Dismiss Notice
You are browsing this site as a guest. It takes 2 minutes to CREATE AN ACCOUNT and less than 1 minute to LOGIN

How to remove Raila Odinga virus

Discussion in 'Tech, Gadgets & Science Forum' started by Invisible, May 28, 2008.

  1. Invisible

    Invisible Admin Staff Member

    #1
    May 28, 2008
    Joined: Feb 11, 2006
    Messages: 9,095
    Likes Received: 140
    Trophy Points: 160
    [Odinga Raila pop up and Kibaki Tosha Tena Virus]

    How to solve Odinga Raila.gif and Kibaki Tosha Tena Virus?

    [SIZE=-1]You can't access your system folders and any kinds of sites with words such as "virus" or "security"? You can not install any antivirus? That may be Kibaki virus, also known as Kalonzo.

    [/SIZE]
    If your PC creates duplicates of folders and a popup picture "Odinga Raila" appears every hour and freezes your PC then you're in the right place. We have solution.

    [SIZE=+1][/SIZE]Problem description:

    What is Raila Odinga virus?

    It makes your pc running very slow, it uses 100% CPU time, Raila Odinga doesn't allow you to access system folders, control panel, hidden files or internet to find an antivirus. You aren't allowed to install any kinds of software and have problems with all removable drives inserted and it doesn't matter if you're in a safe mode or not!

    How to fix O Reila (Nemesis) manually? For advanced users only

    This problem can be solved manually by deleting all registry keys and files connected with this software, removing it from starup list and unregistering all corresponding DLLs. Additionally missing DLL's should be restored from distribution in case they are corrupted by Raila.gif. To fix this threat, you should:

    1. Kill the following processes and delete the appropriate files:
    • nemesis.exe
    • nemesis.inf
    • server.inf

    Warning: you should delete only those files which checksums are listed as malicious. There may be valid files with the same names in your system. We recommend you to use True Sword for safe problem solution. If you can't find these files in your system, they are actively masking themselves! In suhc case you need special software to unver and kill them.

    2. Delete the following malicious registry entries and\or values:

    • Key: software\microsoft\windows\currentversion\run\couponsandoffers

    Value: @

    • Key: software\microsoft\windows\currentversion\run\htazpohvqs

    Value: @

    Warning: If value is listed for some registry entries, you should only clear these values and leave keys with such values untouched. We recommend you to use True Sword for safe problem solution.
     
  2. Shy

    Shy JF-Expert Member

    #2
    May 28, 2008
    Joined: Nov 2, 2006
    Messages: 4,238
    Likes Received: 17
    Trophy Points: 0
    Habari Kwanza Sio Kweli Kwamba Komputer Yako Inapokuwa Na Odinga Unashidwa Kuandika Tovuti Kama Ni Hivyo Pc Yako Itakuwa Ina Madhara Mengine Tofauti

    Hiyo Software Iliyoandikwa Hapo Ina Utata Mkubwa Mimi Siamini Hata Kidogo

    Njia Rahisi Ya Kuondoa Ondika Ni Kutumia Programu Ya Dup Killer Hiyo Ita Tafuta File Zote Za Odinga Za Kuzifuta Manually

    Au Unaweza Kutumia Windows Search Ukifanya Search Ukipata Odinga Delele Kisha Bonyeza Control Alt Delete , Utaona Odinga Katika Process , Pale Click End Task Inabidi Uende Haraka Sana
     
  3. Invisible

    Invisible Admin Staff Member

    #3
    May 29, 2008
    Joined: Feb 11, 2006
    Messages: 9,095
    Likes Received: 140
    Trophy Points: 160
    Well Shy,

    I might be mistaken but I do believe if someone follows my instructions can get rid of it.

    Technical details

    This Trojan has a malicious payload. It is a Windows PE EXE file. The Trojan components may vary in size from 17KB to 286KB.

