Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Tr/dldr.adroar What Is This?


  • Please log in to reply
3 replies to this topic

#1 Bill L

Bill L

  • Members
  • 84 posts
  • OFFLINE
  •  
  • Local time:11:57 AM

Posted 14 January 2007 - 12:16 PM

Im running AntiVir PE Classic and AVG Anti-Spyware. I have run Spybot and Ad-aware. About 3 times a day I get a pop-up saying I have tr/dldr.adroar. I have always hit deny access when prompted and I wanted to know if anyone can tell me exactly what this is and what should I do?

BC AdBot (Login to Remove)

 


#2 buddy215

buddy215

  • Moderator
  • 13,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:11:57 AM

Posted 14 January 2007 - 06:52 PM

The only reference in Googling is mention in AntiVir's list of known malware. Suggest you scan with the online scanner in the link below. Let us know what it finds if anything.
http://www.bitdefender.com/scan8/ie.html
“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#3 Bill L

Bill L
  • Topic Starter

  • Members
  • 84 posts
  • OFFLINE
  •  
  • Local time:11:57 AM

Posted 15 January 2007 - 12:38 PM

I ran the scan you suggested. It said it found some virus but some still remain. Here was the log it saved. Please advise what I should do next.




Time
05:28:40

Files
547876

Folders
8517

Boot Sectors
3

Archives
11410

Packed Files
31592




Results

Identified Viruses
3

Infected Files
4

Suspect Files
1

Warnings
0

Disinfected
0

Deleted Files
5




Engines Info

Virus Definitions
370145

Engine build
AVCORE v1.0 (build 2371) (i386) (Dec 13 2006 11:16:42)

Scan plugins
14

Archive plugins
38

Unpack plugins
6

E-mail plugins
6

System plugins
1




Scan Settings

First Action
Prompt

Second Action
Delete

Heuristics
Yes

Enable Warnings
Yes

Scanned Extensions
*;

Exclude Extensions


Scan Emails
Yes

Scan Archives
Yes

Scan Packed
Yes

Scan Files
Yes

Scan Boot
Yes




Scanned File
Status

C:\Documents and Settings\Bill\Local Settings\Temp\ab1.exe=>wise0006
Infected with: Trojan.Downloader.Agent.CT

C:\Documents and Settings\Bill\Local Settings\Temp\ab1.exe=>wise0006
Deleted

C:\Documents and Settings\Bill\Local Settings\Temp\ab1.exe
Update failed

C:\Documents and Settings\Bill\Local Settings\Temp\Tvm.upd=>(CAB Sfx r)=>InpB=>(Embedded EXE 2g)
Infected with: Trojan.Downloader.Small.BEE

C:\Documents and Settings\Bill\Local Settings\Temp\Tvm.upd=>(CAB Sfx r)=>InpB=>(Embedded EXE 2g)
Deleted

C:\Documents and Settings\Bill\Local Settings\Temp\Tvm.upd=>(CAB Sfx r)=>InpB
Update failed

C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{3CF35D67-5177-4992-A256-4BBA247EFF3D}\Microsoft\Outlook Express\Deleted Items.dbx=>(message 1)=>[Subject: Downloaded from Novell][Date: Thu, 07 Aug 2003 16:24:25 -0700]=>(MIME part)=>(message body)
Suspected of: Exploit.Iframe.Vulnerability

C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{3CF35D67-5177-4992-A256-4BBA247EFF3D}\Microsoft\Outlook Express\Deleted Items.dbx=>(message 1)=>[Subject: Downloaded from Novell][Date: Thu, 07 Aug 2003 16:24:25 -0700]=>(MIME part)=>(message body)
Suspected of: Exploit.Iframe.Vulnerability

C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{3CF35D67-5177-4992-A256-4BBA247EFF3D}\Microsoft\Outlook Express\Deleted Items.dbx=>(message 1)=>[Subject: Downloaded from Novell][Date: Thu, 07 Aug 2003 16:24:25 -0700]=>(MIME part)=>(message body)
Deleted

C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{3CF35D67-5177-4992-A256-4BBA247EFF3D}\Microsoft\Outlook Express\Deleted Items.dbx=>(message 1)=>[Subject: Downloaded from Novell][Date: Thu, 07 Aug 2003 16:24:25 -0700]=>(MIME part)
Updated

C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{3CF35D67-5177-4992-A256-4BBA247EFF3D}\Microsoft\Outlook Express\Deleted Items.dbx=>(message 1)
Updated

C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{3CF35D67-5177-4992-A256-4BBA247EFF3D}\Microsoft\Outlook Express\Deleted Items.dbx
Update failed

C:\Documents and Settings\Sue\Local Settings\Application Data\Identities\{5692575C-2549-44B4-816F-D2676C27C45B}\Microsoft\Outlook Express\Deleted Items.dbx=>(message 0)=>[Subject: Registration_Confirmation][Date: Tue, 22 Nov 2005 00:18:09 +0000 (GMT)]=>(MIME part)=>reg_pass-data.zip
Infected with: Win32.Sober.Y@mm

C:\Documents and Settings\Sue\Local Settings\Application Data\Identities\{5692575C-2549-44B4-816F-D2676C27C45B}\Microsoft\Outlook Express\Deleted Items.dbx=>(message 0)=>[Subject: Registration_Confirmation][Date: Tue, 22 Nov 2005 00:18:09 +0000 (GMT)]=>(MIME part)=>reg_pass-data.zip
Deleted

C:\Documents and Settings\Sue\Local Settings\Application Data\Identities\{5692575C-2549-44B4-816F-D2676C27C45B}\Microsoft\Outlook Express\Deleted Items.dbx=>(message 0)=>[Subject: Registration_Confirmation][Date: Tue, 22 Nov 2005 00:18:09 +0000 (GMT)]=>(MIME part)
Updated

C:\Documents and Settings\Sue\Local Settings\Application Data\Identities\{5692575C-2549-44B4-816F-D2676C27C45B}\Microsoft\Outlook Express\Deleted Items.dbx=>(message 0)
Updated

C:\Documents and Settings\Sue\Local Settings\Application Data\Identities\{5692575C-2549-44B4-816F-D2676C27C45B}\Microsoft\Outlook Express\Deleted Items.dbx
Update failed

C:\Documents and Settings\Sue\Local Settings\Temp\Tvm.upd=>(CAB Sfx r)=>InpB=>(Embedded EXE 2g)
Infected with: Trojan.Downloader.Small.BEE

C:\Documents and Settings\Sue\Local Settings\Temp\Tvm.upd=>(CAB Sfx r)=>InpB=>(Embedded EXE 2g)
Deleted

C:\Documents and Settings\Sue\Local Settings\Temp\Tvm.upd=>(CAB Sfx r)=>InpB
Update failed

#4 buddy215

buddy215

  • Moderator
  • 13,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:11:57 AM

Posted 15 January 2007 - 12:48 PM

Suggest you post a Hijack This Log and let the experts take a look. Reference this topic.
Post the Hijack This log by following the instructions in the link below:
http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/
“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users