Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Internat.exe


  • Please log in to reply
16 replies to this topic

#1 aop1595

aop1595

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NC
  • Local time:06:45 PM

Posted 01 November 2007 - 06:39 PM

Ok guys and gals, here is a chance to show your stuff. Problem is as follows:

My computer running Windows ME has recently started to just lock for maybe 20-30 seconds when on the internet and then it is ok for a while until it does the same thing again.

I ran a scan using XoftSpySE. It reports a severe risk trojan with a file in the Windows\system folder called INTERNAT.EXE. Now I can usually delete any spyware, malware, etc. without to much trouble, but not this one. When this one is deleted, it reappears after about 4 seconds.

And yes, I know there is an article on this website about deleting this trojan. And yes, I know there is a valid Microsoft file called the same thing -- This is not a valid file.

Problem is it seems all the normal tools used to kill these things are blocked. Here is a list --

When I go to Safe Mode, the mouse no longer works.
When I try to open control panel, it will not open.
When I check the registry to find the offending files, none are found. So, I check for hidden files.
When I try to show the hidden files ( thinking the trojan files are hidden), there is a gray rectangle over the selection of hidden/not hidden files .... and I am unable to see the hidden files.
When I run the Autoruns program to show what is started and running, nothing unusual shows up -- I think the malware file(s) may be hidden.

I ran the SpyBot - Search and Destroy -- but it does not even recognize the trojan.

Anyone got any idea of how to get rid of this thing ?? or even how to get the mouse to work in safe mode ?? I think if I can get into the safe mode and stop this thing from starting ... then I can handle the rest.

I'll be gone Friday and return on Friday night.

Thanks !! :thumbsup: :flowers:

BC AdBot (Login to Remove)

 


#2 oldf@rt

oldf@rt

  • Members
  • 2,609 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Avondale, Arizona USA
  • Local time:04:45 PM

Posted 01 November 2007 - 08:10 PM

There are a couple of things for you to do, the first would be to run a BitDefender Online Scan
  • Click I Agree to agree to the EULA.
  • Allow the ActiveX control to install when prompted.
  • Click Click here to scan to begin the scan.
  • Please refrain from using the computer until the scan is finished. This might take a while to run, but it is important that nothing else is running while you scan.
  • When the scan is finished, click on Click here to export the scan results.
  • Save the report to your desktop so you can post it in your next reply.
Before we start fixing anything you should print out these instructions or copy them to a NotePad file so they will be accessible. Some steps will require you to disconnect from the Internet or use Safe Mode and you will not have access to this page.

Please download DrWeb-CureIt & save it to your desktop. DO NOT perform a scan yet.

Reboot your computer in "SAFE MODE" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Scan with DrWeb-CureIt as follows:
  • Double-click on drweb-cureit.exe to start the program. An "Express Scan of your PC" notice will appear.
  • Under "Start the Express Scan Now", Click "OK" to start. This is a short scan that will scan the files currently running in memory and when something is found, click the Yes button when it asks you if you want to cure it.
  • Once the short scan has finished, Click Options > Change settings
  • Choose the "Scan tab" and UNcheck "Heuristic analysis"
  • Back at the main window, click "Select drives" (a red dot will show which drives have been chosen)
  • Then click the "Start/Stop Scanning" button (green arrow on the right) and the scan will start.
  • When done, a message will be displayed at the bottom advising if any viruses were found.
  • Click "Yes to all" if it asks if you want to cure/move the file.
  • When the scan has finished, look if you can see the icon next to the files found. If so, click it, then click the next icon right below and select "Move incurable".
    (This will move it to the C:\Documents and Settings\userprofile\DoctorWeb\Quarantine folder if it can't be cured)
  • Next, in the Dr.Web CureIt menu on top, click file and choose save report list.
  • Save the DrWeb.csv report to your desktop.
  • Exit Dr.Web Cureit when done.
  • Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web in your next reply. (You can use Notepad to open the DrWeb.cvs report)
Once you have done this, please let us know as then we can provide further instructions if these fixes do not work.
The name says it all -- 59 and holding permanently

**WARNING** Links I provide might cause brain damage

#3 aop1595

aop1595
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NC
  • Local time:06:45 PM

Posted 01 November 2007 - 08:33 PM

Gee - That was fast OF - Thanks.

