Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected With Win32/sillydl.fl


  • Please log in to reply
5 replies to this topic

#1 dumafach

dumafach

  • Members
  • 205 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Oklahoma
  • Local time:10:56 PM

Posted 22 August 2006 - 12:57 AM

I have CA antivirus, and it states I have win32/sillydl.fl but cannot get rid of it. I googled it and found info on it but, can't find a way to delete it. I bought Spysubtract and downloaded other software but none have worked. I downloaded a program called registry cleaner and my computer started freezing up. I had to go back to a restore point. I downloaded another program which said free spyware scan and zipper and it said I had 835 problem files and to clean that many I would have to pay but it wouldn't tell me what they were. Every program I try offers something but delivers nothing, so I have come here for help. I can't even find this file on my computer. Does any body know how to get rid of it?

BC AdBot (Login to Remove)

 


m

#2 DASOS

DASOS

    Malware hunter


  • Security Colleague
  • 1,662 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greece loutraki 6 km from korinth canal
  • Local time:06:56 AM

Posted 22 August 2006 - 03:37 AM

Hi dumafach

Please download ATF Cleaner by Atribune. Don't run it yet

download ewido anti-spyware from HERE and save that file to your desktop.
  • Once you have downloaded ewido anti-spyware, locate the icon on the desktop and double-click it to launch the set up program.
  • Once the setup is complete you will need to run ewido and update the definition files.
  • On the main screen select the "Update" icon then click "Start Update". The update will start and a progress bar will show the updates being installed.
  • Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
  • Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
  • Under "Reports"
  • Select "Automatically generate report after every scan"
  • Un-Select "Only if threats were found"
Close ewido anti-spyware and reboot your computer into Safe Mode. < -- link to tytorial
This can be done tapping the F8 key as soon as you start your computer
You will be brought to a menu where you can choose to boot into safe mode.
Make sure you choose the option without networking support.

------------Double-click ATF-Cleaner.exe to run the program.Under Main choose: Select AllClick the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select AllClick the Empty Selected button.NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select AllClick the Empty Selected button.NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.For Technical Support, double-click the e-mail address located at the bottom of each menu.]

-----------
  • Lauch ewido-anti-spyware by double-clicking the icon on your desktop.IMPORTANT: Do not open any other windows or programs while ewido is scanning, it may interfere with the scanning proccess.
  • Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan"
  • Ewido will now begin the scanning process, be patient this may take a little time.
  • Ewido will list any infections found on the left hand side. When the scan has finished, it should automatically set the recommended action to Quarantine--if not click on Recommended Action and set it there. Click the Apply all actions button. Ewido will display "All actions have been applied" on the right hand side.
  • Click on "Save Report", then "Save Report As". This will create a text file. Make sure you know where to find this file again (like on the Desktop).
  • Close ewido.


See how this goes, if you are still having problems.. Come back and we'll advise you further.

Stelios :thumbsup:

#3 dumafach

dumafach
  • Topic Starter

  • Members
  • 205 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Oklahoma
  • Local time:10:56 PM

Posted 22 August 2006 - 05:09 PM

Hello DASOS,

I did the steps you outlined. It found some tracking cookies and 2 high security issues. It took care of one of them but said it couldn't take care of the other because it is part of another program that has to run. It did not find the win32/sillydl.fl trojan. No other spyware I have tried have found it either. I don't know if I even actually have it or not. I appreceiate your help. It is hard to actually find people that are willing to help. I did keep a report. One program told me to delete goggle toolbar to get rid of the trojan. I don't understand what that has to do with it. Other than running a little slow, I don't notice any thing wrong on my computer. Anything else you can think of I would be willing to try. Thank you.

I just wanted to add: I went back and checked the CA Antivirus log. It shows the trojan is in c: ied_s7m.cab <ied.exe> - win32/sillydl.fl trojan. That is the place that the ewido program said it could not clean because it is attached to other programs.

dumafach

Edited by dumafach, 22 August 2006 - 05:41 PM.


#4 DASOS

DASOS

    Malware hunter


  • Security Colleague
  • 1,662 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greece loutraki 6 km from korinth canal
  • Local time:06:56 AM

Posted 23 August 2006 - 03:35 AM

Hi dumafach

Make sure that you can see hidden files.
  • Click Start.
  • Click My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View Tab.
  • Under the Hidden files and folders heading select Show hidden files and folders.
  • Uncheck the Hide protected operating system files (recommended) option.
  • Click Yes to confirm.
  • Uncheck the Hide file extensions for known file types.
  • Click OK.

reboot your computer into Safe Mode

Using Windows Explorer (right click on start, click on explore), locate the following folder, and delete it:

c: ied_s7m.cab

then reboot, scan again with CA and see how this goes. :thumbsup:


Important!! Don't forget !!
Hide System Files
  • Click Start.
  • Open My Computer.
  • Select Tools menu
  • Click Folder Options.
  • Select the View Tab.
  • Uncheck Show hidden files and foldersin the Hidden files and folders section.
  • Select Hide protected operating system files (recommended) option.
  • Check the Hide file extensions for known file types option.
  • Click Yes.
  • Click OK.
Stelios :flowers:

#5 dumafach

dumafach
  • Topic Starter

  • Members
  • 205 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Oklahoma
  • Local time:10:56 PM

Posted 23 August 2006 - 04:33 PM

Hello DASOS

I tried the new steps you outlined. After I restarted the computer, I had a window popup from CA Antivirus stating that win32/sillydl.fl had been deleted. I don't know what all there was in that ".cab" but it seemed to work. Thanks for your help. I was begining to wander if I was going to be able to get rid ot that trojan or not. :thumbsup:

#6 DASOS

DASOS

    Malware hunter


  • Security Colleague
  • 1,662 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greece loutraki 6 km from korinth canal
  • Local time:06:56 AM

Posted 23 August 2006 - 04:50 PM

You're welcome! :thumbsup:

Glad I was able to help.


also follow this instructions:

How Did I Get Infected?


Stelios :flowers:




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users