Virus question

Bill Case · Feb 7, 2004

Hi,
I just ran an AVG 6 scan and turned up 6 occurences of these viruses:

Trojan horse downloader istbar.BY
Trojan horse downloader dyfica.AA

These showed up in just the last day, with all MS patches installed, running
ZoneAlarm firewall, frequent Spybot checks, and had AVG resident shield
running.

Anybody know how these things are getting on my computer? Do I have a bad
prgram that's generating them or inviting them in?

O/S: win 2000 sp4 w/ all patches installed.

Thanks

null · Feb 7, 2004

Hi,
I just ran an AVG 6 scan and turned up 6 occurences of these viruses:

Trojan horse downloader istbar.BY
Trojan horse downloader dyfica.AA

These showed up in just the last day, with all MS patches installed, running
ZoneAlarm firewall, frequent Spybot checks, and had AVG resident shield
running.

Anybody know how these things are getting on my computer? Do I have a bad
prgram that's generating them or inviting them in?

Yes. IE/OE

O/S: win 2000 sp4 w/ all patches installed.

Here's a real patch for 2K sr1:

http://www.litepc.com/ieradicator.html

Art
http://www.epix.net/~artnpeg

taff · Feb 7, 2004

Hi,
I just ran an AVG 6 scan and turned up 6 occurences of these viruses:

Trojan horse downloader istbar.BY
Trojan horse downloader dyfica.AA

These showed up in just the last day, with all MS patches installed, running
ZoneAlarm firewall, frequent Spybot checks, and had AVG resident shield
running.

Anybody know how these things are getting on my computer? Do I have a bad
prgram that's generating them or inviting them in?

O/S: win 2000 sp4 w/ all patches installed.

Thanks

Probably Kazaa.

Taff.............

www.sounds-pa.com | www.thecomputerworkshop.com

FromTheRafters · Feb 7, 2004

Bill Case said:
Hi,
I just ran an AVG 6 scan and turned up 6 occurences of these viruses:

Trojan horse downloader istbar.BY
Trojan horse downloader dyfica.AA

These showed up in just the last day, with all MS patches installed, running
ZoneAlarm firewall, frequent Spybot checks, and had AVG resident shield
running.

Anybody know how these things are getting on my computer? Do I have a bad
prgram that's generating them or inviting them in?

O/S: win 2000 sp4 w/ all patches installed.

Where are they being found?

me · Feb 7, 2004

Bill said:
Hi,
I just ran an AVG 6 scan and turned up 6 occurences of these viruses:

Trojan horse downloader istbar.BY
Trojan horse downloader dyfica.AA

These showed up in just the last day, with all MS patches installed, running
ZoneAlarm firewall, frequent Spybot checks, and had AVG resident shield
running.

Anybody know how these things are getting on my computer? Do I have a bad
prgram that's generating them or inviting them in?

O/S: win 2000 sp4 w/ all patches installed.

Thanks

From a descr. of istbar:
"ActiveX drive-by download on affiliate pages, including
misleading download links"

J

Ceily · Feb 7, 2004

Someone once told me to create a fake address in my address book. Actualy I
have 2, in the last name, first name format. One is call alert, worm and
has my real email address. And the other is alert, worm and has a fake
email address such as 123stopworms.com. That lets you know if something is
coming from your address book. Because the sender would be alert, worm.

Ceily

Bill Case · Feb 7, 2004

FromTheRafters said:
Where are they being found?

E is my boot HD. xxxra1 is disabled directory, left over from a re-install
last week due to getting hit by a virus. Below is the AVG6 log for the virii
it found this morning, win 2k o/s. Any ideas as to what's going on?

E:\Documents and Settings\XXXRA1\Local Settings\TEMP\POWERS~1.EXE Trojan
horse Downloader.Istbar.BY

E:\Documents and Settings\XXXRA1\Local Settings\Temporary Internet
Files\CONTENT.IE5\8XUBKH2F\POWERS~1.EXE Trojan horse Downloader.Istbar.BY

E:\Documents and Settings\XXXRA1\Local Settings\Temporary Internet
Files\CONTENT.IE5\C16VWL6R\OPTIMI~1.EXE repaired

E:\RECYCLER\S-1-5-21-57989841-1935655697-839522115-1000\DE758\POWERS~1.EXE
Trojan horse Downloader.Istbar.BY

