Need help removing malware

[Fruit2O]

I use BitDefender (it will not run in Safe Mode). During my last scan,
it found the following which it cannot delete or quarantine because
they are embedded:

1. Adware.Dogpile.l

C:\WINDOWS\Downloaded Program
Files\CONFLICT.1\Toolbar_cobrand.EXE=]wise0080

I cannot find CONFLICT.1

2. Adware.Dogpile.l

C:\WINDOWS\Downloaded Program
Files\CONFLICT.1\Toolbar_cobrand.EXE=](Embedded EXE r)=]wise0080

3. Backdoor.Dssdoor.C

D:\System Volume
Information\_restore(AB4B39B1-ECCC-40C6-B62403F7E55B5A)\RP850\Ao467860.exe=]RAR
Sfx o)=]RunSequence.exe

4. Backdoor.Dssdoor.C

D:\System Volume
Information\_restore(AB4B39B1-ECCC-40C6-B62403F7E55B5A)\RP850\Ao467860.exe=]RAR
Sfx o)=]_aps activator.exe

Can someone tell me how to get rid of them? Thanks............

 

[Dustin Cook]

I use BitDefender (it will not run in Safe Mode). During my last
scan, it found the following which it cannot delete or quarantine
because they are embedded:

1. Adware.Dogpile.l

C:\WINDOWS\Downloaded Program
Files\CONFLICT.1\Toolbar_cobrand.EXE=]wise0080

I cannot find CONFLICT.1

Looks like a folder... Have you checked to make sure it's not hidden?

2. Adware.Dogpile.l

C:\WINDOWS\Downloaded Program
Files\CONFLICT.1\Toolbar_cobrand.EXE=](Embedded EXE r)=]wise0080

3. Backdoor.Dssdoor.C

Looks like the malicious programs are inside the exe itself, and it's
sitting in that folder...

D:\System Volume
Information\_restore(AB4B39B1-ECCC-40C6-B62403F7E55B5A)\RP850\Ao467860.
exe=]RAR Sfx o)=]RunSequence.exe

4. Backdoor.Dssdoor.C

D:\System Volume
Information\_restore(AB4B39B1-ECCC-40C6-B62403F7E55B5A)\RP850\Ao467860.
exe=]RAR Sfx o)=]_aps activator.exe

Can someone tell me how to get rid of them? Thanks............

These last two are easy, turn off system restore, and turn it back on
again. It'll purge them. Keep in mind, all of your previous restore
points go bye bye too.




--
Dustin Cook, Author of BugHunter - MalWare Removal Tool - v2.2d
Email.: (e-mail address removed)
Web...: http://bughunter.it-mate.co.uk
Pad...: http://bughunter.it-mate.co.uk/pad.xml
PGP...: http://bughunter.it-mate.co.uk/bughunter.dustin.txt

 

[Fruit2O]

I use BitDefender (it will not run in Safe Mode). During my last
scan, it found the following which it cannot delete or quarantine
because they are embedded:

1. Adware.Dogpile.l

C:\WINDOWS\Downloaded Program
Files\CONFLICT.1\Toolbar_cobrand.EXE=]wise0080

I cannot find CONFLICT.1

Looks like a folder... Have you checked to make sure it's not hidden?

2. Adware.Dogpile.l

C:\WINDOWS\Downloaded Program
Files\CONFLICT.1\Toolbar_cobrand.EXE=](Embedded EXE r)=]wise0080

3. Backdoor.Dssdoor.C

Looks like the malicious programs are inside the exe itself, and it's
sitting in that folder...

D:\System Volume
Information\_restore(AB4B39B1-ECCC-40C6-B62403F7E55B5A)\RP850\Ao467860.
exe=]RAR Sfx o)=]RunSequence.exe

4. Backdoor.Dssdoor.C

D:\System Volume
Information\_restore(AB4B39B1-ECCC-40C6-B62403F7E55B5A)\RP850\Ao467860.
exe=]RAR Sfx o)=]_aps activator.exe

Can someone tell me how to get rid of them? Thanks............

These last two are easy, turn off system restore, and turn it back on
again. It'll purge them. Keep in mind, all of your previous restore
points go bye bye too.

Yes, but the original of each is still on my system - so when I use
restore again, won't they just come back again in system restore?

