Re: Various viruses

From: Br0wnbear (browbearat_at_canadadotcom)
Date: 02/24/04 

Date: Tue, 24 Feb 2004 10:11:06 -0500

On Tue, 24 Feb 2004 06:25:46 -0800, "Terry"
<anonymous@discussions.microsoft.com> wrote:

>I ran a scan on my other computer after someone notified
>that an email they sent was infected with a virus. The
>scan showed the following viruses on my computer. Does
>anyone have any idea how to get rid of them?
>
>C:\WINDOWS\av.exe is infected with
>Win32.HLLW.Thunder.19968
>C:\WINDOWS\b.exe is infected with Win32.HLLW.Thunder.48128
>C:\WINDOWS\winfavorites.exe is infected with
>Trojan.DownLoader.111
>C:\hp\bin\Terminator.exe is infected with
>Trojan.KillApp.30208
>C:\WINDOWS\system32\bleusuug.dll is infected with
>Trojan.Golid
>C:\Documents and Settings\Owner\Local
>Settings\Temp\Belt.exe is infected with Trojan.Stubby.113
>C:\Documents and Settings\Owner\Local
>Settings\Temp\msgCA.tmp10723692073169.exe is infected
>with Trojan.Talkso
>C:\Documents and Settings\Owner\Local Settings\Temporary
>Internet Files\Content.IE5\0LQJSHIJ\try[1].hta is
>infected with Trojan.MulDrop.586
>
>Any help is appreciated,
>Terry

Terry
What AV Product found these?
The vendor that detects these normally has a list of what is entailed
in a cleanup of these types of malware.
I recognize the belt.exe, and Trojan.Downloader, they could be spyware
and both Spybot and Adaware will remove them

Adaware - www.lavasoftusa.com
Spybot - www.safer-networking.org

Download, install and update. Don't run both at the same time.

The others may need to be cleaned up in safe mode.

I am going to assume you are using Windows XP. Press F8 at the start
up of your machine. Select Safe mode.
Run your AV Product ( you have one right and it is up to date?)
That should clean up the rest of the beasties if the spyware products
listed above don't get them all.
If you don't have an AV product
Grisofts AVG has a free version for personal use. www.grisoft.com
CA also has packaged there EZ-trust with Zonealarm for a 1 year free
trial.
http://www.ca.com/ezhomeuse/

hth
jbrown
"A Computer is almost human. Except
that it doesn't blame its mistakes on
another computer."

Relevant Pages

  • RE: is something running?
    ... viruses and trojans, ... Safe mode can be reached by tapping ... viruses - is spybot the same? ... > scan it using all these programs, antivirus first. ...
    (microsoft.public.windowsxp.general)
  • Re: spyware problems...
    ... Have you tried running spybot and macafee in safe mode? ... identifies the viruses, then freezes when i try to remove them. ...
    (microsoft.public.windowsxp.perform_maintain)
  • Re: Cannot remove adware
    ... Often, its best to run cleaning tools, such as AdAware, SpyBot and your AV software in Safe Mode. ... MS-MVP Windows Media Center\Windows Powered Smart Display ... >> Per user Group Policy Restrictions for XP Home and XP Pro ...
    (microsoft.public.windowsxp.security_admin)
  • Re: Wes Vogel: Need help with VBouncer removal
    ... > Spybot ran clean with no problems. ... A giant Thank You to you, Wes, for all your ... >> Try rebooting into Safe Mode. ... Where or how does Spybot S&D show that you have VBouncer. ...
    (microsoft.public.windowsxp.security_admin)
  • Summary (was Re: Ok, so Im a lazy moron - Explorer crashes at startup)
    ... ALWAYS with a/v, Spybot and AAW. ... Up to date CWShredder finds nothing (even in Safe Mode). ... Data source object exploit (Registry change, ... a LOT of stuff loading but all the extra stuff appears to me tablet PC ...
    (microsoft.public.windowsxp.general)
Loading