Fenestra logo
Technical Bulletin
home about us news jobs contact us
 
 
FENESTRA PRODUCTS

 

Connect CRM


AnswerDesk


Housebuilder Suite


Business Systems


Website Design


Technical Bulletin

Richard Fieldhouse, 16/08/01

We had the Trojan.VirtualRoot on a Window 2000 PC and had failed to remove it following the standard instructions offered in various forms by Symantec. We eventually achieved success by using the procedure detailed below. It does not require the re-installation of the operating system that Symantec had suggested.
We had downloaded and run the removal tool from Symantec several times. We had installed a patch from Microsoft and tried to remove Trojan manually. According to the Symantec guide there should have been two explorer.exe processes shown in the processes pane of the windows Task Manager but we had only one.
And then - Bingo! We got rid of it. If you are in the same situation (removal tool not working and only one c:\explorer.exe process) you can try our solution.

Although this procedure worked for us, you will understand that we can accept no formal responsibility if problems occur as a result of following the procedure below.

Here is how we did it:

1. Log in as the local machine Administrator.

2. Open a command prompt by clicking on start , then run.

3. Type in cmd and hit enter, leave this window open.

4. Open Task Manager, click processes tab.

5. Select explorer.exe and click End Process.

6. Go back to cmd window and type C:\WINNT\EXPLORER.EXE. This starts the original explorer.

7. Do a search for files called explorer.exe (start, search).

8. Select the file c:\explorer.exe which is the infected file and right click.

9. Go to properties option and select the security tab, take ownership and click the apply button.

10. Close the properties window for the infected file and then re-open it as before.

11. On the security tab add Everyone and give them full control. On the General tab clear the read-only check box. That is - give read-write access to everyone.

12. In cmd window type cd c:\ , hit enter. This means that the file is no longer hidden and no longer a system file.

13. Type the command attrib -h -s explorer.exe, hit enter.

14. Then type del explorer.exe.

15. Re-start the PC.

 
Back to Top
Connect CRM | AnswerDesk| Housebuilders Product Suite | Business Systems & Web Design
Copyright @ 2007 Fenestra Ltd. All Rights Reserved