Re: Infected!

From: Avril H (AvrilH_at_discussions.microsoft.com)
Date: 11/29/04


Date: Mon, 29 Nov 2004 08:51:01 -0800

Enormous thanks to you all, Dave, brOwnbear and slartyb, you guys were
fantastic!! I seem to be ok now and up and running again, just keeping a very
careful eye on downloads and mail!
Still got the dddf files but will bug MS about that.
Many thanks, Avril

"Br0wnbear" wrote:

> On Mon, 29 Nov 2004 00:17:02 -0800, "Avril H"
> <AvrilH@discussions.microsoft.com> wrote:
>
> >slartyb, thanks did that and it just shows general, one as an application
> >file and one as a shortcut to MS-dos, no version or compatibility listed, AVG
> >is still blocking my outgoing mail so there is def something still on the PC
> >even though there are no viruses showing
> >Avril
> >
> >"slartyb" wrote:
> >
> >> have you tried this? see below.
> >>
> >> using windows explorer, find the dddf.exe file, right click on it,
> >> click on properties,look at the "general" "version" and
> >> compatability" tabs. IF they are listed.
> >>
> >> look on the version tab for the manufacturer of the file, IF the info
> >> is there it may give you a clue as to the program or program maker.
> >>
> >> maybe this will help track down more info, cheers
> >> slartyb
> >>
> >>
> >>
> >>
> >>
> >>
> >> On Sun, 28 Nov 2004 21:05:04 -0800, "Avril H"
> >> <AvrilH@discussions.microsoft.com> wrote:
> >>
> >> >Dear Dave
> >> >Just did the dddf.PDF file with the following results:
> >> >Results of a file scan
> >> >This is the report of the scanning done over "dddf.PIF" file that VirusTotal
> >> >processed on 11/29/2004 at 05:53:14.
> >> >Antivirus Version Update Result
> >> >BitDefender 7.0 11.28.2004 -
> >> >ClamWin devel-20041018 11.28.2004 -
> >> >eTrust-Iris 7.1.194.0 11.28.2004 -
> >> >F-Prot 3.15b 11.29.2004 -
> >> >Kaspersky 4.0.2.24 11.29.2004 -
> >> >NOD32v2 1.935 11.26.2004 -
> >> >Norman 5.70.10 11.25.2004 -
> >> >Panda 7.02.00 11.28.2004 -
> >> >Sybari 7.5.1314 11.29.2004 -
> >> >Symantec 8.0 11.28.2004 -
> >> >
> >> >Don't seem to be having much luck, but my AVG anti-virus mail scanner
> >> >rejected the files when I tried to send them, message was, relay access
> >> >denied. Perhaps I should mail MS and ask them if they are files I should
> >> >have on my PC?
> >> >Many thanks again
> >> >Avril
> >> >
> >> >
> >> >"David H. Lipman" wrote:
> >> >
> >> >> I don't know. I couldn't find information on dddf.exe.
> >> >>
> >> >> Go to the following web site, Virus Total -- http://www.virustotal.com/flash/index_en.html
> >> >> Sumit the file "dddf.exe" to them and they will test the file against several AV vendor's
> >> >> scanners.
> >> >>
> >> >> Please post back the "EXACT" results.
> >> >>
> >> >> Dave
> >>
> >>
> Avril
>
> Here are some freebie products I use to track programs I am unsure of
> running on my machines that some of my users "attract".
> PRC View - www.prcview.com
> Process Explorer -
> http://www.sysinternals.com/ntw2k/freeware/procexp.shtml
> TCP View
> http://www.sysinternals.com/ntw2k/source/tcpview.shtml
>
> These might help you in discovering what is running.
> hth
> John Brown
> Bears are always happy, we get to hibern8 and
> now I am going back to sleep
>