 

[Victek]

I use BitDefender (it will not run in Safe Mode). During my last scan,
it found the following which it cannot delete or quarantine because
they are embedded:

1. Adware.Dogpile.l

C:\WINDOWS\Downloaded Program
Files\CONFLICT.1\Toolbar_cobrand.EXE=]wise0080

I cannot find CONFLICT.1

2. Adware.Dogpile.l

C:\WINDOWS\Downloaded Program
Files\CONFLICT.1\Toolbar_cobrand.EXE=](Embedded EXE r)=]wise0080

3. Backdoor.Dssdoor.C

D:\System Volume
Information\_restore(AB4B39B1-ECCC-40C6-B62403F7E55B5A)\RP850\Ao467860.exe=]RAR
Sfx o)=]RunSequence.exe

4. Backdoor.Dssdoor.C

D:\System Volume
Information\_restore(AB4B39B1-ECCC-40C6-B62403F7E55B5A)\RP850\Ao467860.exe=]RAR
Sfx o)=]_aps activator.exe

Can someone tell me how to get rid of them? Thanks............

There are a number of antispyware programs that will run in SAFE mode, such
as Spyware Terminator (freeware) and Spyware Doctor (there's a free version)
and A2 Antimalware (available as trial ware). There's also an online based
free scan offered by Trend Micro.

As another poster mentioned, you should delete all System Restore points by
turning SR off. You may want to leave it turned off until you're confident
that the problem has been taken care of.

 

[Dustin Cook]

I use BitDefender (it will not run in Safe Mode). During my last
scan, it found the following which it cannot delete or quarantine
because they are embedded:

1. Adware.Dogpile.l

C:\WINDOWS\Downloaded Program
Files\CONFLICT.1\Toolbar_cobrand.EXE=]wise0080

I cannot find CONFLICT.1

Looks like a folder... Have you checked to make sure it's not hidden?

2. Adware.Dogpile.l

C:\WINDOWS\Downloaded Program
Files\CONFLICT.1\Toolbar_cobrand.EXE=](Embedded EXE r)=]wise0080

3. Backdoor.Dssdoor.C

Looks like the malicious programs are inside the exe itself, and it's
sitting in that folder...

D:\System Volume
Information\_restore(AB4B39B1-ECCC-40C6-B62403F7E55B5A)\RP850 \Ao467860.
exe=]RAR Sfx o)=]RunSequence.exe

4. Backdoor.Dssdoor.C

D:\System Volume
Information\_restore(AB4B39B1-ECCC-40C6-B62403F7E55B5A)\RP850 \Ao467860.
exe=]RAR Sfx o)=]_aps activator.exe

Can someone tell me how to get rid of them? Thanks............

These last two are easy, turn off system restore, and turn it back on
again. It'll purge them. Keep in mind, all of your previous restore
points go bye bye too.

Yes, but the original of each is still on my system - so when I use
restore again, won't they just come back again in system restore?

From what you posted, I don't see that happening...


--
Dustin Cook, Author of BugHunter - MalWare Removal Tool - v2.2d
Email.: (e-mail address removed)
Web...: http://bughunter.it-mate.co.uk
Pad...: http://bughunter.it-mate.co.uk/pad.xml
PGP...: http://bughunter.it-mate.co.uk/bughunter.dustin.txt

 

[VanguardLH]

in message

I use BitDefender (it will not run in Safe Mode). During my last
scan,
it found the following which it cannot delete or quarantine because
they are embedded:

1. Adware.Dogpile.l

C:\WINDOWS\Downloaded Program
Files\CONFLICT.1\Toolbar_cobrand.EXE=]wise0080

I cannot find CONFLICT.1

2. Adware.Dogpile.l

C:\WINDOWS\Downloaded Program
Files\CONFLICT.1\Toolbar_cobrand.EXE=](Embedded EXE r)=]wise0080

3. Backdoor.Dssdoor.C

D:\System Volume
Information\_restore(AB4B39B1-ECCC-40C6-B62403F7E55B5A)\RP850\Ao467860.exe=]RAR
Sfx o)=]RunSequence.exe

4. Backdoor.Dssdoor.C

D:\System Volume
Information\_restore(AB4B39B1-ECCC-40C6-B62403F7E55B5A)\RP850\Ao467860.exe=]RAR
Sfx o)=]_aps activator.exe

Can someone tell me how to get rid of them? Thanks............

