VirusBurst- A malicious spyware program.

**katzdvd** · 2 Sep 2006, 09:01 PM

Gary,

thanks for the info. keep us updated as if it shows up in a follow-up scan.

it never ends...

katz

**discman** · 2 Sep 2006, 09:32 PM

i've had a few of those the last one i had to remove in safemode.even had one that disabled my internet access.thanks for the info gary d thats one to avoid.and another 3 are\winfixer\unspypc\blubster.

**soup** · 2 Sep 2006, 10:42 PM

Thanks for the heads up Gary D, much appreciated.

**Gary D** · 3 Sep 2006, 01:31 AM

All clear! (For now)

I scanned with my Nortons, AdAware, and SpyBot and no viruses have reared there ugly heads....

BUT

Since none of these programs could find it originally, I will be (trying to) update my scanning programs on a regular basis until they catch up to it. I see a lot of scans in the next little while.

Just because I am clean now does not me I am truly clean. Until the programs catch up, it is a wait and see game now.

Further information:

When I searched for the DLL file (and others), I used windows search function. I found the DLL file but could not delete it. Somebody (probably jm1647EDIT: It was PA2004) recommended a program called "Unlocker" a long time ago. I unlocked the dll and was able to delete it. But I had to reboot as the unlocker had to turn off a lot of other programs for it to work.

So far so good for now!

Gary

**Chewy** · 3 Sep 2006, 02:00 AM

gary

just to be sure try one of these, preferably 2

Anti Trojan Software Reviews

http://www.anti-trojan-software-reviews.com/

with some of these trojans I have had to do an update to the program,
disconnect from the internet and reboot into safe mode to kill the core downloader part

one nasty would not let me disconnect from the internet

**soup** · 3 Sep 2006, 02:11 AM

Would the Widows Live Safety Centre help?

**uufta** · 3 Sep 2006, 03:12 AM

Thanks Gary, do you have a link for that unlocker? sounds like a useful tool.

Thanks Gary for the link...

**Gary D** · 3 Sep 2006, 03:29 AM

Thanks Chewy

Trojan Hunter Results:

Code:

[B]Registry scan[/B]
Registry value exists: [COLOR="Red"]HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{fe2d25c1-c1db-4b5e-9390-af1cb5302f32} (matches TrojanDownloader.Zlob.500)[/COLOR] 	(Regedit Jump)
Registry key exists: [COLOR="Red"]HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{202a961f-23ae-42b1-9505-ffe3c818d717} (matches TrojanDownloader.Zlob.500) [/COLOR]	(Regedit Jump)
[B]Inifile scan[/B]
No suspicious entries found
[B]Port scan[/B]
No suspicious open ports found
[B]Memory scan[/B]
No trojans found in memory
File scan
No trojan files found

So this program found 2 more that the other 3 programs had missed in the RegEdit entries.

BTW It was PA2004 that had posted the link to unlocker. Here is the original post: http://forum.digital-digest.com/show...992#post424992

**Chewy** · 3 Sep 2006, 03:36 AM

ewido and a squared might even find more but wait for a while

**Gary D** · 3 Sep 2006, 04:05 AM

Chewy I just ran Ewido! Thanks

ewido anti-spyware - Scan Report
---------------------------------------------------------

Code:

 + Created at:	2:02:10 PM 02/09/2006

 + Scan result:	



HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Explorer Security Plugin 2006 -> Adware.IntCodec : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Security Add-On -> Adware.IntCodec : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Public Messenger ver 2.03 -> Adware.IntCodec : Cleaned with backup (quarantined).
C:\WINDOWS\NDNuninstall7_22.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
HKU\S-1-5-21-606747145-287218729-1801674531-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E} -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\Program Files\DAEMON Tools\SetupDTSB.exe -> Adware.SaveNow : Cleaned with backup (quarantined).
:mozilla.11:C:\Documents and Settings\Camera\Application Data\Mozilla\Firefox\Profiles\ajsiax4x.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.12:C:\Documents and Settings\Camera\Application Data\Mozilla\Firefox\Profiles\ajsiax4x.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.13:C:\Documents and Settings\Camera\Application Data\Mozilla\Firefox\Profiles\ajsiax4x.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.31:C:\Documents and Settings\Camera\Application Data\Mozilla\Firefox\Profiles\ajsiax4x.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.42:C:\Documents and Settings\Camera\Application Data\Mozilla\Firefox\Profiles\ajsiax4x.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.7:C:\Documents and Settings\Camera\Application Data\Mozilla\Firefox\Profiles\ajsiax4x.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.8:C:\Documents and Settings\Camera\Application Data\Mozilla\Firefox\Profiles\ajsiax4x.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.9:C:\Documents and Settings\Camera\Application Data\Mozilla\Firefox\Profiles\ajsiax4x.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.32:C:\Documents and Settings\Camera\Application Data\Mozilla\Firefox\Profiles\ajsiax4x.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.48:C:\Documents and Settings\Camera\Application Data\Mozilla\Firefox\Profiles\ajsiax4x.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.49:C:\Documents and Settings\Camera\Application Data\Mozilla\Firefox\Profiles\ajsiax4x.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.50:C:\Documents and Settings\Camera\Application Data\Mozilla\Firefox\Profiles\ajsiax4x.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.36:C:\Documents and Settings\Camera\Application Data\Mozilla\Firefox\Profiles\ajsiax4x.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.


::Report end

Still not clear BUT very surprising results!!

**Chewy** · 3 Sep 2006, 04:14 AM

you should have let the trojan have a few days to get really entrenched and maybe an upgrade or two

**Gary D** · 3 Sep 2006, 04:19 AM

I will wait now.

I saw your original post about using 1 or 2 more. By the time I read your reply, ewido was running. It took the longest but scanned the most files!

A lot of the spyware was in my "Camera" log-in which is interesting because I thought all uninvited cookies were deleted when I ran CCleaner. I guess they are only deleted if CCleaner is ran in that log-in. I learned lots today. But the next scans will then be Monday (a holiday in Canada).

What a pain in the ar$e this is!!

**Chewy** · 3 Sep 2006, 04:36 AM

that's why I just grin at my clients and ask, you do have everything backed up don't you?

I then take their drive, grab their data and reload

**Gary D** · 3 Sep 2006, 04:41 AM

I have a picture of my C drive on my external usb HD from about May 1st. That will be a very last resort!!!

VirusBurst- A malicious spyware program.

VirusBurst- A malicious spyware program.

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment