gltdwif.exe

[Bill Piety]

My firewall displayed a warning that this file was trying to access the
internet. Found it in the winnt folder on my Win2K Pro SP4 machine and the
properties display gave no info at all except file size, so I renamed it
from gltdwif.exe to .old for security purposes. This in itself is suspect so
submitted it to scan and got the following results:
Results of a file scan
This is a report processed by VirusTotal on 03/22/2005 at 17:50:57 (CET)
after scanning the file "gltdwif.old" file.
Antivirus Version Update Result
AntiVir 6.30.0.7 03.22.2005 no virus found
AVG 718 03.21.2005 no virus found
BitDefender 7.0 03.22.2005 no virus found
ClamAV devel-20050307 03.22.2005 Trojan.Downloader.Istbar-89
DrWeb 4.32b 03.22.2005 Trojan.Isbar.74
eTrust-Iris 7.1.194.0 03.22.2005 no virus found
eTrust-Vet 11.7.0.0 03.22.2005 no virus found
Fortinet 2.51 03.20.2005 no virus found
F-Prot 3.16a 03.22.2005 could be infected with an unknown virus
Ikarus 2.32 03.21.2005 no virus found
Kaspersky 4.0.2.24 03.22.2005 no virus found
McAfee 4451 03.21.2005 no virus found
NOD32v2 1.1031 03.21.2005 Win32/TrojanDownloader.IstBar.ER
Norman 5.70.10 03.21.2005 W32/Istbar.HL
Panda 8.02.00 03.22.2005 no virus found
Sybari 7.5.1314 03.22.2005 W32/Istbar.H
Symantec 8.0 03.21.2005 no virus found


FYI only since Google gave no info.

 

[David H. Lipman]

From: "Bill Piety" <[email protected]>

| My firewall displayed a warning that this file was trying to access the
| internet. Found it in the winnt folder on my Win2K Pro SP4 machine and the
| properties display gave no info at all except file size, so I renamed it
| from gltdwif.exe to .old for security purposes. This in itself is suspect so
| submitted it to scan and got the following results:
| Results of a file scan
| This is a report processed by VirusTotal on 03/22/2005 at 17:50:57 (CET)
| after scanning the file "gltdwif.old" file.
| Antivirus Version Update Result
| AntiVir 6.30.0.7 03.22.2005 no virus found
| AVG 718 03.21.2005 no virus found
| BitDefender 7.0 03.22.2005 no virus found
| ClamAV devel-20050307 03.22.2005 Trojan.Downloader.Istbar-89
| DrWeb 4.32b 03.22.2005 Trojan.Isbar.74
| eTrust-Iris 7.1.194.0 03.22.2005 no virus found
| eTrust-Vet 11.7.0.0 03.22.2005 no virus found
| Fortinet 2.51 03.20.2005 no virus found
| F-Prot 3.16a 03.22.2005 could be infected with an unknown virus
| Ikarus 2.32 03.21.2005 no virus found
| Kaspersky 4.0.2.24 03.22.2005 no virus found
| McAfee 4451 03.21.2005 no virus found
| NOD32v2 1.1031 03.21.2005 Win32/TrojanDownloader.IstBar.ER
| Norman 5.70.10 03.21.2005 W32/Istbar.HL
| Panda 8.02.00 03.22.2005 no virus found
| Sybari 7.5.1314 03.22.2005 W32/Istbar.H
| Symantec 8.0 03.21.2005 no virus found
|
| FYI only since Google gave no info.
|

Dump the contents of the IE Temporary Internet Folder cache (TIF)

start --> settings --> control panel --> internet options --> delete files

1) Download the following three items...

Trend Sysclean Package
http://www.trendmicro.com/download/dcs.asp

Latest Trend signature files.
http://www.trendmicro.com/download/pattern.asp

Ad-aware SE (free personal version v1.05)
http://www.lavasoftusa.com/

Create a directory.
On drive "C:\"
(e.g., "c:\New Folder")
or the desktop
(e.g., "C:\Documents and Settings\lipman\Desktop\New Folder")

Download SYSCLEAN.COM and place it in that directory.
Download the Trend Pattern File by obtaining the ZIP file.
For example; lpt506.zip

Extract the contents of the ZIP file and place the contents in the same directory as
SYSCLEAN.COM.

2) Update Ad-aware with the latest definitions.
3) If you are using WinME or WinXP, disable System Restore
http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm
4) Reboot your PC into Safe Mode and shutdown as many applications as possible.
5) Using both the Trend Sysclean utility and Ad-aware, perform a Full Scan of your
platform and clean/delete any infectors/parasites found.
(a few cycles may be needed)
6) Restart your PC and perform a "final" Full Scan of your platform using both the
Trend Sysclean utility and Adaware
7) If you are using WinME or WinXP,Re-enable System Restore and re-apply any
System Restore preferences, (e.g. HD space to use suggested 400 ~ 600MB),
8) Reboot your PC.
9) If you are using WinME or WinXP, create a new Restore point

* * Please report back your results * *