So what does "embedded" mean to you so that we know what you mean? I
don't use BitDefender. The free version is only a on-demand scanner.
If "embedded" means a packed file then the scanner should still be
able to point to the file containing the program. If "embedded" means
rootkit, those can be nasty to remove so you might want to consider
backing up all your data files and plan for a partition reformat and
fresh OS install. You might want to try other anti-malware programs
specifically aimed at detecting rootkits. SysInternals has their
Rootkit Revealer but you need to know how it works and it doesn't do
any cleanup but just lets you know of a possible rootkit (some drivers
act like them; e.g., Daemon-Tools). Grisoft has their AVG AntiRootkit
scanner plus you might want to use their AVG AntiSpyware (which used
to be called ewido). a-squared has low coverage (compared to ewido)
but you could use it as another on-demand scanner (it is v-e-r-y slow
to scan). You never mention WHAT you use as your primary anti-virus
program that include on-access scanning. Other products to try are
Spybot S&D, Lavasoft Ad-Aware, and HijackThis. Some folks have used
PC Tools "Spyware Doctor" (I only remember trialing it in a VM under
VMWare Server and decided to discard it but don't remember why).
Unless you buy it, the OnGuard protection is only trialware. F-Secure
has their Blacklight rootkit scanner but I haven't used it in over a
year, maybe two years.

Some files, whether goodware or malware, do not exist until the parent
program is executed. That is, the program generates a new file and
that is the one it runs or uses as an ancilliary/helper program. So
it is possible you won't find those files unless the parent program is
running.

The output you show from BitDefender is not very explanatory. Are the
"files" that it (you) mentions the actual files or are they shortcuts
or favorites stored somewhere else that reference these file names?
Are they remnant registry entries (so the file may not even exist
anymore although pointers to them still exist in the registry)? That
a path and filename are outputted doesn't say if a file is being
identified, a shortcut to that file, a registry pointer to that file,
a favorite, or what.

If the path appears that it does exist and that is what BitDefender is
pointing to (a path and file), did you check if you enabled Explorer
to see hidden folders/files? Did you open a DOS shell and use the
'cd' command to navigate there?

The pests in the restore points are easily eliminated by turning off
System Restore which clears out all old restore point files, then turn
it back on.

They have their own forum at http://forum.bitdefender.com/ where you
can ask other users familiar with the same program about the alerts
you are getting.

 

[Fruit2O]

in message

I use BitDefender (it will not run in Safe Mode). During my last
scan,
it found the following which it cannot delete or quarantine because
they are embedded:

1. Adware.Dogpile.l

C:\WINDOWS\Downloaded Program
Files\CONFLICT.1\Toolbar_cobrand.EXE=]wise0080

I cannot find CONFLICT.1

2. Adware.Dogpile.l

C:\WINDOWS\Downloaded Program
Files\CONFLICT.1\Toolbar_cobrand.EXE=](Embedded EXE r)=]wise0080

3. Backdoor.Dssdoor.C

D:\System Volume
Information\_restore(AB4B39B1-ECCC-40C6-B62403F7E55B5A)\RP850\Ao467860.exe=]RAR
Sfx o)=]RunSequence.exe

4. Backdoor.Dssdoor.C

D:\System Volume
Information\_restore(AB4B39B1-ECCC-40C6-B62403F7E55B5A)\RP850\Ao467860.exe=]RAR
Sfx o)=]_aps activator.exe

Can someone tell me how to get rid of them? Thanks............

So what does "embedded" mean to you so that we know what you mean? I
don't use BitDefender. The free version is only a on-demand scanner.
If "embedded" means a packed file then the scanner should still be
able to point to the file containing the program. If "embedded" means
rootkit, those can be nasty to remove so you might want to consider
backing up all your data files and plan for a partition reformat and
fresh OS install. You might want to try other anti-malware programs
specifically aimed at detecting rootkits. SysInternals has their
Rootkit Revealer but you need to know how it works and it doesn't do
any cleanup but just lets you know of a possible rootkit (some drivers
act like them; e.g., Daemon-Tools). Grisoft has their AVG AntiRootkit
scanner plus you might want to use their AVG AntiSpyware (which used
to be called ewido). a-squared has low coverage (compared to ewido)
but you could use it as another on-demand scanner (it is v-e-r-y slow
to scan). You never mention WHAT you use as your primary anti-virus
program that include on-access scanning. Other products to try are
Spybot S&D, Lavasoft Ad-Aware, and HijackThis. Some folks have used
PC Tools "Spyware Doctor" (I only remember trialing it in a VM under
VMWare Server and decided to discard it but don't remember why).
Unless you buy it, the OnGuard protection is only trialware. F-Secure
has their Blacklight rootkit scanner but I haven't used it in over a
year, maybe two years.

