Sunday, 22 July 2007

Damn virus... Infected by BackDoor-CVT trojan

This is the second virus attack I have had in 2 months. The first was the Vundo trojan, which was an absolute nightmare to clean.

Today, out of the blues, my McAfee virus scan caught the BackDoor-CVT trojan. A message sprang up stating that the "C:\Windows\system32\winmmt32.dll" file contained the BackDoor-CVT virus. I clicked the "Clean", "Delete" and "Quarantine" buttons, but McAfee displayed a message that the file was locked and that it could not clean it. Within me, I just thought, "Not another freaking virus that I have to suffer to get rid of". I literally felt like smashing my PC with a sledge hammer. Then the thought of buying a new hard disk and re-installing XP flew through my thouught, which seemed to be a more possible solution, costly but possible.

Patiently I waded through the almighty Google using various search string... "BackDoor-CVT", "winmmt32.dll", "how to clean winmmt32.dll BackDoor-CVT". I came across many articles, all with multiple ways to kill this damn thing. One guy even said "Why do idiots have to make these things ? What a pain.", and another guy responded, "I'm afraid its human nature". How true... bloody @r$e.

Fortunately, I managed to clean the BackDoor-CVT trojan much faster than the damned Vundo trojan. Bless the souls out there who have shared their problems and also bless the folks who have guided, advised and showed us the way to get rid of these pests.

I feel that it is important to share what I learn with others who might be (some day in the future) going through the similar problem. Well, here's how I managed to kill this muther funster of a trojan.
1. Run HijackThis
2. Put a check next to this entry:
O20 - Winlogon Notify: winmmt32 - C:\WINDOWS\SYSTEM32\winmmt32.dll
3. Click "Fix Checked"
4. Then download
Killbox
5. Select the "Delete on Reboot" option.
6. Enter the file name below:
C:\WINDOWS\SYSTEM32\winmmt32.dll
7. Click the red-and-white X button, which is the "Delete File" button.

8. Click "Yes" at the "Delete on Reboot" prompt.
9. Click "No" at the Pending Operations prompt.
NOTE: If the computer doesn't restart, just restart manually.

No comments: