[Resolved] Sub7 trojan HELP!!

Hi all,
I just downloaded the free copy of Norton antivirus from symatics
web site and I discovered that I have a sub 7 trojan on my comp.
I quarentineed the virus with the Norton program. Now I have another problem.
A window keeps popping up every time I try to click on something
it says:

Windows Cannot find xbekkicxkufo.exe
This program is needed for opening files
of type 'Application'

I have no idea how to get around windows looking for this file.
Everything I click on gives me that pop up message.

I'm on a friends computer right now so that I can get some help


Anybody have any Idea what I can do to get around this

Thanks and hope you can help

 

Go <a href=http://home.earthlink.net/~rmbox/Reticulated/Only_IE.html> here</a> and download exefix08.com

Once it's downloaded, double left click on it to execute it.

Now try your programs.

Assuming that works, rerun the Nortons scan and be sure your clean. And then I'd suggest you go <a href=http://www.moosoft.com/> here</a> and download the trial version of the Moosoft Trojan Cleaner and see if it comes back clean, too.

Let us know what happens.

 

Norton quarantined the file but did not repair the registries "shell open" entries which the trojan associated itself to.

Typically when this happens you are still able to access the internet with IE and download files.

The exefix08 file at the site below will repair the registry and should allow you to run exes.

Download, unzip it and double click it to run. If you need an unzipped version, you can get it from the Only IE link at the bottom of the page. If you cannot run the .com file try the .reg or .inf versions from the Only IE link.

http://home.earthlink.net/~rmbox/Reticulated/Toys.html

If you still have problems afterwards, run the startuplog.com file and copy/paste the contents of startuplog.txt file which it creates to a reply

 

Hey all,
Thanks for the help that seemed to do the trick.

I went through all those files that were on the link above and got everything worked out.

One thing though,
I noticed in one of those files, it said I was supposed to have in the win.ini
a: run =

and some other word that ends in =
with nothing after them,
But I don't have that in my win.ini

This is what I have:

[Internal]
Device=*mbexrt
Working=1
Settings=001010010110101001
Date=2000-04-30
Machine=Standard PC
System=1005260826
Device=*mbexrt
Working=1
Settings=001010010110101001
Date=2000-04-30
Machine=Standard PC
System=1005175076

[COMPATIBILITY]
INSTALL=0x00400000

[Embedding]
Package=Package,Package,packager.exe,picture
midfile=MIDI Sequence,MIDI Sequence,C:\WINDOWS\mplayer.exe /mid,picture
SoundRec=Wave Sound,Wave Sound,C:\WINDOWS\sndrec32.exe,picture
avifile=Video Clip,Video Clip,C:\WINDOWS\mplayer.exe /avi,picture
PBrush=Paintbrush Picture,Paintbrush Picture,C:\Progra~1\Access~1\MSPAINT.EXE,picture
Wordpad.Document.1=WordPad Document,WordPad Document,C:\PROGRA~1\ACCESS~1\WORDPAD.EXE,picture
ComicChat.Room.1=Comic Chat Room,Comic Chat Room,C:\PROGRA~1\Chat\CChat.exe,picture
Imaging.Document=Image Document,Image Document,C:\WINDOWS\KodakImg.Exe,picture
WangImage.Document=Image Document,Image Document,C:\WINDOWS\KodakImg.Exe,picture

[Sounds]
SystemDefault=,

[Desktop]
Wallpaper=(None)

[extensions]
ZIP=C:\PROGRA~1\WINZIP\winzip32.exe ^.ZIP
LZH=C:\PROGRA~1\WINZIP\winzip32.exe ^.LZH
ARJ=C:\PROGRA~1\WINZIP\winzip32.exe ^.ARJ
ARC=C:\PROGRA~1\WINZIP\winzip32.exe ^.ARC
TAR=C:\PROGRA~1\WINZIP\winzip32.exe ^.TAR
TAZ=C:\PROGRA~1\WINZIP\winzip32.exe ^.TAZ
TGZ=C:\PROGRA~1\WINZIP\winzip32.exe ^.TGZ
TZ=C:\PROGRA~1\WINZIP\winzip32.exe ^.TZ
GZ=C:\PROGRA~1\WINZIP\winzip32.exe ^.GZ
Z=C:\PROGRA~1\WINZIP\winzip32.exe ^.Z
CAB=C:\PROGRA~1\WINZIP\winzip32.exe ^.CAB
UU=C:\PROGRA~1\WINZIP\winzip32.exe ^.UU
UUE=C:\PROGRA~1\WINZIP\winzip32.exe ^.UUE
XXE=C:\PROGRA~1\WINZIP\winzip32.exe ^.XXE
B64=C:\PROGRA~1\WINZIP\winzip32.exe ^.B64
HQX=C:\PROGRA~1\WINZIP\winzip32.exe ^.HQX
BHX=C:\PROGRA~1\WINZIP\winzip32.exe ^.BHX
MIM=C:\PROGRA~1\WINZIP\winzip32.exe ^.MIM

[MSCharMap]
Font=Symbol

 

Normally you would see those entries under the [Windows] header, right at the top of the file, and you could add them if you wish -- if the header isn't there you could add that too. But they would probably get added automatically by any program (legit or otherwise) that wants them.


[windows]
load=
run=