E:\RECYCLER\S-1-5-21-57989841-1935655697-839522115-1000\DE760\OPTIMIZE.EXE
repaired
Testing G:\ volume Backup NTFS3 4.9Gig serial 7C87-28E0

Test finished, duration 01:04:30.9 s
41783 objects tested, 5 found infected

Mike Burgess · Feb 7, 2004

Bill,
Those Trojans most likely already existed and were not detected
by AVG until it was updated. Both of those are basic generic type
Trojans. The letters after just designates the culprit site ...
--
Go to: http://www.tomcoyote.org/hjt/
Download "Hijack This!" [freeware] or download direct (below):
http://www.merijn.org/files/hijackthis.zip

Unzip, double-click "HijackThis.exe" and Press "Scan".

When the scan is finished, the "Scan" button will change into a "Save Log"
button.
Click: "Save Log" (generates: "hijackthis.log")

Next, go to the below location:
http://www.spywareinfo.com/forums/

Sign in, go to the "Spyware and Hijackware Removal" section.
Press "New Topic", copy and paste hijackthis.log into your new message.
____________________________________________________________
Mike Burgess [MVP Windows Shell\User] http://www.mvps.org/winhelp2002/
Blocking Spyware, Adware, Parasites, Hijackers, Trojans, with a HOSTS file
http://www.mvps.org/winhelp2002/hosts.htm [updated 02-07-04]
Please post replies to this Newsgroup, email address is invalid

Bill Case · Feb 7, 2004

taff said:
Probably Kazaa.

Never used it.

FromTheRafters · Feb 7, 2004

Bill Case said:
E is my boot HD. xxxra1 is disabled directory, left over from a re-install
last week due to getting hit by a virus. Below is the AVG6 log for the virii
it found this morning, win 2k o/s. Any ideas as to what's going on?

E:\Documents and Settings\XXXRA1\Local Settings\TEMP\POWERS~1.EXE Trojan
horse Downloader.Istbar.BY

E:\Documents and Settings\XXXRA1\Local Settings\Temporary Internet
Files\CONTENT.IE5\8XUBKH2F\POWERS~1.EXE Trojan horse Downloader.Istbar.BY

E:\Documents and Settings\XXXRA1\Local Settings\Temporary Internet
Files\CONTENT.IE5\C16VWL6R\OPTIMI~1.EXE repaired

E:\RECYCLER\S-1-5-21-57989841-1935655697-839522115-1000\DE758\POWERS~1.EXE
Trojan horse Downloader.Istbar.BY

E:\RECYCLER\S-1-5-21-57989841-1935655697-839522115-1000\DE760\OPTIMIZE.EXE
repaired
Testing G:\ volume Backup NTFS3 4.9Gig serial 7C87-28E0

Test finished, duration 01:04:30.9 s
41783 objects tested, 5 found infected

Those are temp, temporary internet files, and recycle bin directories.
Your browser settings are probably allowing this to happen. Disable
scripting and ActiveX while browsing - and only enable them for sites
that both need them and that you trust.

....which probably means that you *never* should have ActiveX
enabled. ;o)

optikl · Feb 7, 2004

Yes. IE/OE

Here's a real patch for 2K sr1:

http://www.litepc.com/ieradicator.html

Art
http://www.epix.net/~artnpeg

He said Win 2000 SP4, so giving him this advice was not a good idea.

null · Feb 7, 2004

He said Win 2000 SP4,

I know that.

so giving him this advice was not a good idea.

There's a difference between a clue and advice. And he isn't the only
one reading the posts.

Art
http://www.epix.net/~artnpeg

Trouble with Trojans	3	Jul 14, 2007
AVG warning message	2	Nov 9, 2004
How do I delete these viruses?	2	Apr 21, 2005
Solved: No sound from browers for videos - Internet Explorer andFirefox	1	Apr 8, 2009
virus in System Volume Info. folder	3	Mar 26, 2004
Virus problem questions	5	Feb 3, 2004
WMFPatch11 problem & AVG	4	Jan 13, 2006
best free anti-virus is Avast? compatible with zonealarm	9	Oct 18, 2007

Virus question

Bill Case

null

taff

FromTheRafters

me

Ceily

Bill Case

Mike Burgess

Bill Case

FromTheRafters

optikl

null

Ask a Question

Similar Threads