Some files, whether goodware or malware, do not exist until the parent
program is executed. That is, the program generates a new file and
that is the one it runs or uses as an ancilliary/helper program. So
it is possible you won't find those files unless the parent program is
running.

The output you show from BitDefender is not very explanatory. Are the
"files" that it (you) mentions the actual files or are they shortcuts
or favorites stored somewhere else that reference these file names?
Are they remnant registry entries (so the file may not even exist
anymore although pointers to them still exist in the registry)? That
a path and filename are outputted doesn't say if a file is being
identified, a shortcut to that file, a registry pointer to that file,
a favorite, or what.

If the path appears that it does exist and that is what BitDefender is
pointing to (a path and file), did you check if you enabled Explorer
to see hidden folders/files? Did you open a DOS shell and use the
'cd' command to navigate there?

The pests in the restore points are easily eliminated by turning off
System Restore which clears out all old restore point files, then turn
it back on.

They have their own forum at http://forum.bitdefender.com/ where you
can ask other users familiar with the same program about the alerts
you are getting.

You went to the trouble of replying in detail - so I will reply also.

What I sent in my original post is all I have. I use BitDefender as my
AV. It found the problems when I ran an independent deep scan. I have
and use the other programs you refer to except Hijack This. I know I
can eliminate the problems in Restore - but when I turn on Restore
again, they will probably just show up again. By embedded, I believe
the problems are in 'packed' files. However, I can't find some of them
even though I have 'Show Hidden Files' turned on. I haven't tried to
find these files in a DOS shell yet.

 

[Fruit2O]

in message

I use BitDefender (it will not run in Safe Mode). During my last
scan,
it found the following which it cannot delete or quarantine because
they are embedded:

1. Adware.Dogpile.l

C:\WINDOWS\Downloaded Program
Files\CONFLICT.1\Toolbar_cobrand.EXE=]wise0080

I cannot find CONFLICT.1

2. Adware.Dogpile.l

C:\WINDOWS\Downloaded Program
Files\CONFLICT.1\Toolbar_cobrand.EXE=](Embedded EXE r)=]wise0080

3. Backdoor.Dssdoor.C

D:\System Volume
Information\_restore(AB4B39B1-ECCC-40C6-B62403F7E55B5A)\RP850\Ao467860.exe=]RAR
Sfx o)=]RunSequence.exe

4. Backdoor.Dssdoor.C

D:\System Volume
Information\_restore(AB4B39B1-ECCC-40C6-B62403F7E55B5A)\RP850\Ao467860.exe=]RAR
Sfx o)=]_aps activator.exe

Can someone tell me how to get rid of them? Thanks............

So what does "embedded" mean to you so that we know what you mean? I
don't use BitDefender. The free version is only a on-demand scanner.
If "embedded" means a packed file then the scanner should still be
able to point to the file containing the program. If "embedded" means
rootkit, those can be nasty to remove so you might want to consider
backing up all your data files and plan for a partition reformat and
fresh OS install. You might want to try other anti-malware programs
specifically aimed at detecting rootkits. SysInternals has their
Rootkit Revealer but you need to know how it works and it doesn't do
any cleanup but just lets you know of a possible rootkit (some drivers
act like them; e.g., Daemon-Tools). Grisoft has their AVG AntiRootkit
scanner plus you might want to use their AVG AntiSpyware (which used
to be called ewido). a-squared has low coverage (compared to ewido)
but you could use it as another on-demand scanner (it is v-e-r-y slow
to scan). You never mention WHAT you use as your primary anti-virus
program that include on-access scanning. Other products to try are
Spybot S&D, Lavasoft Ad-Aware, and HijackThis. Some folks have used
PC Tools "Spyware Doctor" (I only remember trialing it in a VM under
VMWare Server and decided to discard it but don't remember why).
Unless you buy it, the OnGuard protection is only trialware. F-Secure
has their Blacklight rootkit scanner but I haven't used it in over a
year, maybe two years.

Some files, whether goodware or malware, do not exist until the parent
program is executed. That is, the program generates a new file and
that is the one it runs or uses as an ancilliary/helper program. So
it is possible you won't find those files unless the parent program is
running.

The output you show from BitDefender is not very explanatory. Are the
"files" that it (you) mentions the actual files or are they shortcuts
or favorites stored somewhere else that reference these file names?
Are they remnant registry entries (so the file may not even exist
anymore although pointers to them still exist in the registry)? That
a path and filename are outputted doesn't say if a file is being
identified, a shortcut to that file, a registry pointer to that file,
a favorite, or what.

