Discovered: October 26, 1999
Updated: February 13, 2007 11:54:35 AM
Also Known As: RingZero.gen Trojan, Trojan.Rhino
Type: Trojan Horse
To remove this Trojan, delete files detected as RingZero.Trojan, and remove references from the \Run key.
To delete the files:
- Run LiveUpdate to make sure that you have the most recent virus definitions.
- Start Norton AntiVirus (NAV), and run a full system scan, making sure that NAV is set to scan all files.
- Delete any files detected as RingZero.Trojan. If NAV is not able to delete the files, do the following:
- Write down the names and locations of the files that NAV detected.
- Restart the computer in MS-DOS mode, or boot to a clean DOS boot floppy disk.
- Delete the detected files from the \Windows\System folder.
- Delete the Its.dat and Ring0.dat files from the \Windows\System folder.
- Restart Windows.
To edit the registry:
CAUTION: We strongly recommend that you back up the system registry before making any changes. Incorrect changes to the registry could result in permanent data loss or corrupted files. Please make sure you modify only the keys specified. Please see the document
How to back up the Windows registry before proceeding.
- Click Start, and click Run. The Run dialog box appears.
- Type regedit and then click OK. The Registry Editor opens.
- Navigate to the following key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
- In the right pane, look for the following values, and if found, delete them:
DK32 support PST "pst.exe"
DK32 support ITS "its.exe"
Description of EPS II "telnet23.exe"
Writeup By: Wason Han
Technorati
Digg
Delicious
Reddit
StumbleUpon
Yahoo Buzz
Twitter
Facebook
Newsvine