Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Exploit-objectdata


  • Please log in to reply
5 replies to this topic

#1 slimsoul

slimsoul

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:29 AM

Posted 12 May 2006 - 04:22 PM

Hi, i have recently scanned my machine with mcafee's online scan and it has found 2 files called Exploit-ObjectData in my pc, i also tried symantecs online scan and it gave me the paths to the 2 files(shown below). When i go through the paths i get to temporary internet files and can go no further. I have selected to show hidden files and to show protected operating system files to see if the directory appears also.

C:\Documents and Settings\Stephen\Local Settings\Temporary Internet Files\Content.IE5\QXCBAD0P\wbk39.tmp is infected with Trojan.Phel
C:\Documents and Settings\Stephen\Local Settings\Temporary Internet Files\Content.IE5\OD6J0P2N\wbk3E.tmp is infected with Trojan.Phel

The reason i initiated the scan was through BT contacting me to alert me of the infections, which seemed to be sending out spam from my machine.

I have tried the following scans to remove these files to no avail:

Spybot search and destroy
Ad-aware personal
Mcafees online scan
Symantecs online scan
Windows defender
Panda online scan
Microtrend housecall scan
Bitdefender online scan

W32/NETSKY removal tool
W32/BEAGLE removal tool
W32/SOBER removal tool

I can post a hijackthis log if needed

Thanks

Edited by slimsoul, 12 May 2006 - 04:24 PM.


BC AdBot (Login to Remove)

 


#2 Jacee

Jacee

    Bleeping around


  • Malware Response Team
  • 3,716 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:12:29 AM

Posted 12 May 2006 - 04:32 PM

Follow the manual instructions here:
http://securityresponse.symantec.com/avcen...jan.phel.a.html

Download ATF Cleaner if you have XP
http://www.atribune.org/content/view/19/2/
Click "Main" > check 'select all' this first time using it, then click "Empty Selected". Do the same for FireFox or Opera if you use either of those browsers.

Finally go to Control Panel > Internet Options.
On the General tab under "Temporary Internet Files" Click "Delete Files".
Put a check by "Delete Offline Content" and click OK.
Click on the Programs tab then click the "Reset Web Settings" button.
Click Apply then OK.

Also navigate to C:\Documents and Settings\Stephen\Local Settings\Temporary Internet Files
and delete the temporary internet files in that folder

Download the MS patch listed on the Symantec site.

Edited by Jacee, 12 May 2006 - 04:35 PM.

MS_MVP.gif
MS MVP Windows-Security 2006-2016
Member of UNITE, the Unified Network of Instructors and Trusted Eliminators

Admin PC Pitstop


#3 slimsoul

slimsoul
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:29 AM

Posted 12 May 2006 - 05:20 PM

Hi thanks for the quick response. i have followed your instructions. the only problem i encountered was that i do not have symantec anti virus which was needed to scan the system according to their instructions. i assume i need this to carry out the removal successfully?

#4 Jacee

Jacee

    Bleeping around


  • Malware Response Team
  • 3,716 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:12:29 AM

Posted 12 May 2006 - 05:39 PM

No, just follow the manual removal instructions in Symantecs link. Then follow my instructions, and when done, get your necessary security updates from here:
http://www.microsoft.com/technet/security/...n/MS05-001.mspx

MS_MVP.gif
MS MVP Windows-Security 2006-2016
Member of UNITE, the Unified Network of Instructors and Trusted Eliminators

Admin PC Pitstop


#5 slimsoul

slimsoul
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:29 AM

Posted 12 May 2006 - 05:52 PM

Sorry for being a dimwit, but i cant see any manual removal instructions on that link, below i have pasted the only removal instructions that i can see (step 1 i have done. 2 and 3 are referring to symantec anti virus software and 4 i have checked the registry and cannot find the file they ask me to remove)

these are the instructions

1.Disable System Restore (Windows Me/XP).
2.Update the virus definitions.
3.Run a full system scan and delete all the files detected as Trojan.Phel.A.
4.Delete the value that was added to the registry.

The above may be unnecessary as i have just ran a mcafee check again and the scan came up clear! hopefully they have been zapped

Thanks

Edited by slimsoul, 12 May 2006 - 05:56 PM.


#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 52,087 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:02:29 AM

Posted 12 May 2006 - 09:26 PM

Since your not using Symantec, you can run a scan with your existing anti-virus after updating its definitions.

You should follow the instructions for doing these steps

Patch the Microsoft Internet Explorer HTML Help Control Local Zone Security Restriction Bypass Vulnerability (as described in Microsoft Security Bulletin MS05-001).

Temporarily turn off System Restore. If a virus, worm, or Trojan infects a computer, System Restore may back up and save the virus, worm, or Trojan on the computer so it can reinfect you at a later time. Doing this will purge the old restore points where the malware may be hiding and allow you to create a a fresh restore point.
Instructions for XP.

Delete the startup value from the registry as instructed by Symantec AFTER backing up your registry. Instructions for doing that are also provided.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users