If the path appears that it does exist and that is what BitDefender is
pointing to (a path and file), did you check if you enabled Explorer
to see hidden folders/files? Did you open a DOS shell and use the
'cd' command to navigate there?

The pests in the restore points are easily eliminated by turning off
System Restore which clears out all old restore point files, then turn
it back on.

They have their own forum at http://forum.bitdefender.com/ where you
can ask other users familiar with the same program about the alerts
you are getting.

Please refer to my original post on this subject: Item nos. 1 and 2
show a file called CONFLICT.1. I can't find it in Windows XP Pro even
though I should be able to see all hidden files. However, when I
looked in DOS mode, there they were. Please explain how this can
happen. It will help me a great deal in the future. Thanks.........

 

[Jim]

in message

I use BitDefender (it will not run in Safe Mode). During my last
scan,
it found the following which it cannot delete or quarantine because
they are embedded:

1. Adware.Dogpile.l

C:\WINDOWS\Downloaded Program
Files\CONFLICT.1\Toolbar_cobrand.EXE=]wise0080

I cannot find CONFLICT.1

2. Adware.Dogpile.l

C:\WINDOWS\Downloaded Program
Files\CONFLICT.1\Toolbar_cobrand.EXE=](Embedded EXE r)=]wise0080

3. Backdoor.Dssdoor.C

D:\System Volume
Information\_restore(AB4B39B1-ECCC-40C6-B62403F7E55B5A)\RP850\Ao467860.exe=]RAR
Sfx o)=]RunSequence.exe

4. Backdoor.Dssdoor.C

D:\System Volume
Information\_restore(AB4B39B1-ECCC-40C6-B62403F7E55B5A)\RP850\Ao467860.exe=]RAR
Sfx o)=]_aps activator.exe

Can someone tell me how to get rid of them? Thanks............

So what does "embedded" mean to you so that we know what you mean? I
don't use BitDefender. The free version is only a on-demand scanner.
If "embedded" means a packed file then the scanner should still be
able to point to the file containing the program. If "embedded" means
rootkit, those can be nasty to remove so you might want to consider
backing up all your data files and plan for a partition reformat and
fresh OS install. You might want to try other anti-malware programs
specifically aimed at detecting rootkits. SysInternals has their
Rootkit Revealer but you need to know how it works and it doesn't do
any cleanup but just lets you know of a possible rootkit (some drivers
act like them; e.g., Daemon-Tools). Grisoft has their AVG AntiRootkit
scanner plus you might want to use their AVG AntiSpyware (which used
to be called ewido). a-squared has low coverage (compared to ewido)
but you could use it as another on-demand scanner (it is v-e-r-y slow
to scan). You never mention WHAT you use as your primary anti-virus
program that include on-access scanning. Other products to try are
Spybot S&D, Lavasoft Ad-Aware, and HijackThis. Some folks have used
PC Tools "Spyware Doctor" (I only remember trialing it in a VM under
VMWare Server and decided to discard it but don't remember why).
Unless you buy it, the OnGuard protection is only trialware. F-Secure
has their Blacklight rootkit scanner but I haven't used it in over a
year, maybe two years.

Some files, whether goodware or malware, do not exist until the parent
program is executed. That is, the program generates a new file and
that is the one it runs or uses as an ancilliary/helper program. So
it is possible you won't find those files unless the parent program is
running.

The output you show from BitDefender is not very explanatory. Are the
"files" that it (you) mentions the actual files or are they shortcuts
or favorites stored somewhere else that reference these file names?
Are they remnant registry entries (so the file may not even exist
anymore although pointers to them still exist in the registry)? That
a path and filename are outputted doesn't say if a file is being
identified, a shortcut to that file, a registry pointer to that file,
a favorite, or what.

If the path appears that it does exist and that is what BitDefender is
pointing to (a path and file), did you check if you enabled Explorer
to see hidden folders/files? Did you open a DOS shell and use the
'cd' command to navigate there?

The pests in the restore points are easily eliminated by turning off
System Restore which clears out all old restore point files, then turn
it back on.

They have their own forum at http://forum.bitdefender.com/ where you
can ask other users familiar with the same program about the alerts
you are getting.

Please refer to my original post on this subject: Item nos. 1 and 2
show a file called CONFLICT.1. I can't find it in Windows XP Pro even
though I should be able to see all hidden files. However, when I
looked in DOS mode, there they were. Please explain how this can
happen. It will help me a great deal in the future. Thanks.........

