I tried 5 different apps but I can't keep this removed. It keeps reappearing
in the registry as HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan. Is there a
fix to remove this permanently?

"Michael" wrote:

> I tried 5 different apps but I can't keep this removed. It keeps reappearing
> in the registry as HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan. Is there a
> fix to remove this permanently?

Read these info:
http://www.castlecops.com/t224702-He...o_MS_Juan.html

http://www.bleepingcomputer.com/forums/topic135123.html

http://forums.techguy.org/malware-re...-sorry-ms.html
http://forum.avast.com/index.php?topic=36067.15

Right click on the subfolder on that Key and select permissions and assign
yourself a full control on that key then try the deletion, does it help?

Start in safe mode and try the deletion.
Try this tool:
http://www.ccleaner.com
HTH.
nass
---
http://www.nasstec.co.uk

I can delete MS Juan but it keeps coming back.

"nass" <nass@discussions.microsoft.com> wrote in message
news:BA3FFB13-04D0-455C-920F-296494D3786D@microsoft.com...
>
>
> "Michael" wrote:
>
>> I tried 5 different apps but I can't keep this removed. It keeps
>> reappearing
>> in the registry as HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan. Is
>> there a
>> fix to remove this permanently?
>
> Read these info:
> http://www.castlecops.com/t224702-He...o_MS_Juan.html
>
> http://www.bleepingcomputer.com/forums/topic135123.html
>
> http://forums.techguy.org/malware-re...-sorry-ms.html
> http://forum.avast.com/index.php?topic=36067.15
>
> Right click on the subfolder on that Key and select permissions and assign
> yourself a full control on that key then try the deletion, does it help?
>
> Start in safe mode and try the deletion.
> Try this tool:
> http://www.ccleaner.com
> HTH.
> nass
> ---
> http://www.nasstec.co.uk
>

FYI - http://www.microsoft.com/security/po...=Win32%2fVundo
Vundo (McAfee)
Trojan:Win32/Vundo.K (Microsoft)
Vundo.gen18 (Norman)
Summary
Win32/Vundo is a multiple-component family of programs that deliver 'out of context'
pop-up advertisements. They may also download and execute arbitrary files.
Vundo is often distributed as a DLL file and installed on an affected machine as a Browser
Helper Object (BHO) without a user's consent. This family uses advanced defensive and
stealth techniques to escape detection and to hinder removal.

For assistance -

Try the Security - Viruses Newsgroup

OE client -
news://msnews.microsoft.com/microsof...security.virus
or
Web client -
http://www.microsoft.com/communities...&lang=en&cr=us


--

TaurArian [MVP] 2005-2009 - Update Services
http://taurarian.mvps.org
======================================
How to ask a question: http://support.microsoft.com/kb/555375
Computer Maintenance: Acronis / Diskeeper / Paragon / Raxco


"Michael" <reply@spam.com> wrote in message news:e9djNg73IHA.1192@TK2MSFTNGP05.phx.gbl...
|I can delete MS Juan but it keeps coming back.
|
| "nass" <nass@discussions.microsoft.com> wrote in message
| news:BA3FFB13-04D0-455C-920F-296494D3786D@microsoft.com...
| >
| >
| > "Michael" wrote:
| >
| >> I tried 5 different apps but I can't keep this removed. It keeps
| >> reappearing
| >> in the registry as HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan. Is
| >> there a
| >> fix to remove this permanently?
| >
| > Read these info:
| > http://www.castlecops.com/t224702-He...o_MS_Juan.html
| >
| > http://www.bleepingcomputer.com/forums/topic135123.html
| >
| >
http://forums.techguy.org/malware-re...-sorry-ms.html
| > http://forum.avast.com/index.php?topic=36067.15
| >
| > Right click on the subfolder on that Key and select permissions and assign
| > yourself a full control on that key then try the deletion, does it help?
| >
| > Start in safe mode and try the deletion.
| > Try this tool:
| > http://www.ccleaner.com
| > HTH.
| > nass
| > ---
| > http://www.nasstec.co.uk
| >
|
|

Michael wrote:
> I can delete MS Juan but it keeps coming back.
>
> "nass" <nass@discussions.microsoft.com> wrote in message
> news:BA3FFB13-04D0-455C-920F-296494D3786D@microsoft.com...
>>
>> "Michael" wrote:
>>
>>> I tried 5 different apps but I can't keep this removed. It keeps
>>> reappearing
>>> in the registry as HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan. Is
>>> there a
>>> fix to remove this permanently?
>> Read these info:
>> http://www.castlecops.com/t224702-He...o_MS_Juan.html
>>
>> http://www.bleepingcomputer.com/forums/topic135123.html
>>
>> http://forums.techguy.org/malware-re...-sorry-ms.html
>> http://forum.avast.com/index.php?topic=36067.15
>>
>> Right click on the subfolder on that Key and select permissions and assign
>> yourself a full control on that key then try the deletion, does it help?
>>
>> Start in safe mode and try the deletion.
>> Try this tool:
>> http://www.ccleaner.com
>> HTH.
>> nass
>> ---
>> http://www.nasstec.co.uk

But you need to boot to Safe Mode, and run at least, a good a/v program
and a good spyware program to remove whatever keeps reapplying that
registry entry.

