Im not actually danish. Lars Bohinen is a a Norweigen footballer. But i dont understand Norweigen either! Well Norton didnt pick up on any anything at all. Mind you I didnt execute the dust.exe files in C:\winnt etc There is nothing much on the web it appears on dust.exe Do you use kazaa? I think this is where the problem may have originated from. After dust.exe runs it enables file sharing when previously it was disabled?

0

I noticed dust.exe running 2 days ago. I'm always a little suspicious, so whenever I log on I check the Task Manager to see if anything is running that shouldn't be. I saw dust.exe, and closed it. I then searched out and deleted the 2 or 3 dust files on my hard drive. I also took it out of my registry. I use Kazaa also, so maybe this is something new floating around on there. Luckily I found it before it could do any harm. Funny that no virus software caught it, though...

0

yeah, I have my system running on 1gig of ddr400 and the system was using about 500MB+ of system resources and I got curious and started deleting all dust.exe files and editing the dust.exe registry entries.. So far I only have 1.. and I think this spreads through networks.. because my xp workstation had this dust.exe thing... and my windows 2003 enterprise server had the same problem, but not to the same effect as the workstation.. my server had only like 1 file and no reg entries.. hm. I hope its not a destructive virus, that is, if it is a new virus.

0

Just deleted those files on my system today, it did come off of kazaa, cause i downloaded something thinking it was something that i was actually looking for and here it turned out to be this 'dust' virus, it turned everything .exe file that was in my shared folder into itself and also placed itself in some other folders which i ended up deleting everything i could find that belonged to it. Every time i boot up though, a window pops up saying it cant find 'dust.exe', how do i take care of this problem, cause i looked in the startup list and it doesnt appear to be listed there, anywhere else i need to look? Thanks!

0

Yes RobbyD you need to edit your registry sir? Done that before? If not be careful because screwing around in there can cause major probs. Will be loads of stuff on the web about it. But essentially Start-->Run then type--> regedit --> then find the key below (read previous posts) and delete it if its there- if not try a registry search for 'dust' etc and delete suspect keys. But make sure you back up the registry first in case you need to restore it later if you end up deleting something you shouldnt have!!! This is the one I found and removed. There may be others but if no Anti-Virus pros have it disected yet then who knows what other things dust is upto? ------------ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon shell explorer.exe dust.exe -------------- PS> Definetely delete all exe's in the Kazaa shared folder and other places where perhaps another infected exe has been moved to? That could be very painful for some... -------------- PSS> Just checked mcafee site for 'dust' and found AngelDust1.0 virus or Skism 1992 has similar characteristics but its +10 years old and doesnt appear to want to create dust.exe's everywhere. A new variant maybe? http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=1113

0

This file dust.exe does not contain a virus sig yet or my av software would have caught it. A bit of a nuicance but I hope I've cleaned it up by doing the following: In the reg key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon the "Shell" value should be changed from "explorer.exe dust.exe" back to "explorer.exe". That was the only instance of dust found in the reg. Found 11,120 KB app Dust.exe in the c:\windows,c:\windows\temp and c:\windows\system32, and c:\windows\prefetch had DUST.EXE-2B66B177.pf (64KB) and DUST.EXE-373C304C.pf (44 KB). I moved them to the recycle bin for now. My c:\windows\win.ini and c:\windows\system.ini were ~~snicker~~ "clear of dust". At a dust search at vil.mcafee.com found a variant of Mini-45 virus called dust, but it's been around for over 10 years. I suspect this is a new nuicance that hasn't caught AV companies attention yet. I hope I've seen the last of this one but it looks from some of these posts speak of real damage possibilities... Neil

0

I just got it too, vupti.exe file automatically installed in winNT folder when i went to a web page somewhere. It then started trying to dial out through my suprasonic modem (which is disconnected since i have a cable modem) and tried to connect to the internet, but my settings on zone alarm picked it up. Deleted the exe file in the winNT directory and this icon that it created on the desktop called "liveplayer" - but no dust.ext process was running in the task manager..

0

Ya I had the same problem. I downloaded a .exe file on kazaa lite 109mb in size. and the dust virus replicated all files in my shared folder. NAV 2003 updated to 3/12/03 detects it but cannot remove it or repair it. According to symantec it is a worm which basically can be used by attackers to view your system. It automatically tries to connect to the net to notify its writer of your computer details. It spreads over networks also. My home wifi network was infected also even though only one machine has kazzaa on it. To remove it: 1.Disable System Restore. 2. Run a search for dust.exe then delete the 2 files. One is in C:\winnt\system\ the other in c:winnt\temp. (I had difficulty deleting them on an xp machine so just move them to another folder and delete the folder. That worked.) 3. In the registry (to access registry type regedit in "run" on start menu) delete the entry "explorer.exe dust.exe" in the following folder: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon as lars said. Hope that helps guys, Any problems, let me know

0