My system's configuration is : Intel Pentium 4 @2.4GHz processor, Intel mother board, 256MB DDR SDRAM (266MHz), Samsung 40GB HDD(7200rpm), 56KBps internal modem. I have Win 98 and Win XP Prof .I face the following problems:
A little while after I have connected with the Internet, a window appears : Do you want to save this file?
Name: a.php Type: Unknown file type From: www.cansew.ca
This window appears every time I am connected to the Net. I have installed Ad-Aware SE personnel 1.06r1. I have tried to tackle the problem by scanning through Ad-Aware but it still exists.
Soon after the above problem occurred, I removed all the a.php files from my hard disk. Now, when the system is booted to Win 98, after sometime it automatically shuts down and I am unable to use Win 98. Also, Regedit is not working on Win XP. Please suggest solutions.
If your system requests you to download a.php file from www.cansew.ca, then your computer is infected with the Trojan.Lodear.H(Symantec). This is a Trojan horse that attempts to download remote files. This may spread as an e-mail zip attachment.
To remove the Trojan.Lodear.H.
First disable the "System Restore" in Win XP by right-clicking on My Computer - select Properties - System Restore tab. Enable (tick) the option "Turn off System restore on all drives". You may normalise system restore after you have completely removed the Trojan. Next update the virus definition files of your anti-virus product to the latest.
Now boot your system in safe mode and run a full system scan. To start the system in safe mode, keep pressing the F8 Function key when the system starts and in the menu that appears select the Safe Mode option. Now perform a full system scan, delete all the infected files found and restart your system.
You have mentioned that regedit is not working in Win XP. The viruses may have modified the registry to prevent access to the registry editor. Symantec tool is available at this URL: http://securityresponse.symantec.com/
shellopencommand.registry.keys.html. Please download the file UnHookExec.inf and save it to your Windows desktop. Right-click the UnHookExec.inf file and click install. (It does not display any boxes when you run it). With this, regedit ought to work.Next you have to remove the following registry entries. To do this, please click Start - Run - type "regedit" and click ok. Please be careful while making changes in the Registry. Navigate "HKEY_LOCAL_MACHINE\SOFTWARE\
Microsoft\Windows\CurrentVersion\Run" and "HKEY_CURRENT_USER\Software\
Microsoft\Windows\CurrentVersion\Run". Here in the right pane, delete the value: "anti_troj" = System\anti_troj.exe".
Next Navigate to and delete the subkey: "KEY_CURRENT_USER\Software\
FirstRRRun". Now Exit the Registry Editor.
You can try the Trojan.Lodear Removal Tool (Symantec) available at http://securityresponse.symantec.com/avcenter/FxLodear.exe . If you are `unable to update', you can carry out a free online virus scan. The Security Check is available at this URL: http://www.symantec.com/cgi-bin/securitycheck.cgi.Please update anti-virus definition on a regular basis.
Solution by M. Sampath