"Safe Mode with Networking" should allow you to update your compromised
a/v software before the full scan.

And as a last resort, or just as further protection against the next
infection, Spybot S&D includes "Tea Timer" which alerts you to registry
changes. Once you set it to not allow that change, and to remember the
reply, you shouldn't see it added again. Tea Timer can also alert you
to other changes, but it is a nuisance at times.. You can turn off the
alerts at each remembered block or allow operation though.

--
Joe =o)

On Sun, 6 Jul 2008 15:31:01 -0700, "Michael" <reply@spam.com> wrote:

>I can delete MS Juan but it keeps coming back.
>
>"nass" <nass@discussions.microsoft.com> wrote in message
>news:BA3FFB13-04D0-455C-920F-296494D3786D@microsoft.com...
>>
>>
>> "Michael" wrote:
>>
>>> I tried 5 different apps but I can't keep this removed. It keeps
>>> reappearing
>>> in the registry as HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan. Is
>>> there a
>>> fix to remove this permanently?
>>
>> Read these info:
>> http://www.castlecops.com/t224702-He...o_MS_Juan.html
>>
>> http://www.bleepingcomputer.com/forums/topic135123.html
>>
>> http://forums.techguy.org/malware-re...-sorry-ms.html
>> http://forum.avast.com/index.php?topic=36067.15
>>
>> Right click on the subfolder on that Key and select permissions and assign
>> yourself a full control on that key then try the deletion, does it help?
>>
>> Start in safe mode and try the deletion.
>> Try this tool:
>> http://www.ccleaner.com
>> HTH.
>> nass
>> ---
>> http://www.nasstec.co.uk
>>
>

Are you using any registry security programs ?- they can stop you
editing the registry .

"Elmo" wrote:

> Michael wrote:
> > I can delete MS Juan but it keeps coming back.
> >
> > "nass" <nass@discussions.microsoft.com> wrote in message
> > news:BA3FFB13-04D0-455C-920F-296494D3786D@microsoft.com...
> >>
> >> "Michael" wrote:
> >>
> >>> I tried 5 different apps but I can't keep this removed. It keeps
> >>> reappearing
> >>> in the registry as HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan. Is
> >>> there a
> >>> fix to remove this permanently?
> >> Read these info:
> >> http://www.castlecops.com/t224702-He...o_MS_Juan.html
> >>
> >> http://www.bleepingcomputer.com/forums/topic135123.html
> >>
> >> http://forums.techguy.org/malware-re...-sorry-ms.html
> >> http://forum.avast.com/index.php?topic=36067.15
> >>
> >> Right click on the subfolder on that Key and select permissions and assign
> >> yourself a full control on that key then try the deletion, does it help?
> >>
> >> Start in safe mode and try the deletion.
> >> Try this tool:
> >> http://www.ccleaner.com
> >> HTH.
> >> nass
> >> ---
> >> http://www.nasstec.co.uk
>
> But you need to boot to Safe Mode, and run at least, a good a/v program
> and a good spyware program to remove whatever keeps reapplying that
> registry entry.
>
> "Safe Mode with Networking" should allow you to update your compromised
> a/v software before the full scan.
>
> And as a last resort, or just as further protection against the next
> infection, Spybot S&D includes "Tea Timer" which alerts you to registry
> changes. Once you set it to not allow that change, and to remember the
> reply, you shouldn't see it added again. Tea Timer can also alert you
> to other changes, but it is a nuisance at times.. You can turn off the
> alerts at each remembered block or allow operation though.
>
> --
> Joe =o)


I think Michael need to run a thorough scan again and then Delete all
restore points then recreate a new one by doing this:
Right click on "My Computer" select properties then click on System Restore
Tab and checking this check box:
[ ] Turn OFF System Restore on all drivers

Click [Apply] then [OK].
Repeat the steps again and this time Uncheck the check Box:
[ ] Turn OFF System Restore on all drivers

Click [Apply] then [OK].
Reboot your machine, do you still see the Entry for the Trojan?

Also jimbo571 Opera (lol) given a good option that if you are running a
security software in real time can block the chamges and on Restart all comes
back to original settings.
HTH