Isn't CONFLICT.1 a folder? Your original post certainly shows it as one.
Jim

 

[Maximus the Mad]

I use BitDefender (it will not run in Safe Mode). During my last
scan, it found the following which it cannot delete or quarantine
because they are embedded:

1. Adware.Dogpile.l

C:\WINDOWS\Downloaded Program
Files\CONFLICT.1\Toolbar_cobrand.EXE=]wise0080

I cannot find CONFLICT.1

2. Adware.Dogpile.l

C:\WINDOWS\Downloaded Program
Files\CONFLICT.1\Toolbar_cobrand.EXE=](Embedded EXE r)=]wise0080

3. Backdoor.Dssdoor.C

D:\System Volume
Information\_restore(AB4B39B1-ECCC-40C6-B62403F7E55B5A)\RP850\Ao467
860.exe=]RAR Sfx o)=]RunSequence.exe

4. Backdoor.Dssdoor.C

D:\System Volume
Information\_restore(AB4B39B1-ECCC-40C6-B62403F7E55B5A)\RP850\Ao467
860.exe=]RAR Sfx o)=]_aps activator.exe

Can someone tell me how to get rid of them? Thanks............

The quickest and best way would be a format/clean install.
Make copies of your favorites(bookmarks)folder,address book,any
documents and/or pictures. Put them on removeable media.
Get yourself a AntiVirus that has real-time scanning. AntiVir has a
free version(good detection rate).
DogPile is not a virus/trojan. It is a toolbar add-on.
http://vil.nai.com//vil/content/v_135388.htm#tab4
backdoor.dssdoor.c is a trojan.
http://www.sophos.com/security/analyses/trojdssdoorc.html
I think BugHunter will remove it.
See my pages below for more tools and tips.
max

 

[VanguardLH]

in message

I use BitDefender (it will not run in Safe Mode). During my last
scan,
it found the following which it cannot delete or quarantine
because
they are embedded:

1. Adware.Dogpile.l

C:\WINDOWS\Downloaded Program
Files\CONFLICT.1\Toolbar_cobrand.EXE=]wise0080

I cannot find CONFLICT.1

2. Adware.Dogpile.l

C:\WINDOWS\Downloaded Program
Files\CONFLICT.1\Toolbar_cobrand.EXE=](Embedded EXE r)=]wise0080

3. Backdoor.Dssdoor.C

D:\System Volume
Information\_restore(AB4B39B1-ECCC-40C6-B62403F7E55B5A)\RP850\Ao467860.exe=]RAR
Sfx o)=]RunSequence.exe

4. Backdoor.Dssdoor.C

D:\System Volume
Information\_restore(AB4B39B1-ECCC-40C6-B62403F7E55B5A)\RP850\Ao467860.exe=]RAR
Sfx o)=]_aps activator.exe

Can someone tell me how to get rid of them? Thanks............

So what does "embedded" mean to you so that we know what you mean?
I
don't use BitDefender. The free version is only a on-demand
scanner.
If "embedded" means a packed file then the scanner should still be
able to point to the file containing the program. If "embedded"
means
rootkit, those can be nasty to remove so you might want to consider
backing up all your data files and plan for a partition reformat and
fresh OS install. You might want to try other anti-malware programs
specifically aimed at detecting rootkits. SysInternals has their
Rootkit Revealer but you need to know how it works and it doesn't do
any cleanup but just lets you know of a possible rootkit (some
drivers
act like them; e.g., Daemon-Tools). Grisoft has their AVG
AntiRootkit
scanner plus you might want to use their AVG AntiSpyware (which used
to be called ewido). a-squared has low coverage (compared to ewido)
but you could use it as another on-demand scanner (it is v-e-r-y
slow
to scan). You never mention WHAT you use as your primary anti-virus
program that include on-access scanning. Other products to try are
Spybot S&D, Lavasoft Ad-Aware, and HijackThis. Some folks have used
PC Tools "Spyware Doctor" (I only remember trialing it in a VM under
VMWare Server and decided to discard it but don't remember why).
Unless you buy it, the OnGuard protection is only trialware.
F-Secure
has their Blacklight rootkit scanner but I haven't used it in over a
year, maybe two years.

Some files, whether goodware or malware, do not exist until the
parent
program is executed. That is, the program generates a new file and
that is the one it runs or uses as an ancilliary/helper program. So
it is possible you won't find those files unless the parent program
is
running.

