Contact Us

Home > Infected By > Infected By Raila Virus (a Malicious 32 Bit Pe File)

Infected By Raila Virus (a Malicious 32 Bit Pe File)

Thing is Windows does an autoplay for any removable disk[quote]thanksRe: House Beware Of Raila Odinga Virus by Ibime(m): 6:46pm On Sep 24, 2008 Kaspersky antivirus always does the job for me. You are always welcome! The newer variants are more harder to detect as they hardly popup, instead infect html files by appending the code "" at the end of web documents (.htm, .html) Given that several variants of the same virus seem to be released daily, its impact has been felt locally, especially by Cybercafe operators who seem to be incubating the virus and navigate here

Lets use another tool to get a better look at things. This is difficult to detect as these programs may be flagged by AV software as malicious yet the user knows that he acquired the program from a reliable source. Basically during compilation the code above includes the virus file into the installer which when the installation of the particular program completes the function copies the virus file to c:\Hummer.exe and Long live JFClick to expand...

Press enter (This removes the attributes of the viruses to expose them )6 - If your explorer window of the drive is open and in view, you'll see the extra files/viruses. Technical details This Trojan has a malicious payload. O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat If you're not already familiar with forums, watch our Welcome Guide to get started.

But given that the Nullsoft Install System is largely used by non-microsoft programmers (Microsoft has own installer uses MSI technology) who are really few and most of whom are very likely It's good to know reformatting isn't necessary. Click Start, right-click My Computer, and then click Properties. 2. The differences may occur as they may have obtained different samples of the same virus from various sources.

Upon running, it drops and displays a picture file of "Raila Odinga", this is just an attention drawer. Malwarebytes' Anti-Malware Press here Thank you for downloading Malwarebytes Anti-Malware from Download.com 7. I installed HijackThis and SmitFraudFix: This are the results of HijackThis and SmitFraudFix: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:32:56 PM, on 9/29/2007 Platform: Windows XP SP2 (WinNT https://www.windowsbbs.com/threads/raila-virus-alias-trojaj-nsis-voter-a.67902/ Please re-enable javascript to access full functionality.

So why so many different yet undetectable copies of the same virus with different icons. The file is a nullsoft installer file. or read our Welcome Guide to learn how to use this site. Overview Detection was added to cover for a malicious 32 bit PE file originally called "Raila Odinga.exe" , having a filesize of 97.579 bytes.

You can not install any antivirus? https://forums.techguy.org/threads/how-to-remove-trojan-nsis-voter-a.630795/ Thread Status: Not open for further replies. It's nice to share experiences thru forums. - 0 people likes SnEafer Senior Member #12 Apr 8, 2009 Joined: Apr 1, 2009 Messages: 154 Likes Received: 0 Trophy Points: 0 Learn More.

They are spread manually, often under the premise that the executable is something beneficial. http://lsthemes.com/infected-by/infected-by-expiro-du-virus-what-do-i-do.html Manual infection - there's no exploit associated to it Aliases DR/NSIS.Voter.A (H+Bedv), TROJ_VOTERAI.A (Trend), Trojan.NSIS.Voter.a (Kaspersky), W32/Voterai.worm.b, Worm/Generic.BQP (Grisoft) Back to Top View Virus Characteristics Virus Characteristics ---------- Updated Removal instructions If your computer does not have an up-to-date antivirus, or does not have an antivirus solution at all, follow the instructions below to delete the malicious program: * Use O4 - Global Startup: TVR Schedule.lnk = ?

There is no virus it cannot take down.Re: House Beware Of Raila Odinga Virus by Seun(m): 6:53pm On Sep 24, 2008 Thanks, Webmonk and others. Newer Than: Search this thread only Search this forum only Display results as threads Useful Searches Recent Posts More... More... his comment is here When W32/Voter-B spreads, it copies itself as well as the following files: -- autorun.inf (clean) -- autorun.exe (copy of W32/Voter-B) -- Ralia Odinga.exe (copy of W32/Voter-B) -- Ralia Odinga.gif (clean) --

Overview Detection was added to cover for a malicious 32 bit PE file originally called "Raila Odinga.exe" , having a filesize of 97.579 bytes. If you can't find these files in your system, they are actively masking themselves! Close all applications and windows.

Most of the updates are already useless as new variants of the virus seem to evade detection and use new infection techniques undetectable heuristically.

The virus seems to have been compiled using a number of different icons most commonly the MS Word icon and the JPEG icon which make it difficult for users to differentiate All rights reserved. Select Safe Mode with Networking from the resulting menu.4. Read more...

To Remove Odinga Raila.gif and Kibaki Tosha Tena Virus in you Computer Download and Scan By Using Both Super Anti-Spyware Press here SUPERAntiSpyware.com - AntiAdware, AntiSpyware, AntiMalware! Post your responsesRe: House Beware Of Raila Odinga Virus by PurestBoy(m): 7:33pm On Sep 24, 2008 Thank God I'm not the only one whose system is suffering from this malicious malware. backup-20070929-135250-232 O4 - Startup: scan.lnk = ? http://lsthemes.com/infected-by/infected-by-autorun-vbs-virus-need-help.html Join over 733,556 other people just like you!