First, I have discovered the C:\windows\rundll32.exe file is gone completely. I did not remove this file and seems this is why the Control Panel options will not run -- (Like Add/Remove programs). I can now open Control Panel from the Start menu, but that's all.

Second, I see part of your solution is to go to the Safe Mood. When I go to Safe Mode, my mouse cursor freezes and I am unable to use it. So I assume maybe this BitDefender will enable my mouse to work ? If it does not, I don't see how going to Safe Mode will do any good.

Be back tomorrow night. Thanks

#4 oldf@rt

oldf@rt

  • Members
  • 2,609 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Avondale, Arizona USA
  • Local time:04:45 PM

Posted 01 November 2007 - 08:37 PM

That is what I am hoping!! also, you can try a usb mouse, plug it in in regular mode, remove the ps2 mouse, and then restart your machine. I have had this work sometimes when a ps2 mouse will not work in safe mode.
The name says it all -- 59 and holding permanently

**WARNING** Links I provide might cause brain damage

#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 52,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:06:45 PM

Posted 01 November 2007 - 09:30 PM

You can download a replacement rundll32.exe from here.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#6 aop1595

aop1595
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NC
  • Local time:06:45 PM

Posted 06 November 2007 - 10:46 AM

Quietman - Thank you. I did download and install the rundll32.exe file and it has fixed a couple of problems.

OF - I did run the BitDefender and saved the file. I will have to try to get a USB mouse as my PS2 mouse still freezes up when I go to safe mood.

Sorry for not getting back to you guys sooner - had to have a minor surgery ... still sore but getting better and somewhat functional. I am slow but should be able to handle this.

Thanks again !

#7 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 52,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:06:45 PM

Posted 06 November 2007 - 11:00 AM

Your welcome and I wish you a speedy recovery.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#8 aop1595

aop1595
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NC
  • Local time:06:45 PM

Posted 06 November 2007 - 02:17 PM

Quietman & OF --

LOL -- This is something else.

Quietman -- Downloaded the rundll32.exe file suggested and XoftspySE says it is a virus (see below). With it installed I can open the Control Panel and subsequent items in the Control Panel. I went back and deleted it just in case. I know it should not be a virus as downloaded.

OF -- I tried to switch my mouse to a different USB port to get it to work when I opened in safe mode. Tried 3 different USD ports and no luck. Seems this is the major sticking point right now.

Here is what my XoftSpySE scan reports ---

1 ) Drower D Trojan as a file @ c:\windows\system\internat.exe
2 ) Virus.Win32.Delf.ak as a file @ c:\windows\rundll32.exe

I seem to be able to get rid of item 2 (rundll32.exe) by simply deleting.
Item 1 will delete but automatically reappear after 3-4 seconds with no keys touched.

Any suggestions as to how to get the mouse to work in Safe Mode ??

Thanks !

#9 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 52,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:06:45 PM

Posted 06 November 2007 - 03:20 PM

If you downloaded rundll32.exe from the link I provided, it is not a virus. Rundll32.exe is a legit Windows file that loads .dll files which too can be legit or malware related.

XoftSpy is a program that was previously listed as a rogue product on the Rogue/Suspect Anti-Spyware Products List because of concerns with False positives, questionable license terms, and the use of aggressive, deceptive advertising, including exploitation of the name "Spybot". It has since been delisted but in my opinion it is not a very effective program compared to others with a proven track those mentioned in BC's List of Virus & Malware Resources or one of the other Trustworthy Anti-Spyware Products.

Anytime you come across a suspicious file which you cannot find any information, the file has a legitimate name but is not located where it is supposed to be, or you want a second opinion, submit it to jotti's virusscan or virustotal.com. In the "File to upload & scan" box, browse to the location of the suspicious file and submit (upload) it for scanning/analysis.

Have you confirmed that the mouse works on another machine? It is possible the mouse could be defective. Have you checked for low batteries which can result in weak or mixed signals that can affect the functionality of your mouse? Have you tried using a PS2 adapter on your USB mouse? Safe mode is a troubleshooting mode designed to start Windows with minimal drivers and running processes to diagnose problems with your computer. This means some of the programs that normally run when Windows starts will not run. This sometimes can include the drivers for your USB mouse.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#10 aop1595

aop1595
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NC
  • Local time:06:45 PM

Posted 06 November 2007 - 04:34 PM

Quietman7 -- Thanks for the info on XoftSpySE ... I was not aware of any problems with this software ... especially with it being rogue. I admit the listing of my downloaded file rundll32.exe could be a false positive. The XoftSpySE has been working well for me ... or at least I thought it was.

