|
For remove Backdoor.win32.ruledor.c virus,please clean/delete all Backdoor.win32.ruledor.c infected files and Delete/Modify any values Backdoor.win32.ruledor.c added to the registry as following:
Backdoor.win32.ruledor.c is part of the backdoor family of malicious programs intended for remote administration.
The victim computer can be remotely controlled and caused to execute the commands described in the file http://sds.cl**ch.com/ie/control.dat. The program downloads this file when starting. Backdoor.win32.ruledor.c can also download and install other programs unnoticed.
Some incidents have been detected where a wide range of AdWare and Trojans have been downloaded and installed. creates the directory ClearSearch in the Program Files folder, Backdoor.win32.ruledor.c copies itself to this directory under the name loader.exe and registers as an autorun key in the system registry:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Backdoor.win32.ruledor.c virus file:
C:\Documents and Settings\Rosanne\Application Data\GTek\GTUpdate\AUpdate\DellSupport\glog.log
C:\Documents and Settings\Rosanne\Application Data\GTek\GTUpdate\AUpdate\EasyLinkAdvisor\glog.log
C:\Documents and Settings\Rosanne\Application Data\GTek\GTUpdate\AUpdate\EasyLinkAdvisor\LinksysAgent.log
C:\Documents and Settings\Rosanne\Application Data\GTek\GTUpdate\AUpdate\EasyLinkAdvisor\LinksysAgent_gdql_lsa.log
C:\Documents and Settings\Rosanne\Application Data\GTek\GTUpdate\AUpdate\EasyLinkAdvisor\LinksysAgent_GTActions.log
C:\Documents and Settings\Rosanne\Cookies\INDEX.DAT
C:\Documents and Settings\Rosanne\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat
C:\Documents and Settings\Rosanne\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat
C:\Documents and Settings\Rosanne\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG
C:\Documents and Settings\Rosanne\Local Settings\Application Data\Musicmatch\Jukebox\mmjbaltlog.txt
C:\Documents and Settings\Rosanne\Local Settings\Application Data\Musicmatch\Jukebox\mmjblog.txt
C:\Documents and Settings\Rosanne\Local Settings\Application Data\Musicmatch\MIM\Database\Default.ldb
C:\Documents and Settings\Rosanne\Local Settings\Application Data\Musicmatch\MIM\Database\Default.mdb
C:\Documents and Settings\Rosanne\Local Settings\Application Data\SupportSoft\DellSupportCenter\Rosanne\state\logs\sprtcmd.log
C:\Documents and Settings\Rosanne\Local Settings\History\History.IE5\INDEX.DAT
C:\Documents and Settings\Rosanne\Local Settings\History\History.IE5\MSHist012008072920080730\index.dat
C:\Documents and Settings\Rosanne\Local Settings\History\History.IE5\MSHist012008080120080802\index.dat
C:\Documents and Settings\Rosanne\Local Settings\Temp\hsperfdata_Rosanne\5780
C:\Documents and Settings\Rosanne\Local Settings\Temp\JET6B3E.tmp
C:\Documents and Settings\Rosanne\Local Settings\Temp\xx10
C:\Documents and Settings\Rosanne\Local Settings\Temp\xx11
C:\Documents and Settings\Rosanne\Local Settings\Temp\xx2
C:\Documents and Settings\Rosanne\Local Settings\Temp\xx3
C:\Documents and Settings\Rosanne\Local Settings\Temp\xx4
C:\Documents and Settings\Rosanne\Local Settings\Temp\xx5
C:\Documents and Settings\Rosanne\Local Settings\Temp\xx6
C:\Documents and Settings\Rosanne\Local Settings\Temp\xx7
C:\Documents and Settings\Rosanne\Local Settings\Temp\xx8
C:\Documents and Settings\Rosanne\Local Settings\Temp\xx9
C:\Documents and Settings\Rosanne\Local Settings\Temporary Internet Files\Content.IE5\index.dat
C:\Documents and Settings\Rosanne\My Documents\wallpapers\turkeydance-us.exe/ClrSchP048.exe Infected: Backdoor.Win32.Ruledor.c skipped
C:\Documents and Settings\Rosanne\My Documents\wallpapers\turkeydance-us.exe StarDust: infected - 1 skipped
C:\Documents and Settings\Rosanne\NTUSER.DAT
C:\Documents and Settings\Rosanne\ntuser.dat.LOG
C:\Program Files\Cobian Backup 8\DB\log.txt
C:\Program Files\Cobian Backup 8\Settings\Dick Positions.ini
C:\Program Files\Cobian Backup 8\Settings\Dick Settings.ini
C:\Program Files\Common Files\Real\Toolbar\RealBar.dll Infected: not-a-virus:AdWare.Win32.MegaSearch.s skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1182\change.log
C:\WINDOWS\Debug\PASSWD.LOG
C:\WINDOWS\SchedLgU.Txt
C:\WINDOWS\SoftwareDistribution\DataStore\DataStore.edb
C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log
C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb
C:\WINDOWS\SoftwareDistribution\EventCache\{2A10310D-B903-4ACE-9407-10B2A7E5D96B}.bin
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log
C:\WINDOWS\Sti_Trace.log
C:\WINDOWS\SYSTEM32\CatRoot2\edb.log
C:\WINDOWS\SYSTEM32\CatRoot2\edbtmp.log
C:\WINDOWS\SYSTEM32\CatRoot2\tmp.edb
C:\WINDOWS\SYSTEM32\CONFIG\AppEvent.Evt
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG
C:\WINDOWS\SYSTEM32\CONFIG\Internet.evt
C:\WINDOWS\SYSTEM32\CONFIG\SAM
C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG
C:\WINDOWS\SYSTEM32\CONFIG\SecEvent.Evt
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG
C:\WINDOWS\SYSTEM32\CONFIG\SysEvent.Evt
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG
C:\WINDOWS\SYSTEM32\H323LOG.TXT
C:\WINDOWS\SYSTEM32\LogFiles\HTTPERR\httperr4.log
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.BTR
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.MAP
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING.VER
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING1.MAP
No Other remove tool or remove process:
For successful remove Backdoor.win32.ruledor.c virus,you may also need do as following:
1. Temporarily Disable System Restore .
2. Update the virus definitions. Reboot computer in SafeMode;
3. Delete the IE temp files,some Backdoor.win32.ruledor.c temp file exisit there.
4.If you failed to remove Backdoor.win32.ruledor.c,please go to our remove help forum:http://help.antiviruses123.com
| 
