McAfee Support Community - how to remove raila odinga virus with mcafee.

SamuelM · ‎03-08-2010

Hi,

One of my clients have experienced a virus called "Raila Odinga", the virus makes his computer windows to be mutliplying on the deskop when he tries to open any windows on his Windows XP platfrom. I tried running the Mcafee VSE 8.7i but it does not pick up or delete the virus. Please Help!!!

All my client's McAfee are managed by ePO 4.0.

SamSwift · ‎03-09-2010

Hi,

Which DAT and Engine versions are installed on the machine? Are you able to send us infected files to be checked by the research team?

Kind regards,

Sam

SamuelM · ‎03-09-2010

Hi Samantha,

The DAT file was 5913 and the Engine is 5400.1158, but I'm unable to send you the infected files because I have reformatted the computer because I did'nt know what to do because the virus could'nt be removed/deleted by McAfee or manually.

But you can help to know how to remove and prevent it incase it comes back to our network...

Thanks,

Sam

fnginamau · ‎04-09-2010

ola,

My name is Francisco, We in Movicel heve a Gold Support from Mcaffee, our problem is Raila Odinga.

there is more ditalhe abaut it:

Sevices created

nemesis.exe
nemesis.inf
server.inf

Regity Key created

Key: software\microsoft\windows\currentversion\run\couponsandoffers

Value: @

• Key: software\microsoft\windows\currentversion\run\htazpohvqs

Value: @

Source

USB flash drive

Other consequence of the virus infection.

it create word file in:

It duplicate all files in director, but putting then as .exe

Egg. Test.xls à Test.exe

Opening many time the image in attachment

Movicel Mcafee Produt.

EPO – 4.5.0

Viruscan – 8.7i

DAT – 5945

Engine – 5400.1151

OS

Server -2003

Client: XP, Vista, Win7

SamuelM · ‎04-11-2010

Hi Francisco,

I tried all the info I can get from the net and I came across the website where it helped quite a lot to remove the Raila Odingo from our systems. Here is what you need to do:

1. Delete all the files that is associated with the Raila Odinga virus from your Desktop

2. Go to "C: Wondows, System32" folder and locate all the word documents in that folder and delete them from "System32" folder and if the jpeg of Raila Odinga is in there delete it as well.

3. And lastly visit this side: www.securitystronghold.com to download some tool to make sure that Raila Odinga is no longer on your system.

Hope you will come right!!!

Chao.

SamuelM

fnginamau · ‎04-11-2010

Hi,

.

I tried this way but I cant use this becouse I have 600 Client computers,and more tham 30 Server.

SamuelM · ‎04-11-2010

Well I was fortunate enough that the virus did not affect all our systems, only affected one user that's why a was so lucky to get rid of it...

I guess in your case you need an intervene from the McAfee Support Team!

fnginamau · ‎04-14-2010

hi,

its ok now, mcafee added the definicions of raila oding in Monday Update and my network is clean for while.

kanks for you help.

how to remove raila odinga virus with mcafee.

Re: how to remove raila odinga virus with mcafee.

Re: how to remove raila odinga virus with mcafee.

Re: how to remove raila odinga virus with mcafee.

Re: how to remove raila odinga virus with mcafee.

Re: how to remove raila odinga virus with mcafee.

Re: how to remove raila odinga virus with mcafee.

Re: how to remove raila odinga virus with mcafee.