The mouse does work ... just not in the safe mode. It has no batteries ... powered from the USB port. I do not think the mouse is defective.

I have not tried a PS2 adapter on my USB mouse. I will see if can find another mouse and/or adapter and try them.

I have been looking for info on the Drowor Trojans .... seems there is an A,B,C,D, and E version. However can not find a lot on any of them.

#11 oldf@rt

oldf@rt

  • Members
  • 2,609 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Avondale, Arizona USA
  • Local time:04:45 PM

Posted 06 November 2007 - 08:44 PM

Try to run the scans in regular mode if you still cannot get the mouse to work in safe mode.
The name says it all -- 59 and holding permanently

**WARNING** Links I provide might cause brain damage

#12 aop1595

aop1595
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NC
  • Local time:06:45 PM

Posted 06 November 2007 - 09:24 PM

Tried a PS/2 mouse. I have not been able to get it to work in normal mode. Re-installed the USB mouse. I will run the scans in regular mode.

#13 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 52,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:06:45 PM

Posted 06 November 2007 - 09:49 PM

Don't forget to submit those files to jotti's virusscan or virustotal.com and post back with the results.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#14 aop1595

aop1595
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NC
  • Local time:06:45 PM

Posted 06 November 2007 - 10:25 PM

Completed the BitDefender and Dr.Web scans. I did the Dr.Web in normal mode versus Safe Mode. The Dr. Web scan showed no viruses found in either the Express scan or the next scan. Here is the BitDefender scan file.


BitDefender Online Scanner


Scan report generated at: Thu, Nov 01, 2007 - 22:18:52


Scan path: A:\;C:\;D:\;E:\;F:\;G:\;H:\;I:\;


Statistics

Time
00:26:20

Files
90011

Folders
1760

Boot Sectors
2

Archives
7920

Packed Files
1485




Results

Identified Viruses
17

Infected Files
26

Suspect Files
0

Warnings
0

Disinfected
0

Deleted Files
42




Engines Info

Virus Definitions
839269

Engine build
AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)

Scan plugins
14

Archive plugins
38

Unpack plugins
6

E-mail plugins
6

System plugins
1




Scan Settings

First Action
Disinfect

Second Action
Delete

Heuristics
Yes

Enable Warnings
Yes

Scanned Extensions
*;

Exclude Extensions


Scan Emails
Yes

Scan Archives
Yes

Scan Packed
Yes

Scan Files
Yes

Scan Boot
Yes




Scanned File
Status

C:\_RESTORE\ARCHIVE\FS88.CAB=>A0830710.CPY=>(Instyler o)=>(Instyler Module 2)=>(ZIP Sfx s)=>cd_htm.dll
Detected with: Adware.CyDoor

C:\_RESTORE\ARCHIVE\FS88.CAB=>A0830710.CPY=>(Instyler o)=>(Instyler Module 2)=>(ZIP Sfx s)=>cd_htm.dll
Disinfection failed

C:\_RESTORE\ARCHIVE\FS88.CAB=>A0830710.CPY=>(Instyler o)=>(Instyler Module 2)=>(ZIP Sfx s)=>cd_htm.dll
Deleted

C:\_RESTORE\ARCHIVE\FS88.CAB=>A0830710.CPY=>(Instyler o)=>(Instyler Module 2)=>(ZIP Sfx s)
Updated

C:\_RESTORE\ARCHIVE\FS88.CAB=>A0830710.CPY=>(Instyler o)=>(Instyler Module 2)
Update failed

C:\_RESTORE\ARCHIVE\FS88.CAB=>A0830710.CPY=>(Instyler o)=>(Instyler Module 13)
Infected with: Trojan.Downloader.3346.A

C:\_RESTORE\ARCHIVE\FS88.CAB=>A0830710.CPY=>(Instyler o)=>(Instyler Module 13)
Disinfection failed

C:\_RESTORE\ARCHIVE\FS88.CAB=>A0830710.CPY=>(Instyler o)=>(Instyler Module 13)
Deleted

C:\_RESTORE\ARCHIVE\FS88.CAB=>A0830710.CPY=>(Instyler o)
Update failed

C:\_RESTORE\ARCHIVE\FS88.CAB=>A0830711.CPY=>(CAB Sfx o)=>\Disk1\data2.cab=>(IShield Module 9)=>(ZIP Sfx s)=>cd_htm.dll
Detected with: Adware.CyDoor

