Dr.Web CureIt!
For removal of Trojan.DownLoader.based and other malware

Dr.WEB CureIt! is a FREE anti-virus and anti-spyware utility based on Dr.Web Anti-virus scanner. It will help you quickly scan and, if necessary, cure a Windows computer. CureIt is a ready-to-run executable program that does not require "installation" to cure infected systems. The good news: This means CureIt can be run from write-protected media to ensure it is not infected by the system(s) it cleans. The bad news: CureIt is designed to be a free run-on-demand utility and does not provide automatic updates or continual protection from viruses, spyware, and other malware. Dr.Web sells other software to fill that need.

Before cleaning malware from your computer, you may want to:

  1. back up important files
  2. print these removal/disinfection instructions
  3. disable system restore in Windows Me and newer computers
    (& disable hard drive protection on NPS UDT* computers)
  4. restart your computer in safe mode

* NPS UDT-XP (UDT version 3.0 or newer) users should disable UDT protection prior to running Dr.Web CureIt or other malware removal software on local disks such as your C: drive.

NOTE:  Depending on your operating system version, your web browser version, and the Dr.Web CureIt version, the screens you see may not exactly match the screens shown below but the procedural steps should be similar.

Download & Run CureIt!

1. Download the Software

Use one of the links below to download the free Dr.Web CureIt! virus/spyware/malware removal tool.

  • Download CureIt from the NPS web site
        (updated nightly; only takes a few seconds to download in-district)

                ... OR ...

  • Download CureIt from FreeDrWeb.com
        (may take a few minutes to download)

    Note: If your copy of CureIt is out of date you will be asked to update it from Dr.Web.com. Alternatively, you can download a recent copy using the NPS link above.

    You should see a File Download - Security Warning dialog box appear (shown at right). Clicking Run will download the CureIt software, then launch the program. Clicking Save will download the latest version of the CureIt software to a drive location you specify so you can run the program later.

  • Click Run (or Save)

    • 2. Run the Software

    In Internet Explorer you may see a dialog box requesting permission to run the software. Clicking the Run button allows IE to run the software.

  • Click Run

    • 3. Start the Software

    Next you'll see the green window background for the Dr.Web CureIt! software. Clicking Start in the green window runs the version already on your computer. If you just finished downloading the software (Step 1) then you will have the most current version and you should select Start. If you are running a copy of the program that you saved on a previous occasion and that might now be outdated, then you should click Update to make certain you scan for the latest threats.

  • Click Start ... or Update

    • 4. Approve the Express Scan

    Dr.Web CureIt! disinfects, deletes, and/or quarantines infected files. This is your last chance to cancel the scan and exit the program without affecting your files.

  • Click OK to start scanning (or Cancel to exit)
    •  

    5. Examine the Results

    If viruses, trojans, etc. are discovered the results screen (shown below) will list the affected files, the infection, and any action taken (or required). As shown in the results below, you may need to reboot your computer to completely remove some of the infections. You can close the program when you have finished examining the results.

    More Dr.Web Tools

    Dr.Web also offers free online utilities for scanning...
  • a file on your computer or a network drive, or
  • a web page (URL) on the Internet

    Trojan.DownLoader.based

    A Trojan Downloader is a class of trojan horse malware (bad software) programs that download even more malware (viruses, trojans, spyware, etc.) to your computer. This could happen as a background process without your knowledge or you may be prompted via popups to download and install the software.

    This document includes an example from a computer infected with a particular trojan downloader called Trojan.DownLoader.based (see aliases below). Telltale signs of infection include executable programs 20,992 bytes (21KB) in size with filenames composed of (usually 8) hexadecimal digits (characters 0-9 & a-f) such as the "4da70de6.exe" file mentioned in the scan results shown on this page.

    Aliases & Variants:  Adware/SystemDoctor | DNAScan | Downloader-AXI.gen (McAfee) | Downloader.Obfuskated (Grisoft) | R/Small.Crypted.Gen | TR/Small.ADK (H+BEDV) | TROJ_POLYDL.A (Trend Micro) | Trojan.DownLoader.based (Doctor Web) | Trojan-Downloader.Win32.Delf.ia (VirusList) | Trojan-Downloader.Win32.Obfuscated.n (Kaspersky Lab) | Trojan.Obfuscated.1.Gen (SOFTWIN) | Trojan.Small-261 (ClamAV) | Trojan.Zlob | W32/Downloader | W32/Downloader.gen4 (FRISK) | Win32:Downloader-gen (ALWIL) | Win32.ExplorerHijack | Win32/Beenut!generic | Win32/TrojanDownloader.Busky (Eset) |

    •  Back 

    		This page last updated November 28, 2007. We have made every reasonable attempt to insure that our web pages are educationally sound and do not contain links to materials that violate the Norman Public School District's Policies on Internet and Internet Safety for the Computer Network. Opinions expressed on these web pages do not necessarily reflect those of the Norman Public School District. For more information concerning this site please email webmaster@norman.k12.ok.us.