Symantec provided by Yahoo

[a_monk]

A friend used the "Symantec provided by Yahoo" scanned her laptop
which reported that her computer is infected with at least one known
virus or Trojan horse.

These two virus/trojans were:
D:\RECYCLER\S-1-521...\Dd209\NetCat\nc.exe is infected with NetCat.
C:\WINDOWS\Downloaded Program Files\pinstall.dll is infected with
Adware.Look2Me.

We looked at the D:\ drive and could not find the "RECYCLER" folder.
(We have enabled to show hidden files and folders.) Is this a false
positive?

We also checked the C:\WINDOWS to find the pinstall.dll infected by
Adware.Look2Me, but to no avail. Again, it is a false positive too.

Any comments/suggestions are appreciated.

Thanks,

A Monk

 

[David H. Lipman]

From: "a_monk" <[email protected]>

| A friend used the "Symantec provided by Yahoo" scanned her laptop
| which reported that her computer is infected with at least one known
| virus or Trojan horse.
|
| These two virus/trojans were:
| D:\RECYCLER\S-1-521...\Dd209\NetCat\nc.exe is infected with NetCat.
| C:\WINDOWS\Downloaded Program Files\pinstall.dll is infected with
| Adware.Look2Me.
|
| We looked at the D:\ drive and could not find the "RECYCLER" folder.
| (We have enabled to show hidden files and folders.) Is this a false
| positive?
|
| We also checked the C:\WINDOWS to find the pinstall.dll infected by
| Adware.Look2Me, but to no avail. Again, it is a false positive too.
|
| Any comments/suggestions are appreciated.
|
| Thanks,
|
| A Monk

D:\RECYCLER\. represents the Recycle Bin and is a Hidden & System folder.
If a file was found in this folder, the infected was deleted but not yet purged.

Look2Me is NOT easy to remove. Here are sevweral approaches.

Ad-aware SE v1.06
http://www.lavasoftusa.com/
http://download.lavasoft.com/utils/Look2Me_Remover.exe

F-Secure Look2Me Removal Tool:
http://www.f-secure.com/tools/f-look2me.zip

VX2/Look2Me Fix:
http://www.downloads.subratam.org/VX2Finder.exe

Merijin's Kill2me 1.11
http://www.softpedia.com/progDownload/Killme-Download-10653.html

Look2Me Remover 1.1.0
http://www.simplytech.it/L2MRemover/L2MRemover.zip

 

[a_monk]

From: "a_monk" <[email protected]>

| A friend used the "Symantec provided by Yahoo" scanned her laptop
| which reported that her computer is infected with at least one known
| virus or Trojan horse.
|
| These two virus/trojans were:
| D:\RECYCLER\S-1-521...\Dd209\NetCat\nc.exe is infected with NetCat.
| C:\WINDOWS\Downloaded Program Files\pinstall.dll is infected with
| Adware.Look2Me.
|
| We looked at the D:\ drive and could not find the "RECYCLER" folder.
| (We have enabled to show hidden files and folders.) Is this a false
| positive?
|
| We also checked the C:\WINDOWS to find the pinstall.dll infected by
| Adware.Look2Me, but to no avail. Again, it is a false positive too.
|
| Any comments/suggestions are appreciated.
|
| Thanks,
|
| A Monk

D:\RECYCLER\. represents the Recycle Bin and is a Hidden & System folder.
If a file was found in this folder, the infected was deleted but not yet purged.

Look2Me is NOT easy to remove. Here are sevweral approaches.

Ad-aware SE v1.06http://www.lavasoftusa.com/http://download.lavasoft.com/utils/Look2Me_Remover.exe

F-Secure Look2Me Removal Tool:http://www.f-secure.com/tools/f-look2me.zip

VX2/Look2Me Fix:http://www.downloads.subratam.org/VX2Finder.exe

Merijin's Kill2me 1.11http://www.softpedia.com/progDownload/Killme-Download-10653.html

Look2Me Remover 1.1.0http://www.simplytech.it/L2MRemover/L2MRemover.zip

Many thanks, Dave!

 

[a_monk]

From: "a_monk" <[email protected]>

| A friend used the "Symantec provided by Yahoo" scanned her laptop
| which reported that her computer is infected with at least one known
| virus or Trojan horse.
|
| These two virus/trojans were:
| D:\RECYCLER\S-1-521...\Dd209\NetCat\nc.exe is infected with NetCat.
| C:\WINDOWS\Downloaded Program Files\pinstall.dll is infected with
| Adware.Look2Me.
|
| We looked at the D:\ drive and could not find the "RECYCLER" folder.
| (We have enabled to show hidden files and folders.) Is this a false
| positive?
|
| We also checked the C:\WINDOWS to find the pinstall.dll infected by
| Adware.Look2Me, but to no avail. Again, it is a false positive too.
|
| Any comments/suggestions are appreciated.
|
| Thanks,
|
| A Monk

D:\RECYCLER\. represents the Recycle Bin and is a Hidden & System folder.
If a file was found in this folder, the infected was deleted but not yet purged.

Look2Me is NOT easy to remove. Here are sevweral approaches.

Ad-aware SE v1.06http://www.lavasoftusa.com/http://download.lavasoft.com/utils/Look2Me_Remover.exe

F-Secure Look2Me Removal Tool:http://www.f-secure.com/tools/f-look2me.zip

VX2/Look2Me Fix:http://www.downloads.subratam.org/VX2Finder.exe

Merijin's Kill2me 1.11http://www.softpedia.com/progDownload/Killme-Download-10653.html

Look2Me Remover 1.1.0http://www.simplytech.it/L2MRemover/L2MRemover.zip

Hi Dave;

The property of the "pinstall.dll" shows the file was used by
"Picasa", a Google Photo Organizer. Any idea that Look2Me is tied to
it?

Many thanks again!

A Monk

 

[David H. Lipman]

From: "a_monk" <[email protected]>


|
| Hi Dave;
|
| The property of the "pinstall.dll" shows the file was used by
| "Picasa", a Google Photo Organizer. Any idea that Look2Me is tied to
| it?
|
| Many thanks again!
|
| A Monk

No but it *may* be a False Positive.

Let's find out...

Please submit a sample of "pinstall.dll" to Virus Total --
http://www.virustotal.com/flash/index_en.html
The submission will then be tested against many different AV vendor's scanners.
That will give you an idea what it is and who recognizes it. In addition, unless told
otherwise, Virus Total will provide the sample to all participating vendors.

You can also submit a suspect, one at a time, via the following email URL...
mailto:[email protected]?subject=SCAN

When you get the report, please post back the exact results.