The output you show from BitDefender is not very explanatory. Are
the
"files" that it (you) mentions the actual files or are they
shortcuts
or favorites stored somewhere else that reference these file names?
Are they remnant registry entries (so the file may not even exist
anymore although pointers to them still exist in the registry)?
That
a path and filename are outputted doesn't say if a file is being
identified, a shortcut to that file, a registry pointer to that
file,
a favorite, or what.

If the path appears that it does exist and that is what BitDefender
is
pointing to (a path and file), did you check if you enabled Explorer
to see hidden folders/files? Did you open a DOS shell and use the
'cd' command to navigate there?

The pests in the restore points are easily eliminated by turning off
System Restore which clears out all old restore point files, then
turn
it back on.

They have their own forum at http://forum.bitdefender.com/ where you
can ask other users familiar with the same program about the alerts
you are getting.

Please refer to my original post on this subject: Item nos. 1 and 2
show a file called CONFLICT.1. I can't find it in Windows XP Pro
even
though I should be able to see all hidden files. However, when I
looked in DOS mode, there they were. Please explain how this can
happen. It will help me a great deal in the future.
Thanks.........

When you say you could not "find" the folder, and assuming Explorer is
configured to show both hidden AND *system* files, did you manually
dig through Explorer to navigate through the folders or did you use
the Search function in Windows XP?

The search function in Windows XP is really ****ed up. Under Windows
NT and 2000, the search simply did a pattern match against the
criteria to find the filenames. Under Windows XP, search will only
show files for which it has a viewer; that is, if their search can
look inside the file then it will find it. You can be in a DOS shell
and a 'dir' will show the file but a search, even when specifying that
folder only, won't list it. This sucks and has been a stupid mistake
by Microsoft. The file search included in Windows XP is unreliable
which means it is worthless. Instead I use a product called Agent
Ransack (yeah, not a good product name) which is the free version of
FileLocator Pro. Besides going back to a real file search tool, it
will let you specify regular expressions to more accurately identify
what you are searching for, or you can revert to using just the inane
wildcarding that Microsoft supports. Just because the Search included
in Windows XP doesn't find a file doesn't mean that it doesn't exist.
It just means the stupidly malcoded search tool can't read that file's
content so it decides not to show it to you. Yeah, stupid.

http://www.mythicsoft.com/agentransack/

 

[Fruit2O]

in message

...
I use BitDefender (it will not run in Safe Mode). During my last
scan,
it found the following which it cannot delete or quarantine
because
they are embedded:

1. Adware.Dogpile.l

C:\WINDOWS\Downloaded Program
Files\CONFLICT.1\Toolbar_cobrand.EXE=]wise0080

I cannot find CONFLICT.1

2. Adware.Dogpile.l

C:\WINDOWS\Downloaded Program
Files\CONFLICT.1\Toolbar_cobrand.EXE=](Embedded EXE r)=]wise0080

3. Backdoor.Dssdoor.C

D:\System Volume
Information\_restore(AB4B39B1-ECCC-40C6-B62403F7E55B5A)\RP850\Ao467860.exe=]RAR
Sfx o)=]RunSequence.exe

4. Backdoor.Dssdoor.C

D:\System Volume
Information\_restore(AB4B39B1-ECCC-40C6-B62403F7E55B5A)\RP850\Ao467860.exe=]RAR
Sfx o)=]_aps activator.exe

Can someone tell me how to get rid of them? Thanks............

So what does "embedded" mean to you so that we know what you mean?
I
don't use BitDefender. The free version is only a on-demand
scanner.
If "embedded" means a packed file then the scanner should still be
able to point to the file containing the program. If "embedded"
means
rootkit, those can be nasty to remove so you might want to consider
backing up all your data files and plan for a partition reformat and
fresh OS install. You might want to try other anti-malware programs
specifically aimed at detecting rootkits. SysInternals has their
Rootkit Revealer but you need to know how it works and it doesn't do
any cleanup but just lets you know of a possible rootkit (some
drivers
act like them; e.g., Daemon-Tools). Grisoft has their AVG
AntiRootkit
scanner plus you might want to use their AVG AntiSpyware (which used
to be called ewido). a-squared has low coverage (compared to ewido)
but you could use it as another on-demand scanner (it is v-e-r-y
slow
to scan). You never mention WHAT you use as your primary anti-virus
program that include on-access scanning. Other products to try are
Spybot S&D, Lavasoft Ad-Aware, and HijackThis. Some folks have used
PC Tools "Spyware Doctor" (I only remember trialing it in a VM under
VMWare Server and decided to discard it but don't remember why).
Unless you buy it, the OnGuard protection is only trialware.
F-Secure
has their Blacklight rootkit scanner but I haven't used it in over a
year, maybe two years.