C:\_RESTORE\ARCHIVE\FS88.CAB=>A0830711.CPY=>(CAB Sfx o)=>\Disk1\data2.cab=>(IShield Module 9)=>(ZIP Sfx s)=>cd_htm.dll
Disinfection failed

C:\_RESTORE\ARCHIVE\FS88.CAB=>A0830711.CPY=>(CAB Sfx o)=>\Disk1\data2.cab=>(IShield Module 9)=>(ZIP Sfx s)=>cd_htm.dll
Deleted

C:\_RESTORE\ARCHIVE\FS88.CAB=>A0830711.CPY=>(CAB Sfx o)=>\Disk1\data2.cab=>(IShield Module 9)=>(ZIP Sfx s)
Updated

C:\_RESTORE\ARCHIVE\FS88.CAB=>A0830711.CPY=>(CAB Sfx o)=>\Disk1\data2.cab=>(IShield Module 9)
Update failed

C:\_RESTORE\ARCHIVE\FS195.CAB=>A0840224.CPY
Infected with: DeepScan:Generic.Zlob.7.4DCD7CD4

C:\_RESTORE\ARCHIVE\FS195.CAB=>A0840224.CPY
Disinfection failed

C:\_RESTORE\ARCHIVE\FS195.CAB=>A0840224.CPY
Deleted

C:\_RESTORE\ARCHIVE\FS195.CAB
Update failed

C:\_RESTORE\ARCHIVE\FS195.CAB=>A0840235.CPY
Infected with: DeepScan:Generic.Zlob.7.0C9D5B7F

C:\_RESTORE\ARCHIVE\FS195.CAB=>A0840235.CPY
Disinfection failed

C:\_RESTORE\ARCHIVE\FS195.CAB=>A0840235.CPY
Deleted

C:\_RESTORE\ARCHIVE\FS195.CAB
Update failed

C:\_RESTORE\ARCHIVE\FS197.CAB=>A0840246.CPY
Infected with: Trojan.Downloader.Agent.BDV

C:\_RESTORE\ARCHIVE\FS197.CAB=>A0840246.CPY
Disinfection failed

C:\_RESTORE\ARCHIVE\FS197.CAB=>A0840246.CPY
Deleted

C:\_RESTORE\ARCHIVE\FS197.CAB
Update failed

C:\Program Files\Norton AntiVirus\Quarantine\7521557B.class=>(Quarantine-1)
Infected with: Java.Trojan.Exploit.Bytverify

C:\Program Files\Norton AntiVirus\Quarantine\7521557B.class=>(Quarantine-1)
Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\7521557B.class=>(Quarantine-1)
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\75355165.class=>(Quarantine-1)
Infected with: Java.Trojan.Exploit.Bytverify

C:\Program Files\Norton AntiVirus\Quarantine\75355165.class=>(Quarantine-1)
Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\75355165.class=>(Quarantine-1)
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\754B774C.class=>(Quarantine-1)
Infected with: Java.Trojan.Exploit.Bytverify

C:\Program Files\Norton AntiVirus\Quarantine\754B774C.class=>(Quarantine-1)
Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\754B774C.class=>(Quarantine-1)
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\2212250F.php
Infected with: Trojan.Downloader.Small.WV

C:\Program Files\Norton AntiVirus\Quarantine\2212250F.php
Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\2212250F.php
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\64A93861.htm=>(Quarantine-1)
Infected with: Generic.XPL.MhtRedir.7D5D08A1

C:\Program Files\Norton AntiVirus\Quarantine\64A93861.htm=>(Quarantine-1)
Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\64A93861.htm=>(Quarantine-1)
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\64AF0C5A.htm=>(Quarantine-1)
Infected with: Exploit.ObjData.B

C:\Program Files\Norton AntiVirus\Quarantine\64AF0C5A.htm=>(Quarantine-1)
Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\64AF0C5A.htm=>(Quarantine-1)
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\09A87423.htm=>(Quarantine-1)
Infected with: Generic.XPL.MhtRedir.68F0CB2F

C:\Program Files\Norton AntiVirus\Quarantine\09A87423.htm=>(Quarantine-1)
Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\09A87423.htm=>(Quarantine-1)
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\0DD92837.htm=>(Quarantine-1)
Infected with: Generic.XPL.MhtRedir.9F387563

