Vat.exe Trojan

[sabaijai]

NOD32 found a trojan in a file called vat301.exe but is unable to remove it. Ad-Aware doesn't pick it up at all. Anyone know of a way to get rid of it?

Here's the path:

C:\Documents and Settings\Administrator\My Documents\vaxsetup.301.exe »NSIS »isecur.dll - Win32/TrojanDownloader.Zlob trojan

NOD32 also found a worm on my portabel hard drive that it can't quarantine or delete.

G:\System Volume Information\_restore{***************************}\RP14\A0005085.vbs - VBS/Butsur.B worm

[Jing-jo]

NOD32 found a trojan in a file called vat301.exe but is unable to remove it. Ad-Aware doesn't pick it up at all. Anyone know of a way to get rid of it?

Here's the path:

C:\Documents and Settings\Administrator\My Documents\vaxsetup.301.exe »NSIS »isecur.dll - Win32/TrojanDownloader.Zlob trojan

NOD32 also found a worm on my portabel hard drive that it can't quarantine or delete.

G:\System Volume Information\_restore{***************************}\RP14\A0005085.vbs - VBS/Butsur.B worm

try avg antivirus from www.grisoft.com

I had problems with mine for ages eventually gave up for a while then when i got a new laptop,installed zonealarm avg spybot and ad aware(which by the way will not pick up any viruses it's NOT designed to!)and made sure all were updated fully then I took out my desk tops many HDD's and individually checked them for viruses spyware and trackers using an external hdd case( these are very cheap now)

found 12 viruses on the original "c" drive that were not picked up by the software on the system "c" drive which just crashed everytime you ran software checks on it but when it was added as just another external drive the software from the laptop was able to run the checks fully no problem also found loads of trackers and other pooh

hope this hleps

[cdnvic]

Here's a removal program that should remove the VAT trojan http://downloads.subratam.org/Fixwareout.exe

The worm on your external drive is a bit trickier and must be deleted manually.

Boot into safe mode (F5 or F8 when windows starts loading)

Using Windows Explorer, go to your external drive and search for a file named autorun.inf and delete it.

Any removable drives including thumbdrives will have this on them if you've used them lately so do this first step to all of them before continuing.

Step 2:

go to start/run and type regedit

Navigate to: HKEY_Local_Machine\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

In the panel to the right look for an entry with Bha.dll.vbs in it (under the description) and right-click "delete"

Now go to:

HKEY_Current_User\Software\Microsoft\Internet Explorer\Main\Window Title\

again, find and delete any reference to Bha.dll.vbs

Use Windows explorer to find any other references to bha.dll.vbs and delete them too, if any remain.

You should be clean now.

To avoid these annoyances in the future, try booting into safe mode before connecting unknown external drives as some of these worms that are local to Thailand and SE Asia are not picked up as fast by the AV companies.

Edited March 8, 2007 by cdnvic

[sabajja]

Here's a good way to disable Autoplay on all drives:

Start=>Run type in "gpedit.msc" and click "Ok"

Goto: Administrative templates=>System

Doubleclick "Turn of autoplay"

Choose "Enabled all drives".

[Tywais]

Here's a good way to disable Autoplay on all drives:

Start=>Run type in "gpedit.msc" and click "Ok"

A safer way (can be dangerous using gpedit if not sure of what you are doing) is to use TweakUI (google and download)

[sabaijai]

Thanks for the assistance, very helpful. I'll follow the instructions you've generously provided and let you know how it works.