Re: Trojan.Dropper.Funweb.A

From: Bud Z (lzimmerman1_at_cfl.rr.com.invalid)
Date: 11/16/04


Date: Tue, 16 Nov 2004 00:02:56 -0500

Dave and Alex,

Thanks so much for the help, I would have never gotten it without your help.
I'm going to keep these notes in case this ever happens again.
What I don't understand is why the BitDefender support team couldn't have
given me these instructions.
Maybe BitDefender is not as good as they claim.
Thanks again, I surly appreciate it.
Can I ask you what virus program either of you would recommend?
I've tried f-prot, McCaffee, Norton, and a couple others but had problems
with them also.

Bud Z

Bud Z
"David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message
news:e732kC4yEHA.2196@TK2MSFTNGP14.phx.gbl...
> Dump the contents of the Trash bin !
>
> Dave
>
>
>
>
> "Bud Z" <lzimmerman1@cfl.rr.com.invalid> wrote in message
> news:uowpr73yEHA.3120@TK2MSFTNGP12.phx.gbl...
> | Alex,
> |
> | Thanks for the response. I deleted the cab file in the safe mode but
> then
> | when I ran a scan, it showed up in
> | C:\RECYCLER as:
> | S-1-5-21-1645522239-1060284298-1343024091-1003\Dc95.95.cab=>f3Setup1.exe
> | and I can't delete it in the safe mode like I did the other.
> | I don't know!!!!!!!!!
> |
> | Thanks anyway,
> |
> | Bud Z
> | "Alex.V.Prokhorov" <(nospam:)alexvp@ch(dot)moldpac.md> wrote in message
> | news:uHjLYn2yEHA.1412@tk2msftngp13.phx.gbl...
> | > Into the name of Electron, and Silicon, and Binary Numeration,
> greet
> | > you Bud Z! I wish to continue prayer, addressed by you at November, 15
> to
> | > somebody, on cause "Re: Trojan.Dropper.Funweb.A".
> | >
> | >
> | > BZ> I did as you suggested but when I run a virus scan it still
> detects
> | > the
> | > BZ> Trojan and deletes it.
> | > BZ> I hope you don't mind but I'm attaching the .log files from the
> scans.
> | > BZ> Maybe you can make something of them.
> | > BZ>
> | > BZ> "David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message
> | > BZ> news:u6UDjTpyEHA.804@TK2MSFTNGP12.phx.gbl...
> | > ??>> Bud Z:
> | > ??>>
> | > ??>> First dump the contents of the IE cache..
> | >
> | > Are you did it? After flushing the IE cache trojan still there?
> | >
> | > ??>> start --> settings --> control panel --> Internet options -->
> | > ??>> Choose; Delete files
> | >
> | > [Sorry, skipped]
> | >
> | > ??|>> I have BitDefender Pro virus software version 7.2.
> | > ??|>> When I run the virus scan I keep getting this infected file even
> | > ??|>> though the last time I ran it, it deleted it.
> | >
> | > It seems you are not attentively. Look in your BitDefender's log:
> | > "Update failed"! BitDefender are trying to remove trojan from
> cab-archive,
> | > but *can't delete it!*
> | >
> | > ??|>> Example:
> | > ??|>> "tempory internet files\content
> | > ??|>>
> Ie5\QLYTOD8X\SmileyCentralInitialSetup1.0.0.8[1].cab=>f3setup1.exe"
> | > ??|>> I run a search including system and operating files from windows
> | > ??|>> explorer to delete this file but can't locate this cab file.
> | >
> | > Almost everything necessary done. What I can suggest you... Either:
> | > 1) Look in "Control panel" -> "Add/Remove Program" for something
> like
> | > "SmileyCentral". Uninstall, if any is their;
> | > 2) Open Windows Explorer, paste in address bar "C:\Documents and
> | > Settings\Bud\Local Settings\Temporary Internet
> Files\Content.IE5\QLYTOD8X"
> | > and press "Enter". Look for cab-file like
> | > "SmileyCentralInitialSetup1.0.0.8[1].cab" and try to remove it
> manually.
> | > Be
> | > sure you can see every system, hidden and protected file;
> | > 3) Try to boot in safe mode or with other (certainly clean) media.
> Then
> | > try to find and destroy affected cab.
> | >
> | > --
> | > <EOF>!
> | > Alex.V.Prokhorov.
> | >
> | >
> |
> |
>
>