C:\Program Files\Norton AntiVirus\Quarantine\0DD92837.htm=>(Quarantine-1)
Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\0DD92837.htm=>(Quarantine-1)
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\1AC875FB.htm=>(Quarantine-1)
Infected with: Generic.XPL.MhtRedir.9F387563

C:\Program Files\Norton AntiVirus\Quarantine\1AC875FB.htm=>(Quarantine-1)
Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\1AC875FB.htm=>(Quarantine-1)
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\1BC416E7.htm=>(Quarantine-1)
Infected with: Generic.XPL.MhtRedir.9F387563

C:\Program Files\Norton AntiVirus\Quarantine\1BC416E7.htm=>(Quarantine-1)
Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\1BC416E7.htm=>(Quarantine-1)
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\7B314449.htm=>(Quarantine-1)
Infected with: Generic.XPL.MhtRedir.9F387563

C:\Program Files\Norton AntiVirus\Quarantine\7B314449.htm=>(Quarantine-1)
Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\7B314449.htm=>(Quarantine-1)
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\33FE3AE5.htm=>(Quarantine-1)
Infected with: Generic.XPL.MhtRedir.298820B8

C:\Program Files\Norton AntiVirus\Quarantine\33FE3AE5.htm=>(Quarantine-1)
Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\33FE3AE5.htm=>(Quarantine-1)
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\6FEC45BA.htm=>(Quarantine-1)
Infected with: Generic.XPL.MhtRedir.0C3FF41F

C:\Program Files\Norton AntiVirus\Quarantine\6FEC45BA.htm=>(Quarantine-1)
Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\6FEC45BA.htm=>(Quarantine-1)
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\4CAC72C9.htm=>(Quarantine-1)
Infected with: Generic.XPL.MhtRedir.1ABAAAFC

C:\Program Files\Norton AntiVirus\Quarantine\4CAC72C9.htm=>(Quarantine-1)
Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\4CAC72C9.htm=>(Quarantine-1)
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\4D916DCE.class=>(Quarantine-1)
Infected with: Trojan.Java.Classloader.C

C:\Program Files\Norton AntiVirus\Quarantine\4D916DCE.class=>(Quarantine-1)
Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\4D916DCE.class=>(Quarantine-1)
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\4DC83791.class=>(Quarantine-1)
Infected with: Java.Trojan.Exploit.Bytverify

C:\Program Files\Norton AntiVirus\Quarantine\4DC83791.class=>(Quarantine-1)
Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\4DC83791.class=>(Quarantine-1)
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\5B3B0D0D.htm=>(Quarantine-1)
Infected with: Generic.XPL.MhtRedir.1ABAAAFC

C:\Program Files\Norton AntiVirus\Quarantine\5B3B0D0D.htm=>(Quarantine-1)
Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\5B3B0D0D.htm=>(Quarantine-1)
Deleted

C:\Download\BSINSTALL.exe=>wise0039=>(CAB Sfx 2r)
Infected with: Trojan.Whenu.G

C:\Download\BSINSTALL.exe=>wise0039=>(CAB Sfx 2r)
Disinfection failed

C:\Download\BSINSTALL.exe=>wise0039=>(CAB Sfx 2r)
Deleted

C:\Download\BSINSTALL.exe=>wise0039
Update failed

C:\Download\BSINSTALL.exe=>(Embedded EXE r)=>wise0039=>(CAB Sfx 2r)
Infected with: Trojan.Whenu.G

C:\Download\BSINSTALL.exe=>(Embedded EXE r)=>wise0039=>(CAB Sfx 2r)
Disinfection failed

C:\Download\BSINSTALL.exe=>(Embedded EXE r)=>wise0039=>(CAB Sfx 2r)
Deleted

C:\Download\BSINSTALL.exe=>(Embedded EXE r)=>wise0039
Update failed

C:\MPASS\FOLDERS\Extra\Movies\axosetup.224.exe
Infected with: Trojan.Zlob.EJ

C:\MPASS\FOLDERS\Extra\Movies\axosetup.224.exe
Disinfection failed

C:\MPASS\FOLDERS\Extra\Movies\axosetup.224.exe
Deleted


Thanks Guys !!

#15 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 52,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:06:45 PM

Posted 06 November 2007 - 11:18 PM

BD found and deleted quite a bit. How is your computer running now?
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users