt some file
March 25th, 2003, 08:50 PM
shantz

Thnx to u all. I'll try what u have suggested today and will let u know abt it. Thnx once again.
May 23rd, 2003, 10:23 AM
imaginedsanity

Just an update on this topic. I just finished vanquishing this virus from my parents computer. It's rather nasty...and it does something that I hadn't seen before. I don't know if anyone else has ever run across this so I'd like to see your own experiences with this thing. Not only is it polymorphic, which I have seen before, but it's also encrypted. It decrypts itself upon execution. I imagine this gives it the advantage of hiding it's code from virus scanners until it's too late. Correct me if I'm wrong, but if I'm right, that's rather scary.