win32mersting.B - How to remove?



nemo
07-09-2005, 11:49 PM
WinXP. CA EZ Trust anti-virus.
A friend's system has the logjda.dll file on her hard drive. I cannot
remove it - it keeps saying Read-Only, even with the dos prompt and the
attrib program.
Can anyone help?

David H. Lipman
07-09-2005, 11:49 PM
From: "nemo" <no_address@not_hotmail.com>

| WinXP. CA EZ Trust anti-virus.
| A friend's system has the logjda.dll file on her hard drive. I cannot
| remove it - it keeps saying Read-Only, even with the dos prompt and the
| attrib program.
| Can anyone help?

Dump the contents of the IE Temporary Internet Folder cache (TIF)
Start --> Settings --> Control Panel --> Internet Options --> Delete Files

Dump the contents of the Mozilla FireFox Cache { if you use FireFox }
Tools --> Options --> Privacy --> Cache --> Clear


Download CLEAN.EXE from the URL --
http://www.ik-cs.com/programs/virtools/clean.exe

It is a self-extracting ZIP file that contains the Kixtart Script Interpreter
{ http://kixtart.org Kixtart is CareWare } three batch files, two Kixtart scripts, two Link
(.lnk) files and a PDF instruction file.

GETFILES.BAT -- For downloading (FTP) the files needed to run the McAfee Command Line
Scanner. You may have to disable your FireWall or allow FTP.EXE to go through your FireWall
to allow the FTP utility to download the needed files

CLEAN.BAT -- For running within Windows after running c:\mcafee\GetFiles.BAT. If you choose
to scan again at a future date, run this batch file. It will automatically check the date
of the McAfee DAT files and if it is a couple of days old, it will download (FTP) the latest
signature files and install them before performing the scan.

DOSCLEAN.BAT -- For use on a Win9x/ME PC or on a Win2K/WinXP PC that is using FAT32 after
you have booted from an Emergency Boot Disk or DOS disk and have already executed;
c:\mcafee\GetFiles.BAT from within Windows. DOS disk boot images can be obtained from;
http://www.bootdisk.com/bootdisk.htm

I need you to perform the following...

Execute; CLEAN.EXE
Choose; Unzip
Choose; Close

Execute; c:\mcafee\GetFiles.BAT
{ or Double-click on 'GetFiles Link' in c:\mcafee }

Reboot the PC into Safe Mode [F8 key during boot]

Shutdown as many applications as possible !
It would also help for you to read - "How to perform a clean boot in Windows XP"
http://support.microsoft.com/kb/310353

Execute; c:\mcafee\CLEAN.BAT
{ or Double-click on 'Clean Link' in c:\mcafee }

A final report in HTML format called C:\mcafee\ScanReport.HTML will be generated. At the
end of the scan, it will be displayed in your browser (Opera, FireFox or Internet Explorer).
It is suggested that you move the report out of c:\mcafee before performing another scan.
It would be a good idea to scan in Safe Mode and in Normal Mode and save a copy of the HTML
report for each session.


* * * Please report back your results * * *



--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm

plop
07-09-2005, 11:49 PM
"nemo" <no_address@not_hotmail.com> wrote in message
news:s0o2a19jmmd9kr0v5bj9fjokpiu54igbe6@4ax.com...
> WinXP. CA EZ Trust anti-virus.

http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?ID=39113

> A friend's system has the logjda.dll file on her hard drive. I cannot
> remove it - it keeps saying Read-Only, even with the dos prompt and the
> attrib program.

If the file system is FAT, simply create MS-Dos startup disk via XP's floppy
menu, restart using that floppy, CD to system32, rename
logjda.dll=logjda.old, reboot back to Windows, delete the file and clean the
mentioned reg key indicated on CA's page.

If the file system is NTFS, even easier:
You need to modify it's permissions to allow deletion.
Right click/properties/security/advanced:
Check the box to allow inherit permissions to everyone.
Apply/ok your way out. At this point eTrust should be able to delete it.

