Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

DOS DODGY.A---Now what?


  • Please log in to reply
5 replies to this topic

#1 Hellraiser666

Hellraiser666

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:05:13 PM

Posted 07 February 2016 - 10:07 PM

Hello,
 
Haven't been in here a while.  Got a problem.  Windows defender has found "Dos Dodgy.A" rated severe twice in a week.  WD gives the ambiguous message that it's been cleaned but also states, "The program could not find the malware and other potentially unwanted software on this computer."   I'm thinking it's still in my system, but can't find much info on this virus. I've scanned with MB, MBantiroot, Emsisoft, so far but have gotten nothing beyond the 2 earlier real-time hits by WD.  Anybody got some info on this bugger? 
 
Thanks, and sorry to hear about the lawsuit.  You guys deserve better than that. I know you need cash, I'll see what I can do.


BC AdBot (Login to Remove)

 


#2 TazzyOpz

TazzyOpz

  • Members
  • 92 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:13 PM

Posted 08 February 2016 - 12:41 AM

You can try running a couple scans to see if it was left behind.

According to Microsoft this virus does the following:
 

"This virus spreads by attaching its code to other files on your PC or network. Some of the infected programs might no longer run correctly."  That may be the issue when Windows Defender attempts to remove it. It may be some sort of Process injection virus.

Source: http://www.microsoft.com/security/portal/threat/encyclopedia/entry.aspx?Name=Virus%3ADOS%2FDodgy.A

Try running the following:

 

[-Running NoBot-]
Download NoBot from here and save it to your Desktop.
 
• Double-click NoBot.exe
Go to File -> Settings and make sure the following are checked
•• Detect Suspicious File Paths
•• Scan Registry
• Detect Dropped Files
Spoiler
• Then Click the Scan button. 
• Once the scan is finished You can view the Scan log by going to File -> Scan Logs. Then copy and paste the scan log here.
It is recommend to post the scan log here before removing any files detected unless you know for sure the file found is infected.
 

 

[-Running Kaspersky Virus Removal Tool-]
Download KVRT from here and save it to your Desktop.
•  Right click on KVRT.exe and select Run as Administrator.
•  Read the EULA, then select Accept.
•  Wait for Kaspersky Virus Removal Tool to initialize.
•  In the main screen, select Change parameters, place a checkmark in System drive, then click OK.
•  Click Start scan.
•  Wait for Kaspersky Virus Removal Tool to complete scanning.
•  When the scan is finished, select Neutralize all for all detected objects.
•  Close Kaspersky Virus Removal Tool when done.
 
 
[-Running TDDSSKiller-]

 

• Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
• Vista/Windows 7 users right-click and select Run As Administrator.

• Once Open Click on "Change Parameters"

• Under "Additional Options" Select: Verify File Digital Signature And Detect TDLFS File System

• Click the Start Scan button.

•  If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.

Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.

• A log file named "TDSSKiller_version_date_time_log.txt" will be created and saved to the root directory (usually Local Disk C:).

Copy and paste the contents of that file in your next reply. 

 

 
 
 
You said you ran a scan with "MB" I'm assuming you're referring to Malwarebytes but if not I'd recommend running a scan with that as well. MalwareBytes Anti-Malware
I'd Also recommend getting ahold of another antivirus for your system rather than relying on Windows Defender. There are plent of free Anti-Viruses out there that do a bit better job then Windows Defender.

Edited by TazzyOpz, 08 February 2016 - 12:56 AM.

Software Developer & Malware Analyst
Programming Langues: VB.net, C#, Java, & HTML.
Reverse Engineering/Tracking Tool familiarity: Ollydbg, IDA, CE, & Wireshark
My Website


#3 Hellraiser666

Hellraiser666
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:05:13 PM

Posted 08 February 2016 - 01:33 AM

Okay, thanks.  I just got back to my computer to check the status of a full Windows Defender scan and it said I also have a TROJAN WIN32-DYNAMER!ac.  But when I tried to remove it WD just froze up and I had to taskkill WD.  Now I'm running Rogue Killer to see what it can do.  I may not get this cleared up 'till tomorrow.  I'll get back to this forum, I presume others might be interested.  


