Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan Stuck In My Temporary Internet Files And Bitdefender Says It Can't Disenfect


  • Please log in to reply
6 replies to this topic

#1 Arma

Arma

  • Members
  • 76 posts
  • OFFLINE
  •  
  • Local time:04:05 AM

Posted 14 August 2006 - 06:01 AM

Hello,

I have a problem, I am trying to get rid of it but nothing seems to work, not even BitDefender. Not even Panda's Active Scan Pro could detect it!

The virus is contained (I think?) thanks to BitDefender, right now it's in:

C:\Documents and Settings\XXX\Local Settings\Temporary Internet Files\Content.IE5\BRY1PVJ1\popup[1].htm

Since I know in what folder it is, should I just try to erase it manually? Or it will make it worse?

Please, Help!

Edited by Arma, 14 August 2006 - 06:01 AM.


BC AdBot (Login to Remove)

 


#2 moomoo

moomoo

  • Members
  • 267 posts
  • OFFLINE
  •  
  • Local time:05:05 AM

Posted 14 August 2006 - 07:11 AM

Ok go into safe mode and delete BRY1PVJ1 if thats the file.

#3 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,476 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:05 AM

Posted 14 August 2006 - 07:26 AM

If your running Win XP/2000, please download, install and update Ewido Anti-Spyware v4.0. DO NOT perform a scan yet..
Print out the Ewido Install and Scan Instructions.

Please download ATF Cleaner by Atribune.
DO NOT use yet..

Reboot your computer in SAFE MODE" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup [but before the Windows icon appears] press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Double-click ATF-Cleaner.exe to run the program.Under Main "Select Files to Delete" choose: Select All.
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.

Then scan with Ewido per the "Safe Mode" instructions you printed out and reboot back to normal mode.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#4 Arma

Arma
  • Topic Starter

  • Members
  • 76 posts
  • OFFLINE
  •  
  • Local time:04:05 AM

Posted 14 August 2006 - 09:25 AM

Both thanks you. I chose to follow quietman7 advise, as it's usually the hardest way around the most effective.

Here is the report:

ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 16:19:27 14/08/2006

+ Scan result:



C:\Documents and Settings\XXX\Local Settings\Temporary Internet Files\Content.IE5\BRY1PVJ1\popup[1].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).


::Report end


Is everything ok for me know?

Thanks by the way.

Edited by Arma, 14 August 2006 - 09:25 AM.


#5 Federer Express

Federer Express

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Local time:02:05 AM

Posted 14 August 2006 - 09:34 AM

quietman7, I appreciate your detailed instructions to use Ewido. But I have one question : Is it necessary to change the settings in services.msc? If so, what does it do?

And currently I run Tea Timer and AVG Anti-Virus as real-time protection, would running Ewido Resident Shield cause conflicts? Thanks for your help.
What the Bleep are you talking about? Are you Bleepin' kidding me?
You think this is Bleepin' funny?

#6 Arma

Arma
  • Topic Starter

  • Members
  • 76 posts
  • OFFLINE
  •  
  • Local time:04:05 AM

Posted 14 August 2006 - 09:43 AM

When I do a scan with BitDefender, it still says that I am infected with the Trojan.

Now it is located here:

C:\Program Files\ewido anti-spyware 4.0\Quarantine\file02E84FA9.dat=>(gzip)=>REMOVED_NULLS

Should I use the "Remove Finally" button?

Edited by Arma, 14 August 2006 - 09:45 AM.


#7 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,476 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:05 AM

Posted 14 August 2006 - 10:18 AM

Federer Express, Ewido causes no conflicts with Spybot or AVG. The reason to changes its settings in services is that after the trail period Ewido no longer provides real-time protection. So, unless you purchase the program to continue and use this feature, there is no need for the service.

Arma, although the file was removed it is still being flagged in quarantine so you can use the remove button.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users