brand new virus?

  • Thread starter Thread starter Guest
  • Start date Start date
I did the first part, it restarted, i checked the VBG, it said it deleted
some stuff, but I ran it again to make sure, and it ran smoothly, and said it
didn't find anything else, but I get to the second part and I try to execute
the bat file, but the cmd pops uo for a econd, then closes... its not even up
for a half a second. Did it run? Did it do anything? I dont see the html file
that it said it was supposed to have made.
 
From: "(e-mail address removed)" <[email protected]>

| I did the first part, it restarted, i checked the VBG, it said it deleted
| some stuff, but I ran it again to make sure, and it ran smoothly, and said it
| didn't find anything else, but I get to the second part and I try to execute
| the bat file, but the cmd pops uo for a econd, then closes... its not even up
| for a half a second. Did it run? Did it do anything? I dont see the html file
| that it said it was supposed to have made.
|


Plaese copy and paste the contents of the VBG.TXT log file.

I received the ZIP file -- Thank You. It will be distributed to numerous anti malware
vendors so those that did NOT recognize this, will in future signature releases.

The WinFixerFix utility takes time and you may not see feedback on the screen for a couple
of minutes and it may not work at all on some PCs.

It is important to make sure you take care of Sun Java as there is evindence that the Vundo
Trojan is installed through vulnerabilities know to exist in older version of Sun Java.
 
yes.. I did it all, rescanned, and its gone.... the virus is completely and
totaly wiped out.... Way to go. Thanks a WHOLE lot. Lol, why couldnt I do
this on my laptop before I had to format and reinstall everything!? lol,
well, foramting the DESKTOP wouldve been harder, so I thank you for saving me
that trouble. (The laptop, btw, was a problem because there was a downloader
virus that was hidden so well that no virus scanner I used could find it, so
in the end, I just formatted the h/d)


Until the next problem,

Mike
 
From: "(e-mail address removed)" <[email protected]>

| yes.. I did it all, rescanned, and its gone.... the virus is completely and
| totaly wiped out.... Way to go. Thanks a WHOLE lot. Lol, why couldnt I do
| this on my laptop before I had to format and reinstall everything!? lol,
| well, foramting the DESKTOP wouldve been harder, so I thank you for saving me
| that trouble. (The laptop, btw, was a problem because there was a downloader
| virus that was hidden so well that no virus scanner I used could find it, so
| in the end, I just formatted the h/d)
|
| Until the next problem,
|
| Mike
|

Thanx for the update Mike.

I am glad that you are rid of this Trojan that turned out to be a Vundo Trojan vatiant.

I sent you another email and I am awaiting the LOG file from thhe instructions from that
email.
 
I did an online scan using symantec's online scanner, and it found a virus
that it called Trojan Horse in the system32 folder. the file that was
infected was called awttqpo.dll but when I googled this file name, it
returned NO results... I dont mean no usable results, I mean NONE. What
kind
of virus is discovered by norton, but not discussed by ANYONE on the
internet. It says "Did you ean" but no.. I didn't mean ANYTHING other than
what I typed. Anywho, as you probably guessed, lookig for the path given
by
the scanner had poor results. It's not there in reguler or safe mode. So
my
question is:

How do you delete awttqpo.dll in C:\WINDOWS\system32 if it can not been
seen
in even safe mode, there are no discussion groups on the internet for it,
and
there are NO references, phrases, or the SLIGHTEST mention of it ANYWHER
in
exstence except for here, right now... Anyone, any ideas? Thanks in
advance.

P.S. I put this question here because its a Windows problem (The file is
hidden in a VERY advanced way) and because thre are no other grups that
have
discussions for it. Please don't send me other places... I beg of you!
Click to expand...

You need to examine why it is you are getting infected in the first place.
 
Hello nass,

Is this group available via an NNTP reader such as Outlook Express? I find
using Web-based groups very difficult to wade through.

Alan
 
Breaking into the conversation . . . .

Yes, you can use Outlook Express.

server: msnews.microsoft.com

no user name/password needed.
 
Thank you, darkrats.

Alan

darkrats said:
Breaking into the conversation . . . .

Yes, you can use Outlook Express.

server: msnews.microsoft.com

no user name/password needed.
Click to expand...
 
From: "Rock" <[email protected]>


|
| You need to examine why it is you are getting infected in the first place.
|

It was a Vundo Trojan. albeit, NOD32 indicated it was a Conhook. Both work in similar
ways.

Usually Vundo Trojans are uinstalled via Sun Java vulnerability exploitation. He indicated
he had v5 update 6 but has NOT been fortcoming with all the information that I requested and
he may STILL be infected although this Vundo Trojan was removed.

BTW: Do you still have a Avast issue with IE7 on on the MS Web Page causing the VBS:Zulu to
be declared ?

I provided Alwil the information and they picked it up off their message board sub-forum on
Oct. 5 but has NOT provided and replies to my posted information on the problem. I do know
they read it and maybe have chancged their signature without letting me know.
 
Back
Top