Re: Trojan.Dropper.Funweb.A

From: David H. Lipman (DLipman~nospam~_at_Verizon.Net)
Date: 11/16/04


Date: Tue, 16 Nov 2004 06:46:52 -0500

McAfee !

Dave

"Bud Z" <lzimmerman1@cfl.rr.com.invalid> wrote in message
news:ux%23bBm5yEHA.3236@TK2MSFTNGP15.phx.gbl...
| Dave and Alex,
|
| Thanks so much for the help, I would have never gotten it without your help.
| I'm going to keep these notes in case this ever happens again.
| What I don't understand is why the BitDefender support team couldn't have
| given me these instructions.
| Maybe BitDefender is not as good as they claim.
| Thanks again, I surly appreciate it.
| Can I ask you what virus program either of you would recommend?
| I've tried f-prot, McCaffee, Norton, and a couple others but had problems
| with them also.
|
| Bud Z
|
| Bud Z
| "David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message
| news:e732kC4yEHA.2196@TK2MSFTNGP14.phx.gbl...
| > Dump the contents of the Trash bin !
| >
| > Dave
| >
| >
| >
| >
| > "Bud Z" <lzimmerman1@cfl.rr.com.invalid> wrote in message
| > news:uowpr73yEHA.3120@TK2MSFTNGP12.phx.gbl...
| > | Alex,
| > |
| > | Thanks for the response. I deleted the cab file in the safe mode but
| > then
| > | when I ran a scan, it showed up in
| > | C:\RECYCLER as:
| > | S-1-5-21-1645522239-1060284298-1343024091-1003\Dc95.95.cab=>f3Setup1.exe
| > | and I can't delete it in the safe mode like I did the other.
| > | I don't know!!!!!!!!!
| > |
| > | Thanks anyway,
| > |
| > | Bud Z
| > | "Alex.V.Prokhorov" <(nospam:)alexvp@ch(dot)moldpac.md> wrote in message
| > | news:uHjLYn2yEHA.1412@tk2msftngp13.phx.gbl...
| > | > Into the name of Electron, and Silicon, and Binary Numeration,
| > greet
| > | > you Bud Z! I wish to continue prayer, addressed by you at November, 15
| > to
| > | > somebody, on cause "Re: Trojan.Dropper.Funweb.A".
| > | >
| > | >
| > | > BZ> I did as you suggested but when I run a virus scan it still
| > detects
| > | > the
| > | > BZ> Trojan and deletes it.
| > | > BZ> I hope you don't mind but I'm attaching the .log files from the
| > scans.
| > | > BZ> Maybe you can make something of them.
| > | > BZ>
| > | > BZ> "David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message
| > | > BZ> news:u6UDjTpyEHA.804@TK2MSFTNGP12.phx.gbl...
| > | > ??>> Bud Z:
| > | > ??>>
| > | > ??>> First dump the contents of the IE cache..
| > | >
| > | > Are you did it? After flushing the IE cache trojan still there?
| > | >
| > | > ??>> start --> settings --> control panel --> Internet options -->
| > | > ??>> Choose; Delete files
| > | >
| > | > [Sorry, skipped]
| > | >
| > | > ??|>> I have BitDefender Pro virus software version 7.2.
| > | > ??|>> When I run the virus scan I keep getting this infected file even
| > | > ??|>> though the last time I ran it, it deleted it.
| > | >
| > | > It seems you are not attentively. Look in your BitDefender's log:
| > | > "Update failed"! BitDefender are trying to remove trojan from
| > cab-archive,
| > | > but *can't delete it!*
| > | >
| > | > ??|>> Example:
| > | > ??|>> "tempory internet files\content
| > | > ??|>>
| > Ie5\QLYTOD8X\SmileyCentralInitialSetup1.0.0.8[1].cab=>f3setup1.exe"
| > | > ??|>> I run a search including system and operating files from windows
| > | > ??|>> explorer to delete this file but can't locate this cab file.
| > | >
| > | > Almost everything necessary done. What I can suggest you... Either:
| > | > 1) Look in "Control panel" -> "Add/Remove Program" for something
| > like
| > | > "SmileyCentral". Uninstall, if any is their;
| > | > 2) Open Windows Explorer, paste in address bar "C:\Documents and
| > | > Settings\Bud\Local Settings\Temporary Internet
| > Files\Content.IE5\QLYTOD8X"
| > | > and press "Enter". Look for cab-file like
| > | > "SmileyCentralInitialSetup1.0.0.8[1].cab" and try to remove it
| > manually.
| > | > Be
| > | > sure you can see every system, hidden and protected file;
| > | > 3) Try to boot in safe mode or with other (certainly clean) media.
| > Then
| > | > try to find and destroy affected cab.
| > | >
| > | > --
| > | > <EOF>!
| > | > Alex.V.Prokhorov.
| > | >
| > | >
| > |
| > |
| >
| >
|
|



Relevant Pages

  • Re: Trojan.Dropper.Funweb.A
    ... Dave and Alex, ... Bud Z ... > | and I can't delete it in the safe mode like I did the other. ...
    (microsoft.public.security.virus)
  • Re: Is this Smitfraud?
    ... Thanks Dave. ... I thought that might be the solution but the email sending made ... > It is suggested that you execute each tool in Normal Mode then in Safe Mode. ... > you are are strongly urged to remove any/all versions that are prior to JRE ...
    (microsoft.public.windowsxp.security_admin)
  • Re: a new virus??
    ... The reason that Safe Mode is suggested is that it loads a limited version of the Operating ... | i did what dave suggested me to do. ... |>> i already did what cris told me to do. ...
    (microsoft.public.security.virus)
  • Re: Virus that causes a lot of traffic ?
    ... Thank you very much for the offer to email you, Dave. ... They decided for now not to use this 1 machine that has the most viruses (. ... my plan was to follow your suggestion to boot in safe mode and run ... > | Restore and re-apply any ...
    (microsoft.public.win2000.general)
  • Re: took lightning hit - server 2003 bootup errors
    ... driver irql errors like that can be from damaged memory, device controllers, etc. if you got into safe mode copy off whatever you can get to backup media and hope that its intact, then restore to a new box... ... I was able to get it into Safe Mode, ... I had help installing the operating system and till now it's worked perfectly. ... I agree with Dave, though. ...
    (microsoft.public.windows.server.setup)