Discovered: February 5, 2001
Updated: February 13, 2007 11:53:45 AM
Type: Trojan Horse
To remove this Trojan, you need to:
- Scan for virus and then delete files detected as infected with this Trojan.
- Remove the value added to the RunServices registry key.
- Delete the file added by the Trojan.
See the sections that follow for detailed instructions.
To scan for viruses:
- Run LiveUpdate to make sure that you have the most recent virus definitions.
- Start Norton AntiVirus (NAV), and then run a full system scan, making sure that NAV is set to scan all files.
- If any files are detected as Backdoor.Netbus.444051, then click Delete.
To edit the registry:
CAUTION: We strongly recommend that you back up the system registry before making any changes. Incorrect changes to the registry could result in permanent data loss or corrupted files. Please make sure you modify only the keys specified. Please see the document
How to back up the Windows registry before proceeding.
- Click Start, and click Run. The Run dialog box appears.
- Type regedit and then click OK. The Registry Editor opens.
- Navigate to the following subkey:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices
- In the right pane, locate the Netbus Server Pro value. In the second column, just to the right of this value, note the path and file name that it refers to. Write this down.
- Select the Netbus Server Pro value, press Delete, and then click Yes to confirm.
- Click Registry and click Exit to save the changes and close the Registry Editor.
- Restart the computer.
To delete the file:
- Start Windows Explorer, and browse to the location that you wrote down in step 4 of the previous section.
- Locate and select this file, press Delete, and then click Yes to confirm.
Writeup By: Neal Hindocha
Technorati
Digg
Delicious
Reddit
StumbleUpon
Yahoo Buzz
Twitter
Facebook
Newsvine