That's all it takes... ;)

nemo
07-09-2005, 11:49 PM
On Sat, 4 Jun 2005 09:29:05 -0400, "plop" <noone@spam> wrote:

>
>"nemo" <no_address@not_hotmail.com> wrote in message
>news:s0o2a19jmmd9kr0v5bj9fjokpiu54igbe6@4ax.com...
>> WinXP. CA EZ Trust anti-virus.
>
>http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?ID=39113
>
>> A friend's system has the logjda.dll file on her hard drive. I cannot
>> remove it - it keeps saying Read-Only, even with the dos prompt and the
>> attrib program.
>
>If the file system is FAT, simply create MS-Dos startup disk via XP's floppy
>menu, restart using that floppy, CD to system32, rename
>logjda.dll=logjda.old, reboot back to Windows, delete the file and clean the
>mentioned reg key indicated on CA's page.
>
>If the file system is NTFS, even easier:
>You need to modify it's permissions to allow deletion.
>Right click/properties/security/advanced:
>Check the box to allow inherit permissions to everyone.
>Apply/ok your way out. At this point eTrust should be able to delete it.
>
>That's all it takes... ;)
>
Thank you, gentlemen. I see her in the early part of next week and will be
applying your knowledge then.

nemo
07-09-2005, 11:49 PM
[snip]
>
>A final report in HTML format called C:\mcafee\ScanReport.HTML will be generated. At the
>end of the scan, it will be displayed in your browser (Opera, FireFox or Internet Explorer).
>It is suggested that you move the report out of c:\mcafee before performing another scan.
>It would be a good idea to scan in Safe Mode and in Normal Mode and save a copy of the HTML
>report for each session.
>
>
>* * * Please report back your results * * *
Thanx for your suggestion, very much indeed. I followed them to the letter
(and despaired at the number of suspicious .dll files the process found and
deleted) but in both configurations, the dos screen reported
logjda.dll - unable to open
Neither html report mentioned the file, at all, in any way, shape or form.
So the poxy thing is still there. It's looking more and more like a
re-install of WinXP unless you have more tricks up that sleeve???

Yoooors,

Iain.

David H. Lipman
07-09-2005, 11:49 PM
From: "nemo" <no_address@not_hotmail.com>


| Thanx for your suggestion, very much indeed. I followed them to the letter
| (and despaired at the number of suspicious .dll files the process found and
| deleted) but in both configurations, the dos screen reported
| logjda.dll - unable to open
| Neither html report mentioned the file, at all, in any way, shape or form.
| So the poxy thing is still there. It's looking more and more like a
| re-install of WinXP unless you have more tricks up that sleeve???
|
| Yoooors,
|
| Iain.

Iain, you have not identified the fully qualifed path to logjda.dll.
In the following stepteps you need to enter the full path to logjda.dll.

For example:
If the full path is...
c:\windows\system32\logjda.dll

Where you see...
C:\<full path>\logjda.dll

You need to enter...
c:\windows\system32\logjda.dll


If the scanner indicated "unable to open" on the DLL, the full path should be recorded in
C:\mcafee\ScanReport.HTML


Download Pocket KillBox
http://www.bleepingcomputer.com/files/spyware/KillBox.zip

Extract killbox.exe from the ZIP file.
Execute; KillBox.exe

Click on Tools --> Select; Delete Temp Files.

Choose; OK

In the Full Path of File to Delete box, type the entire following line exactly

C:\<full path>\logjda.dll

Select; Replace on Reboot

put a check in the box "Use Dummy"

Click The Red circle and a white X

When prompted to Replace on Reboot, click YES

If prompted to Reboot Now, Click YES

Allow the PC to shutdown

Reboot the PC into Safe Mode [F8 key during boot]

Execute; c:\mcafee\CLEAN.BAT
{ or Double-click on 'Clean Link' in c:\mcafee }


* * * Please report back your results * * *

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm


win32mersting.B - How to remove?