Discovered: March 20, 2008
Updated: March 20, 2008 5:21:47 AM
Type: Trojan
Infection Length: 11,264 bytes
Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows Vista, Windows XP
Trojan.Dronjaga
Risk Level 1: Very Low
When executed, the Trojan copies itself as the following file:
%System%\userinit.exe
The original version of the above file is copied as the following file:
%System%\userini.exe
The compromised computer is unable to restart.
The Trojan attempts to download a potentially malicious file from the following URL:
[http://]djaga-djaga.cn/harisma/gate[REMOVED]
This url is no longer available wonder why???? please dont attempt too unless you know what you doing and if you do be cool to talk to you.
Removing the beast is as follows:
- Restart the computer using the Windows Recovery Console
- Disable System Restore (Windows Me/XP).
- Update the virus definitions.
- Run a full system scan.
For specific details on each of these steps, read the following instructions.
1. To restart the computer using the Windows Recovery Console
To remove this threat it is necessary to restart the computer and run the Windows Recovery Console. For full details on how to do this please read the Microsoft Knowledge Base article, How to install and use the Recovery Console in Windows XP.
- Insert the Windows XP CD-ROM into the CD-ROM drive.
- Restart the computer from the CD-ROM drive.
- Press R to start the Recovery Console when the "Welcome to Setup" screen appears.
- Select the installation that you want to access from the Recovery Console.
- Enter the administrator password and press Enter.
- Type cd I386.
- Press Enter.
- Type copy USERINIT.EX_ C:\windows\system32\userinit.exe
- Press Enter.
- Type exit
- Press Enter. The computer will now restart automatically.
I hope this information is helpful never give up no matter how many times you have to try good luck. many thanks for all the comments people leave me I read them daily.