    Installation

    Once launched, the Trojan extracts a file with the following name from its body to the current user's desktop:

    Raila Odinga.gif

    and launches it. The user will see the following image:

    [​IMG]

    The Trojan also copies its executable file to the following directory:
    %System%\drivers\RailaOdinga.exe

    It also extracts the following file from its body:
    %Temp%\nswC.tmp\System.dll

    In order to ensure that the Trojan is launched automatically each time the system is booted, the Trojan adds a link to its executable file in the system registry:

    [HKCU\Software\Microsoft\Windows\CurrentVersion\Run] @ = "%System%\drivers\RailaOdinga"

    The Trojan also creates the following shortcut:
    %Documents and Settings%\Start Menu \Programs\Autorun\RailaOdinga.lnk

    When this shortcut is run, the Trojan executable file will be launched.


    Payload

    The Trojan copies its executable file to all removable media under the following name:

    :\smss.exe

    It also copies the extracted image:

    :\Raila Odinga.gif

    stands for the letter of the removable disk.

    The Trojan creates an autorun.inf file in the root of the removable disk. This file will automatically launch the Trojan executable file when the user attempts to open the infected disk using Explorer.

    The Trojan also recursively copies its executable file to all folders on the removable disk. These copies use the names of files which are located in these folders together with an .exe extension.

    Removal instructions

    If your computer does not have an up-to-date antivirus, or does not have an antivirus solution at all, follow the instructions below to delete the malicious program:

    * Use Task Manager to terminate the Trojan process.
    * Delete the original Trojan file (the location will depend on how the program originally penetrated the victim machine).
    * Delete the following system registry key parameter:

    [HKCU\Software\Microsoft\Windows\CurrentVersion\Run] @ = "%System%\drivers\RailaOdinga"

    * Delete the following files:

    %Temp%\nswC.tmp\System.dll %System%\drivers\RailaOdinga.exe %Documents and Settings%\ Start Menu \Programs\Autorun\RailaOdinga.lnk

    * Delete the following file from the desktop:

    Raila Odinga.gif

    * Delete all copies of the Trojan from removable disks.
    * Delete the autorun.inf file from the root directory of all removable disks.
     
  4. Invisible

    Invisible Admin Staff Member

    #4
    May 29, 2008
    Joined: Feb 11, 2006
    Messages: 9,095
    Likes Received: 140
    Trophy Points: 160
    And as per McAfee:
     
  5. Kinyau

    Kinyau JF-Expert Member

    #5
    May 29, 2008
    Joined: Nov 24, 2006
    Messages: 776
    Likes Received: 67
    Trophy Points: 45
    invisible I followed the steps from your first post while attending a neighbours computer, it worked perfectly. Thanks.
     
  6. Invisible

    Invisible Admin Staff Member

    #6
    May 30, 2008
    Joined: Feb 11, 2006
    Messages: 9,095
    Likes Received: 140
    Trophy Points: 160
    Thanks for your input on this.

    Once two other comments will come with same outcome we'll close the topic and keep it as RESOLVED.
     
  7. Idimi

    Idimi JF-Expert Member

    #7
    May 30, 2008
    Joined: Mar 18, 2007
    Messages: 8,618
    Likes Received: 816
    Trophy Points: 280
    I had that kind of virus (Raila Odinga) in my PC.
    I cleaned it using Avira Antivirus and I no longer have such a nuisance.
    May be other antivirus remove, but I have not tried them.


    Regards

    Idimi
     
  8. Richard

    Richard JF-Expert Member

    #8
    May 31, 2008
    Joined: Oct 23, 2006
    Messages: 6,862
    Likes Received: 2,378
    Trophy Points: 280
    Mkuu Invisible,

    Umenielimisha kitu kimoja muhimu sana.

    Nafikiri kumekuja mtindo wa hackers kujaribu kutumia websites ambazo zimezubaa katika masuala yote muhimu ya security.

    Ni vulnerability hii ndio inasababisha websites hizi zitumiwe kuweka Trojans na harmful executable worms na kuharibu computer za watu.

    Sasa naona ni vizuri kwamba tunaelimishana.

    Weekend njema.
     
  9. Invisible

    Invisible Admin Staff Member

    #9
    Jun 3, 2008
    Joined: Feb 11, 2006
    Messages: 9,095
    Likes Received: 140
    Trophy Points: 160
    Thanks m8!
     
