SillyDog701

[jillpmcd]

Hi guys! I'm back with more questions...
have a friend who has a really stubborn problem that he can't get rid of. He's running McAfee IS on a Sony Vaio laptop with XP Home. His computer has been exposed to some kind of trojan that he can't get rid of. The McAfee site identifies it, but doesn't tell how to get rid of it...
The McAfee warning prompt says his computer has been infected with: afxrootkit.gen.b and he has tried booting to last good config, tried quarantining in McAfee - but every time he reboots...it returns.
That's all the info I have for now...will see the computer tomorrow and may have more then. Just thought I'd throw out the info I have now and see if you guys had heard anything about this? It seems to place a stealthex.dll file in one of his Windows folders?
Is this a new thing? He just got back from China...could this be the computer verson of SARS???
Thanks everybody...

UserAgent: Mozilla/5.0 (Windows; U; Windows NT 5.1; rv:1.7.3) Gecko/20041001 Firefox/0.10.1

[Don_HH2K]

You might be able to boot the computer into Safe Mode from the F8 menu, and then try to delete the stealthex.dll file from your System32 folder. Another nasty part of Windows XP and ME is that they will copy just about everything into System Restore, including viruses and trojans, and therefore a system scan will result in the trojan being found in "C:\_RESTORE" or "C:\System Volume Information", neither of which you will be able to access because of NTFS permissions. So, all I can reccomend is to wait for the restore information to delete itself (which happens every so often) and then deleting the files themselves.

As for why McAfee won't remove it, you may have outdated virus definitions. Try to update your scan definitions with the SuperDat Update and see if it will clean then.

UserAgent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.2) Gecko/20040804 Netscape/7.2 (ax)