Backdoor Trojan Removal
The following activities were performed:-
1.I observed that backdoor.trojan was infecting the files win.exe and dod.exe and Symantec was protecting them in this time of protection Symantec gave a popup of autoprotect . Also observed that this virus was causing the volume drives not to be opened by double clicking instead by rightclick >explore.
2.Now I tried to folder options and tried to unhide but folder options was not working so now by command prompt run >c:autorun.inf to check for exe file so it came as e:winfile.jpg
3.Now in run >cmd>I typed attrib -r –s –h autorun.inf to unhide it and attrib -r –s –h winfile.jpg .The file would appear and disappear so to solve this follow steps below.
a)DOWNLOAD LATEST RAPID RELEASE and deploy it on the client pc or if rapid release does not deploy download .xdb file and rename it from .zip to .xdb and paste it at c:documnetsandsettings/all users/ .Then turn off system restore and scan. After scanning then restart in normal mode , then check in
run>cmd>c:attrib –r – s –h winfile.jpg
c:attrib –r – s –h autorun.inf
Now try accessing the volume drives it will give error c:script not found winfile.jpg
Then in other volumes check the same as above mentioned steps .To ensure winfile.jpg and autorun.inf do not exist .Also ensure winscript.exe is not running in taskbar Then again restart the PC .