Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Ms Dos Virus And Trojan Too


  • Please log in to reply
9 replies to this topic

#1 dingdingding

dingdingding

  • Members
  • 115 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:01:01 PM

Posted 18 July 2008 - 06:59 PM

I was just getting ready to defrag my machine, when I ran my virus scans.

The scans came back clear, but just out of curiosity, I checked my AVG's virus vault and two things were still in there (un-healable). The two things were:


1) MS DOS Virus

object name: 71019174d01

HTML/Framer.Z (virus name)

size: 87.19KB

location: is in c:/Documents and Settings/Ed/Application Data/Mozilla/Profiles/default/u70v2ikl.slt/Cache

***I can find next to nothing about this online, much less a fix for users like me. I have found however, a fix for people with servers, though I have no idea what that means.



2) Trojan Virus

name: Trojan horse Downloader.Generic5.DAW

***The location is on my desktop and the file (I think) is actually called 'spf.exe', which I think is my Sygate Personal Firewall.



I am using Windows XP.


I don't think that these viruses are doing anything bad right now (especially if one of them is my trusty and wonderful firewall), but I've read on BC before that a person should never defrag their computer if they think that they might have a virus.

So.....better safe than sorry.


Any advice would be greatly appreciated. :thumbsup:

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,344 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:01 PM

Posted 18 July 2008 - 10:11 PM

As they are in the vault,they cannnot harm your PC from there. The PC has been fine since they've been there,then you can safely delete them from the vault.

You can also upload the files to VirusTotal - Free service to analyze new samples, uses multiple AV scanners. Have them check the files and post that here.

Also you can run this MBAM scan on your PC for another opinion.

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
  • Make sure you are connected to the Internet.
  • Double-click on Download_mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Quick Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Reagardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 dingdingding

dingdingding
  • Topic Starter

  • Members
  • 115 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:01:01 PM

Posted 18 July 2008 - 11:55 PM

Hi boopme! :thumbsup:

Unfortunately, due to the current loudness in my house right now (and therefore, my inability to fully concentrate), I deleted the files from my virus vault, before I read that part about having the files analyzed and post them here. I'm sorry about that.

I did however get the Malwarebytes program downloaded and ran. Here are the results:


Malwarebytes' Anti-Malware 1.21
Database version: 966
Windows 5.1.2600 Service Pack 2

11:42:39 PM 7/18/2008
mbam-log-7-18-2008 (23-42-39).txt

Scan type: Quick Scan
Objects scanned: 41897
Time elapsed: 8 minute(s), 18 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



Hopefully all of those zeros are good news. :flowers: Is it time for me to defrag yet?

And also, am I meant to keep the Malwarebytes program on my pc, because I have all of these on here too:


Spybot Search and Destroy
Stinger
Bit Defend
AVG Anti-spyware
AVG (the latest free version)
Spyware Blaster
CWShredder
CCleaner
Clean Up!
Ad-Aware (which doesn't work most of the time)
Sygate Personal Firewall

I think that I also have a few more programs that are just aimed at IE, which I don't use. Any advice on this would also be greatly appreciated.

Thank you tons boopme. :trumpet:

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,344 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:01 PM

Posted 19 July 2008 - 09:10 AM

Yep you're good to defrag.
Not a problem with those files as I mentioned they were already removed and your PC was safe.
Question is the Bitdefender an antivirus? If so that would make 2 on the PC.It and AVG. Two active AV's are not good,they will conflict.
I would dump the AdAware as you have MBam now. remember to always update prior to scans, MBam is updated very orten.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 dingdingding

dingdingding
  • Topic Starter

  • Members
  • 115 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:01:01 PM

Posted 19 July 2008 - 11:54 AM

I'm not entirely sure what Bitdefender is either, but it seemd to scan some very specific areas (I had a problem with a virus a year or two ago, and a BC member/helper told me to download Bitdefender during my analysis/cleaning process). I do know that I haven't used it since then, because I don't think that it's the type of program that a person needs to use regularly to scan/clean/protect their machine....but then again, I could be completely wrong about that. Stinger is the same way. I'm not sure if I'm supposed to be using that or not.

I am actually glad that you're saying to remove AdAware. I don't know why, but it just never seemed to work properly for me. It always seemed to have a problem with downloading updates, but that problem was probably on my end, not Adawares.

Thank again for your help boopme. I will defrag this afternoon. :thumbsup:

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,344 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:01 PM

Posted 19 July 2008 - 03:54 PM

To clarify abit,since someone here recommended it ,it was either this,BitDefender Free Edition...A full AV scanner or the Online scanner BitDefender Online Virus Scan..
Do you recognize which one you have. These 2 scanners are not a problem as they are ON Demand. But the paid verin is a real time (Active) scanner ..that one would be a problem. As then AVG and Bitdefender will be active and you'll have to decide on one to pull.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 dingdingding

dingdingding
  • Topic Starter

  • Members
  • 115 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:01:01 PM

Posted 19 July 2008 - 07:25 PM

Hi boopme!

All I can find now, is a link on my desktop to the Bitdefender online scanner results (I can't find the program in my add/remove programs or on my start up menu area). I really could have sworn that I had some version of the program though (most likely the free version), or maybe I'm just confusing it with the Stinger program. Sorry about that. I've probably just confused it with the Stinger thing (keeping track of all of this computing stuff can get very confusing for someone like me, but when you add to that a virus, it's a recipe for disaster).

I thank you again boopme for helping me. You have wiped away my viruses and my fears, and you completely deserve a vacation to the place in your current avatar! :thumbsup:

#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,344 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:01 PM

Posted 19 July 2008 - 09:29 PM

You're very welcome. I think I will take you up on that vacation. just don't tell the boss.
Since your PC's clear do this

Now you should Set a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since System Restore is a protected directory, your tools can not access it to delete these bad files which sometimes can reinfect your system. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then use Disk Cleanup to remove all but the most recently created Restore Point.
  • Then go to Start > Run and type: Cleanmgr
  • Click "OK".
  • Click the "More Options" Tab.
  • Click "Clean Up" in the System Restore section to remove all previous restore points except the newly created one.

Edited by boopme, 19 July 2008 - 09:30 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 dingdingding

dingdingding
  • Topic Starter

  • Members
  • 115 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:01:01 PM

Posted 21 July 2008 - 04:06 PM

Great idea! I shall go do this right now. :thumbsup:


Okay, it's all done. :flowers:


Thank You Boopme!!! :trumpet:

*hands boopme an umbrellaed coconut full of an icy yummy beverage*

:inlove:

Edited by dingdingding, 21 July 2008 - 04:18 PM.


#10 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,344 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:01 PM

Posted 21 July 2008 - 04:39 PM

Thank you beverage consumed ,may I have another?? I'm in Bahama mode.. :thumbsup:

Edited by boopme, 21 July 2008 - 04:40 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users