Re: Trojan.Dropper.Funweb.A

From: David H. Lipman (DLipman~nospam~_at_Verizon.Net)
Date: 11/16/04


Date: Tue, 16 Nov 2004 06:46:52 -0500

McAfee !

Dave

"Bud Z" <lzimmerman1@cfl.rr.com.invalid> wrote in message
news:ux%23bBm5yEHA.3236@TK2MSFTNGP15.phx.gbl...
| Dave and Alex,
|
| Thanks so much for the help, I would have never gotten it without your help.
| I'm going to keep these notes in case this ever happens again.
| What I don't understand is why the BitDefender support team couldn't have
| given me these instructions.
| Maybe BitDefender is not as good as they claim.
| Thanks again, I surly appreciate it.
| Can I ask you what virus program either of you would recommend?
| I've tried f-prot, McCaffee, Norton, and a couple others but had problems
| with them also.
|
| Bud Z
|
| Bud Z
| "David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message
| news:e732kC4yEHA.2196@TK2MSFTNGP14.phx.gbl...
| > Dump the contents of the Trash bin !
| >
| > Dave
| >
| >
| >
| >
| > "Bud Z" <lzimmerman1@cfl.rr.com.invalid> wrote in message
| > news:uowpr73yEHA.3120@TK2MSFTNGP12.phx.gbl...
| > | Alex,
| > |
| > | Thanks for the response. I deleted the cab file in the safe mode but
| > then
| > | when I ran a scan, it showed up in
| > | C:\RECYCLER as:
| > | S-1-5-21-1645522239-1060284298-1343024091-1003\Dc95.95.cab=>f3Setup1.exe
| > | and I can't delete it in the safe mode like I did the other.
| > | I don't know!!!!!!!!!
| > |
| > | Thanks anyway,
| > |
| > | Bud Z
| > | "Alex.V.Prokhorov" <(nospam:)alexvp@ch(dot)moldpac.md> wrote in message
| > | news:uHjLYn2yEHA.1412@tk2msftngp13.phx.gbl...
| > | > Into the name of Electron, and Silicon, and Binary Numeration,
| > greet
| > | > you Bud Z! I wish to continue prayer, addressed by you at November, 15
| > to
| > | > somebody, on cause "Re: Trojan.Dropper.Funweb.A".
| > | >
| > | >
| > | > BZ> I did as you suggested but when I run a virus scan it still
| > detects
| > | > the
| > | > BZ> Trojan and deletes it.
| > | > BZ> I hope you don't mind but I'm attaching the .log files from the
| > scans.
| > | > BZ> Maybe you can make something of them.
| > | > BZ>
| > | > BZ> "David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message
| > | > BZ> news:u6UDjTpyEHA.804@TK2MSFTNGP12.phx.gbl...
| > | > ??>> Bud Z:
| > | > ??>>
| > | > ??>> First dump the contents of the IE cache..
| > | >
| > | > Are you did it? After flushing the IE cache trojan still there?
| > | >
| > | > ??>> start --> settings --> control panel --> Internet options -->
| > | > ??>> Choose; Delete files
| > | >
| > | > [Sorry, skipped]
| > | >
| > | > ??|>> I have BitDefender Pro virus software version 7.2.
| > | > ??|>> When I run the virus scan I keep getting this infected file even
| > | > ??|>> though the last time I ran it, it deleted it.
| > | >
| > | > It seems you are not attentively. Look in your BitDefender's log:
| > | > "Update failed"! BitDefender are trying to remove trojan from
| > cab-archive,
| > | > but *can't delete it!*
| > | >
| > | > ??|>> Example:
| > | > ??|>> "tempory internet files\content
| > | > ??|>>
| > Ie5\QLYTOD8X\SmileyCentralInitialSetup1.0.0.8[1].cab=>f3setup1.exe"
| > | > ??|>> I run a search including system and operating files from windows
| > | > ??|>> explorer to delete this file but can't locate this cab file.
| > | >
| > | > Almost everything necessary done. What I can suggest you... Either:
| > | > 1) Look in "Control panel" -> "Add/Remove Program" for something
| > like
| > | > "SmileyCentral". Uninstall, if any is their;
| > | > 2) Open Windows Explorer, paste in address bar "C:\Documents and
| > | > Settings\Bud\Local Settings\Temporary Internet
| > Files\Content.IE5\QLYTOD8X"
| > | > and press "Enter". Look for cab-file like
| > | > "SmileyCentralInitialSetup1.0.0.8[1].cab" and try to remove it
| > manually.
| > | > Be
| > | > sure you can see every system, hidden and protected file;
| > | > 3) Try to boot in safe mode or with other (certainly clean) media.
| > Then
| > | > try to find and destroy affected cab.
| > | >
| > | > --
| > | > <EOF>!
| > | > Alex.V.Prokhorov.
| > | >
| > | >
| > |
| > |
| >
| >
|
|