Re: trojan.virus 235003.exe problem
From: Bill Sanderson (Bill_Sanderson_at_msn.com.plugh.org)
Date: 10/30/03
- Next message: Pam: "Re: W32.Swen mutating?"
- Previous message: Wayne Watson (2): "Re: Virus Groups in Yahoo? The End of Newsgroups"
- In reply to: anonymous_at_discussions.microsoft.com: "trojan.virus 235003.exe problem"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 30 Oct 2003 00:55:40 -0500
Hmm.. I have, in fact, cleaned this one myself.
Here's what I did--if you need more detail or hand-holding, remove plugh.org
from my address for email.
You (or at least I) won't find a file by that name on the machine.
Given the clue that the file is in the TIF (Temporary Internet Files), I
proceeded to delete, using both Explorer and command-line commands, all the
files in the TIF, reasoning that I should eventually find the sucker.
In the end I found three files, in two different "buckets" of the TIF.
These couldn't be deleted using Explorer, but a command prompt DEL command
removed them.
It'd be lovely if YOU could document the names of the files that you find,
and their other details--size, dates, etc.
The salient features of these files were an apparent 0 length--so if you
sorted the TIF by file size, they ought to pop right up, I suppose.
It'd also be lovely if you could figure out a way to copy the baddies and
get them submitted to Norton for an opinion.
If you aren't familiar with the TIF, it lives in:
documents and settings\user name\local settings
Within it is Content.IE5, and within that are 4 randomly named "bucket"
folders. It isn't uncommon to find more than the 4 currently active
folders--and there's no risk to deleting everything you find here, except
some slowdown, particularly with a slow Internet connection, as the cache is
rebuilt.
So--I deleted either complete folders in the TIF, or groups of files, 'til I
got down to ones I couldn't do anything with. In my case that was three, in
two different folders.
One had a rather long name I wish I had noted down, and the other two were
named something like: naabc[1] and naabc[2].
You must have explorer set to show you both hidden and system files to see
this stuff in Explorer. You can navigate into the TIF at a command prompt
in safe mode, but you have to know the precise path--the directories are
hidden.
Doing a dir *.jpg /s usually will show you a slew of files, and thus tell
you the names of the directories involved as well.
So--restart in Safe mode (hold or depress F8 frequently as you boot), and
use Explorer or command-prompt commands to navigate to the TIF. Delete
everything you can. Then document what is left and see what you are able to
do with it. I know DEL works--what about copy?
<anonymous@discussions.microsoft.com> wrote in message
news:06ca01c39e97$e91b0be0$a301280a@phx.gbl...
> i have to deal to this trojan virus which is giving me a
> problem
> the virus is the compressed file 235003.exe within
> C:\WINDOWS\Temporary internet files\contents.IE5
> \771OUNC\Browser_Plugin[1].cab is affected with the
> download trojan.virus.
> i have tried all the Norton antivirus (as this is my
> security software) directions to delete this virus, but i
> can not get rid of it. every time you start up the
> computer, it automatically connects to the internet.
>
>
> cheers
>
- Next message: Pam: "Re: W32.Swen mutating?"
- Previous message: Wayne Watson (2): "Re: Virus Groups in Yahoo? The End of Newsgroups"
- In reply to: anonymous_at_discussions.microsoft.com: "trojan.virus 235003.exe problem"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