Edited by Hellraiser666, 08 February 2016 - 01:34 AM.


#4 Hellraiser666

Hellraiser666
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:05:13 PM

Posted 08 February 2016 - 09:17 AM

 

...follow up.  

 

Getting back about this may be premature, but I'm hoping for feedback on this potential trojan infection, which for me has now take precedence over the original infection, "Dos Dodgy. A ."  Here's how is played out so far:

 

8:30pm  Windows Def finds Dos.Dodgy.A in real time. for the 2nd time in week.

11:30pm Ran full scan with WD.  Dos.Dodgy.A isn't found, but  TROJAN WIN32/DYNAMER!ac is found.  Try to clean but WD freezes halfway through cleanup, have to taskkill WD

12:30am Ran Rogue killer, found PUP, simply described as "software," I deleted that threat.

12:45 Ran MB, found nothing

1:15 Ran TDS, found nothing

1:20 Ran Kaspersky av, found nothing

1:35 Ran WD-Quick scan, found TROJAN WIN32/DYNAMER!ac again. Tried to clean, same story.

2:05 Tried to run MB in safe mode, but computer was way overheated, so I cancelled.

 

This morning I noticed this info in WD:

 

container file D:\Preload\install\wim

D:\Preload\install\wim ->(Image 68694)\Program files (x86)\Wildgames\House of a thousand doors family Secrets

\HouseOF1000Doors_FamilySecrets-WT.exe->(EXEEmb).>(EXEEmb)

 

I did a little research this morning and there's talk this could be a false positive, some bloatware from WildTangent games stashed on RecoveryD.  But I found nothing definitive either way. The only other clue I can offer is in Task Manager/Processes I notice that "disk" is going nuts, varying between 0% to 100% in a matter of seconds.  Never happened before.

 

Anyone heard any good street talk about any of this? And I still haven't come to any definite conclusion about the original infection, DOS DODGY.A, which has not since reappeared but I suspect is still lurking. 

 

P.s. Put me last on your list of concerns, this is a low-risk situation for me. Thanks.


Edited by Hellraiser666, 08 February 2016 - 09:44 AM.


#5 Hellraiser666

Hellraiser666
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:05:13 PM

Posted 08 February 2016 - 10:30 AM

Okay, this is winding down a bit.  I thought it might be of help to others if I mentioned how this played out.  I rebooted 3 times and every time WD found that same "trojan" on D partition.  CPU usage was way beyond normal and I was running way too hot.  Since I made a recovery usb after I updated to W10 about 6 weeks ago I decided to just delete that recovery drive on C.  I rebooted and guess what, I'm sweet again. Yeah!  I have no explanation as to how that file got on D out of the blue like that, or even if it was a true virus or just some troublesome bloatware. Anyway, if you want to consider this "solved" that's fine. And about that DOS DODGY? who knows, time will tell. I know this is a busy forum, I don't think my situation warrants any more of your time.  However, if something noteworthy pops up then perhaps I'll stop back in if that's okay.

 

Thanks for giving me a place to run to. Have an adorable Monday. :)


 


Edited by Hellraiser666, 08 February 2016 - 11:23 AM.


#6 TazzyOpz

TazzyOpz

  • Members
  • 92 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:13 PM

Posted 08 February 2016 - 11:47 AM

Okay, I'm happy things seem to be cleared up.  :orange:

 

Regarding the WD virus "Dos.Dodgy.A" I'm fairly certain it was removed by Windows Defender if it hasn't popped up again. However I would recommend giving Avast Free Anti-Virus a shot if you're looking for a bit better protection over Windows defender.

 

None the less hope I helped a little. Have a nice Monday as well  :thumbup2:


Software Developer & Malware Analyst
Programming Langues: VB.net, C#, Java, & HTML.
Reverse Engineering/Tracking Tool familiarity: Ollydbg, IDA, CE, & Wireshark
My Website





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users