  10. Idimi

    Idimi JF-Expert Member

    #10
    Jun 4, 2008
    Joined: Mar 18, 2007
    Messages: 8,618
    Likes Received: 816
    Trophy Points: 280
    I see no more questions pertaining to Raila Odinga virus, hope the remedies that we suggested here have solved the problem.

    Long live JF
     
  11. Invisible

    Invisible Admin Staff Member

    #11
    Apr 8, 2009
    Joined: Feb 11, 2006
    Messages: 9,095
    Likes Received: 140
    Trophy Points: 160
    I can see someone from Kaspersky recommended this article. It's nice to share experiences thru forums.
     
  12. SnEafer

    SnEafer Senior Member

    #12
    Apr 8, 2009
    Joined: Apr 1, 2009
    Messages: 154
    Likes Received: 0
    Trophy Points: 0
    Who wouldn't?

    REMEMBER :-
    after those steps and everythin scan your registries and give a quick scan with trojan remover ***just to make sure you ar clean****
    and use spybot ***If you need help fixingup your registries***
     
  13. MziziMkavu

    MziziMkavu JF-Expert Member

    #13
    Apr 10, 2009
    Joined: Feb 3, 2009
    Messages: 38,560
    Likes Received: 2,845
    Trophy Points: 280
    How to solve Odinga Raila.gif and Kibaki Tosha Tena Virus? First Turn off System Restore Steps to turn off System Restore 1. Click Start, right-click My Computer, and then click Properties. 2. In the System Properties dialog box, click the System Restore tab. 3. Click to select the Turn off System Restore check box. Or, click toselect the Turn off System Restore on all drives check box. 4. Click OK. 5. When you receive the following message, click Yes to confirm that youwant to turn off System Restore.Then After Restart you Computer Safe Mode With Networking how to Restart?1. Log out and reboot your machine.2. When the machine starts the reboot sequence, press the F8 key
    repeatedly.3. Select Safe Mode with Networking from the resulting menu.4. When the log in screen comes up, log in as Administrator. By default,Administrator has no password.5. The machine will continue booting, but the Windows desktop will lookdifferent. In The Safe Mode With Networking Then Download and Scan By Using Norman Malware To Un-locker Odinga Raila.gif and Kibaki Tosha Tena Virus Press here MajorGeeks.com - Download Freeware and Shareware Computer Utilities.. To Remove Odinga Raila.gif and Kibaki Tosha Tena Virus in you Computer Download and Scan By Using Both Super Anti-Spyware Press here SUPERAntiSpyware.com - AntiAdware, AntiSpyware, AntiMalware! Malwarebytes' Anti-Malware Press here Thank you for downloading Malwarebytes Anti-Malware from Download.com
    7. After Remove Odinga Raila.gif and Kibaki Tosha Tena Virus in you Computer Turn On system Restore Steps to turn onSystem Restore 1. Click Start, right-click My Computer, and then click Properties.
    2. In the System Properties dialog box, click the System Restore tab. 3. Click to clear the Turn off System Restore check box on all drives checkbox. 4. Click OK. After a few moments, the System Properties dialog box closes ThenRestart you Computer.
     
  14. LIKE Niku ADD

    LIKE Niku ADD JF-Expert Member

    #14
    Jun 1, 2015
    Joined: Jul 21, 2014
    Messages: 2,517
    Likes Received: 758
    Trophy Points: 280
    noma sana....
     
  15. snipa

    snipa JF-Expert Member

    #15
    Jun 1, 2015
    Joined: Dec 10, 2013
    Messages: 4,104
    Likes Received: 93
    Trophy Points: 145
    Only bumping or to increase # of post !
    mind the post date bob !
     
  16. LIKE Niku ADD

    LIKE Niku ADD JF-Expert Member

    #16
    Jun 1, 2015
    Joined: Jul 21, 2014
    Messages: 2,517
    Likes Received: 758
    Trophy Points: 280
    Nafaham tarehe ya mtoa post.. but sikuwahi kufahamu hivyo virusi
     
Loading...