Newbie .. What is Oktlr.exe (It wants to access the Internet)

Discussion in 'Anti-Virus' started by John P, Jan 21, 2005.

  1. John P

    John P Guest

    Zone Alarm is telling me that a program
    called Oktlr.exe is trying to access the Internet
    on my Win2K machine which is behind a DLink
    DFL-80 firewall.

    I've looked on the Microsoft site, Symantec Virus Info,
    Security Focus, Hotbot, Altavista, Google and Google
    Groups, finding no reference to this program ..

    The program itself is located in:

    C:\Program Files\Rgnt\Oktlr.exe

    And has registry entries:

    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\
    ExplorerBars\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1}\
    name 000 type REG_SZ data oktlr

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\
    Run\
    name Isdtxw type REG_SZ data C:\Program Files\Rgnt\Oktlr.exe

    HKEY_USERS\S-1-5-21-1844237615-2139871995-1801674531-1000\
    Software\Microsoft\Internet Explorer\ExplorerBars\
    {C5EE31F3-4768-11D2-BE5C-00A0C9A83DA1}\
    name 000 type REG_SZ data oktlr

    It concerns me that it's in my registry 'Run' folder.

    Is this a virus?
    Should I delete it?

    Any help appreciated,

    John.
     
    John P, Jan 21, 2005
    #1
    1. Advertisements

  2. Please submit the file Oktlr.exe to Virus Total --
    http://www.virustotal.com/flash/index_en.html
    The submission will then be tested against several different AV vendor's scanners.

    Another way to submit is to send the suspect file to the following email address
    scan<at>virustotal.com
    { replace <at> with @ } with only the word SCAN as the subject.

    Please post back the EXACT results.

    --
    Dave




    |
    |
    | Zone Alarm is telling me that a program
    | called Oktlr.exe is trying to access the Internet
    | on my Win2K machine which is behind a DLink
    | DFL-80 firewall.
    |
    | I've looked on the Microsoft site, Symantec Virus Info,
    | Security Focus, Hotbot, Altavista, Google and Google
    | Groups, finding no reference to this program ..
    |
    | The program itself is located in:
    |
    | C:\Program Files\Rgnt\Oktlr.exe
    |
    | And has registry entries:
    |
    | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\
    | ExplorerBars\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1}\
    | name 000 type REG_SZ data oktlr
    |
    | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\
    | Run\
    | name Isdtxw type REG_SZ data C:\Program Files\Rgnt\Oktlr.exe
    |
    | HKEY_USERS\S-1-5-21-1844237615-2139871995-1801674531-1000\
    | Software\Microsoft\Internet Explorer\ExplorerBars\
    | {C5EE31F3-4768-11D2-BE5C-00A0C9A83DA1}\
    | name 000 type REG_SZ data oktlr
    |
    | It concerns me that it's in my registry 'Run' folder.
    |
    | Is this a virus?
    | Should I delete it?
    |
    | Any help appreciated,
    |
    | John.
    |
    |
     
    David H. Lipman, Jan 21, 2005
    #2
    1. Advertisements

  3. John:

    Trend Sysclean should remove this Dowloader Trojan infection. However I laso suggest
    Lavasoft Adaware in case you also have some non-viral malware associated with it.

    1) Download the following three items...

    Trend Sysclean Package
    http://www.trendmicro.com/download/dcs.asp

    Latest Trend signature files.
    http://www.trendmicro.com/download/pattern.asp

    Adaware SE (free personal version v1.05)
    http://www.lavasoftusa.com/

    Create a directory.
    On drive "C:\"
    (e.g., "c:\New Folder")
    or the desktop
    (e.g., "C:\Documents and Settings\lipman\Desktop\New Folder")

    Download SYSCLEAN.COM and place it in that directory.
    Download the Trend Pattern File by obtaining the ZIP file.
    For example; lpt363.zip

    Extract the contents of the ZIP file and place the contents in the same directory as
    SYSCLEAN.COM.

    2) Update Adaware with the latest definitions.
    3) If you are using WinME or WinXP, disable System Restore
    http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm
    4) Reboot your PC into Safe Mode and shutdown as many applications as possible.
    5) Using both the Trend Sysclean utility and Adaware, perform a Full Scan of your
    platform and clean/delete any infectors/parasites found.
    (a few cycles may be needed)
    6) Restart your PC and perform a "final" Full Scan of your platform using both the
    Trend Sysclean utility and Adaware
    7) If you are using WinME or WinXP,Re-enable System Restore and re-apply any
    System Restore preferences, (e.g. HD space to use suggested 400 ~ 600MB),
    8) Reboot your PC.
    9) If you are using WinME or WinXP, create a new Restore point

    * * * Please report back your results * * *

    --
    Dave




    |
    | Antivirus Version Update Result
    | AntiVir 6.29.0.8 01.21.2005 TR/DelProx.A
    | AVG 718 01.21.2005 -
    | BitDefender 7.0 01.21.2005 Trojan.Small.CY
    | ClamAV devel-20041205 01.21.2005 -
    | DrWeb 4.32b 01.21.2005 Trojan.DownLoader.1389
    | eTrust-Iris 7.1.194.0 01.20.2005 -
    | eTrust-Vet 11.7.0.0 01.21.2005 -
    | F-Prot 3.16a 01.20.2005 security risk named W32/Downloader.AAW
    | Kaspersky 4.0.2.24 01.21.2005 Trojan.Win32.Small.cy
    | NOD32v2 1.977 01.20.2005 -
    | Norman 5.70.10 01.21.2005 -
    | Panda 8.02.00 01.21.2005 Spyware/Dyfuca
    | Sybari 7.5.1314 01.21.2005 Trojan.Win32.Small.cy
    | Symantec 8.0 01.21.2005 -
    |
    | Thanks again for the help,
    |
    | John
    |
    |
     
    David H. Lipman, Jan 21, 2005
    #3
  4. John P

    Ian Kenefick Guest

    Hey John,

    can you send the sample to :)

    Thanks!

    Regards,
    Ian Kenefick
    http://www.IK-CS.com
     
    Ian Kenefick, Jan 22, 2005
    #4
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.