In this section

• Home
• Support
• Virus disinfection

• Global support information
• Contact support
• Knowledgebase
• Virus disinfection
• Downloads and updates
• Documentation
• Software lifecycle
• Send a sample

• Global Support Services
• Technical Support
• Professional Services
• Technical Training

Troj/Dloader variant disinfection instructions

Resolve is the name for a set of small, downloadable Sophos utilities designed to remove and undo the changes made by certain viruses, Trojans and worms. They terminate any virus processes and reset any registry keys that the virus changed. Existing infections can be cleaned up quickly and easily, both on individual workstations and over networks with large numbers of computers.

Windows 95/98/Me and Windows NT/2000/XP/2003

Troj/Dloader-ML can be removed from Windows 95/98/Me and Windows NT/2000/XP/2003 computers automatically with the following Resolve tools.

Note: When disinfecting variants not listed above, use the recovery instructions in the appropriate virus analysis.

Both versions of the Troj/Dloader tool must be run in Safe Mode (or MS-DOS mode). To go into Safe Mode, do as follows.

1. On Windows 2000
   • Go to Start|Shut Down.
   • Select Restart from the drop down list and click OK. Windows will restart.
   • Press F8 when you see the following text at the bottom of the screen "For troubleshooting and advanced startup options for Windows 2000, press F8".
   • In the Windows 2000 Advanced Options Menu select the top option "Safe Mode".
   • When requested, logon as local administrator.
2. On Windows XP and Windows 2003
   • Go to Start|Shut Down.
   • Select Restart from the drop down list and click OK. Windows will restart.
   • Press F8 repeatedly as the computer boots up to get to the Windows Advanced Options Menu.
   • In this menu select the top option "Safe Mode", then select Windows XP or Windows 2003.
   • When requested, logon as local administrator.
3. On Windows 95/98
   Restart the computer in MS-DOS mode. Note: starting a Command Prompt (a DOS window) is not enough.
   • Go to the Start menu and select Shut Down.
   • Choose the option 'Restart the computer in DOS mode'.
4. On Windows Me
   In Windows Me you must create a startup disk to boot from.
   • Go to Start|Settings|Control Panel.
   • Click 'Add/Remove Programs', select the 'Startup Disk' tab and click the 'Create Disk' button.
   • When you have created the startup disk, write-protect it and boot from it.

Windows disinfector

DLOADGUI is a disinfector for standalone Windows computers. You will only be able to use it on Windows 2000/XP/2003 computers

• open DLOADGUI
• run it
• then click GO.

If you are disinfecting several computers; download it, save it to floppy disk, write-protect the floppy disk and run it from there.

Command line disinfector

DLOADSFX.EXE is a self-extracting archive containing DLOADCLI, a Resolve command line disinfector for use by system administrators on Windows networks. You will have to use this tool on Windows 95/98/Me computers. Read the notes enclosed in the self-extractor for details on running this program.

Other platforms

To remove Troj/Dloader-ML on other platforms please follow the instructions for removing Trojans.