Some files, whether goodware or malware, do not exist until the
parent
program is executed. That is, the program generates a new file and
that is the one it runs or uses as an ancilliary/helper program. So
it is possible you won't find those files unless the parent program
is
running.

The output you show from BitDefender is not very explanatory. Are
the
"files" that it (you) mentions the actual files or are they
shortcuts
or favorites stored somewhere else that reference these file names?
Are they remnant registry entries (so the file may not even exist
anymore although pointers to them still exist in the registry)?
That
a path and filename are outputted doesn't say if a file is being
identified, a shortcut to that file, a registry pointer to that
file,
a favorite, or what.

If the path appears that it does exist and that is what BitDefender
is
pointing to (a path and file), did you check if you enabled Explorer
to see hidden folders/files? Did you open a DOS shell and use the
'cd' command to navigate there?

The pests in the restore points are easily eliminated by turning off
System Restore which clears out all old restore point files, then
turn
it back on.

They have their own forum at http://forum.bitdefender.com/ where you
can ask other users familiar with the same program about the alerts
you are getting.

Please refer to my original post on this subject: Item nos. 1 and 2
show a file called CONFLICT.1. I can't find it in Windows XP Pro
even
though I should be able to see all hidden files. However, when I
looked in DOS mode, there they were. Please explain how this can
happen. It will help me a great deal in the future.
Thanks.........

When you say you could not "find" the folder, and assuming Explorer is
configured to show both hidden AND *system* files, did you manually
dig through Explorer to navigate through the folders or did you use
the Search function in Windows XP?

The search function in Windows XP is really ****ed up. Under Windows
NT and 2000, the search simply did a pattern match against the
criteria to find the filenames. Under Windows XP, search will only
show files for which it has a viewer; that is, if their search can
look inside the file then it will find it. You can be in a DOS shell
and a 'dir' will show the file but a search, even when specifying that
folder only, won't list it. This sucks and has been a stupid mistake
by Microsoft. The file search included in Windows XP is unreliable
which means it is worthless. Instead I use a product called Agent
Ransack (yeah, not a good product name) which is the free version of
FileLocator Pro. Besides going back to a real file search tool, it
will let you specify regular expressions to more accurately identify
what you are searching for, or you can revert to using just the inane
wildcarding that Microsoft supports. Just because the Search included
in Windows XP doesn't find a file doesn't mean that it doesn't exist.
It just means the stupidly malcoded search tool can't read that file's
content so it decides not to show it to you. Yeah, stupid.

http://www.mythicsoft.com/agentransack/

Thanks for the good advice. BTW, I drilled down manually for the file
(folder) - but still couldn't find it in Windows. I'm going to get
Agent Ransack. Thanks again........

 

[Fruit2O]

I use BitDefender (it will not run in Safe Mode). During my last
scan, it found the following which it cannot delete or quarantine
because they are embedded:

1. Adware.Dogpile.l

C:\WINDOWS\Downloaded Program
Files\CONFLICT.1\Toolbar_cobrand.EXE=]wise0080

I cannot find CONFLICT.1

2. Adware.Dogpile.l

C:\WINDOWS\Downloaded Program
Files\CONFLICT.1\Toolbar_cobrand.EXE=](Embedded EXE r)=]wise0080

3. Backdoor.Dssdoor.C

D:\System Volume
Information\_restore(AB4B39B1-ECCC-40C6-B62403F7E55B5A)\RP850\Ao467
860.exe=]RAR Sfx o)=]RunSequence.exe

4. Backdoor.Dssdoor.C

D:\System Volume
Information\_restore(AB4B39B1-ECCC-40C6-B62403F7E55B5A)\RP850\Ao467
860.exe=]RAR Sfx o)=]_aps activator.exe

Can someone tell me how to get rid of them? Thanks............

The quickest and best way would be a format/clean install.
Make copies of your favorites(bookmarks)folder,address book,any
documents and/or pictures. Put them on removeable media.
Get yourself a AntiVirus that has real-time scanning. AntiVir has a
free version(good detection rate).
DogPile is not a virus/trojan. It is a toolbar add-on.
http://vil.nai.com//vil/content/v_135388.htm#tab4
backdoor.dssdoor.c is a trojan.
http://www.sophos.com/security/analyses/trojdssdoorc.html
I think BugHunter will remove it.
See my pages below for more tools and tips.
max

Thank you for the good advice!!