Need help removing malware

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
I use BitDefender (it will not run in Safe Mode).  During my last scan,
it found the following which it cannot delete or quarantine because
they are embedded:

1.  Adware.Dogpile.l

C:\WINDOWS\Downloaded Program
Files\CONFLICT.1\Toolbar_cobrand.EXE=]wise0080

I cannot find CONFLICT.1

2.  Adware.Dogpile.l

C:\WINDOWS\Downloaded Program
Files\CONFLICT.1\Toolbar_cobrand.EXE=](Embedded EXE r)=]wise0080

3.  Backdoor.Dssdoor.C

D:\System Volume
Information\_restore(AB4B39B1-ECCC-40C6-B62403F7E55B5A)\RP850\Ao467860.exe=]RAR
Sfx o)=]RunSequence.exe

4.  Backdoor.Dssdoor.C

D:\System Volume
Information\_restore(AB4B39B1-ECCC-40C6-B62403F7E55B5A)\RP850\Ao467860.exe=]RAR
Sfx o)=]_aps activator.exe

Can someone tell me how to get rid of them?  Thanks............

Re: Need help removing malware


Quoted text here. Click to load it

Looks like a folder... Have you checked to make sure it's not hidden?
 
Quoted text here. Click to load it

Looks like the malicious programs are inside the exe itself, and it's
sitting in that folder...
 
Quoted text here. Click to load it

These last two are easy, turn off system restore, and turn it back on
again. It'll purge them. Keep in mind, all of your previous restore
points go bye bye too.
 



--
Dustin Cook,  Author of BugHunter - MalWare Removal Tool - v2.2d
Email.: bughunter.dustin@gmail.com
Web...: http://bughunter.it-mate.co.uk
Pad...: http://bughunter.it-mate.co.uk/pad.xml
PGP...: http://bughunter.it-mate.co.uk/bughunter.dustin.txt

Re: Need help removing malware

On Thu, 01 Nov 2007 01:37:55 GMT, Dustin Cook

Quoted text here. Click to load it

Yes, but the original of each is still on my system - so when I use
restore again, won't they just come back again in system restore?

Re: Need help removing malware


Quoted text here. Click to load it
\Ao467860.
Quoted text here. Click to load it
\Ao467860.
Quoted text here. Click to load it

From what you posted, I don't see that happening...


--
Dustin Cook,  Author of BugHunter - MalWare Removal Tool - v2.2d
Email.: bughunter.dustin@gmail.com
Web...: http://bughunter.it-mate.co.uk
Pad...: http://bughunter.it-mate.co.uk/pad.xml
PGP...: http://bughunter.it-mate.co.uk/bughunter.dustin.txt

Re: Need help removing malware



Quoted text here. Click to load it

There are a number of antispyware programs that will run in SAFE mode, such
as Spyware Terminator (freeware) and Spyware Doctor (there's a free version)
and A2 Antimalware (available as trial ware).  There's also an online based
free scan offered by Trend Micro.

As another poster mentioned, you should delete all System Restore points by
turning SR off.  You may want to leave it turned off until you're confident
that the problem has been taken care of.




 


Re: Need help removing malware

"Fruit2O" wrote in message
Quoted text here. Click to load it


So what does "embedded" mean to you so that we know what you mean?  I
don't use BitDefender.  The free version is only a on-demand scanner.
If "embedded" means a packed file then the scanner should still be
able to point to the file containing the program.  If "embedded" means
rootkit, those can be nasty to remove so you might want to consider
backing up all your data files and plan for a partition reformat and
fresh OS install.  You might want to try other anti-malware programs
specifically aimed at detecting rootkits.  SysInternals has their
Rootkit Revealer but you need to know how it works and it doesn't do
any cleanup but just lets you know of a possible rootkit (some drivers
act like them; e.g., Daemon-Tools).  Grisoft has their AVG AntiRootkit
scanner plus you might want to use their AVG AntiSpyware (which used
to be called ewido).  a-squared has low coverage (compared to ewido)
but you could use it as another on-demand scanner (it is v-e-r-y slow
to scan).  You never mention WHAT you use as your primary anti-virus
program that include on-access scanning.  Other products to try are
Spybot S&D, Lavasoft Ad-Aware, and HijackThis.  Some folks have used
PC Tools "Spyware Doctor" (I only remember trialing it in a VM under
VMWare Server and decided to discard it but don't remember why).
Unless you buy it, the OnGuard protection is only trialware.  F-Secure
has their Blacklight rootkit scanner but I haven't used it in over a
year, maybe two years.

Some files, whether goodware or malware, do not exist until the parent
program is executed.  That is, the program generates a new file and
that is the one it runs or uses as an ancilliary/helper program.  So
it is possible you won't find those files unless the parent program is
running.

The output you show from BitDefender is not very explanatory.  Are the
"files" that it (you) mentions the actual files or are they shortcuts
or favorites stored somewhere else that reference these file names?
Are they remnant registry entries (so the file may not even exist
anymore although pointers to them still exist in the registry)?  That
a path and filename are outputted doesn't say if a file is being
identified, a shortcut to that file, a registry pointer to that file,
a favorite, or what.

If the path appears that it does exist and that is what BitDefender is
pointing to (a path and file), did you check if you enabled Explorer
to see hidden folders/files?  Did you open a DOS shell and use the
'cd' command to navigate there?

The pests in the restore points are easily eliminated by turning off
System Restore which clears out all old restore point files, then turn
it back on.

They have their own forum at http://forum.bitdefender.com/ where you
can ask other users familiar with the same program about the alerts
you are getting.


Re: Need help removing malware

On Thu, 1 Nov 2007 12:42:52 -0500, "VanguardLH"

Quoted text here. Click to load it

You went to the trouble of replying in detail - so I will reply also.

What I sent in my original post is all I have.  I use BitDefender as my
AV.  It found the problems when I ran an independent deep scan.  I have
and use the other programs you refer to except Hijack This.  I know I
can eliminate the problems in Restore - but when I turn on Restore
again, they will probably just show up again.  By embedded, I believe
the problems are in 'packed' files.  However, I can't find some of them
even though I have 'Show Hidden Files' turned on.  I haven't tried to
find these files in a DOS shell yet.

Re: Need help removing malware

On Thu, 1 Nov 2007 12:42:52 -0500, "VanguardLH"

Quoted text here. Click to load it


Please refer to my original post on this subject:  Item nos. 1 and 2
show a file called CONFLICT.1.  I can't find it in Windows XP Pro even
though I should be able to see all hidden files.  However, when I
looked in DOS mode, there they were.  Please explain how this can
happen.  It will help me a great deal in the future.  Thanks.........

Re: Need help removing malware


Quoted text here. Click to load it
Isn't CONFLICT.1 a folder?  Your original post certainly shows it as one.
Jim



Re: Need help removing malware

"Fruit2O" wrote in message
Quoted text here. Click to load it


When you say you could not "find" the folder, and assuming Explorer is
configured to show both hidden AND *system* files, did you manually
dig through Explorer to navigate through the folders or did you use
the Search function in Windows XP?

The search function in Windows XP is really fucked up.  Under Windows
NT and 2000, the search simply did a pattern match against the
criteria to find the filenames.  Under Windows XP, search will only
show files for which it has a viewer; that is, if their search can
look inside the file then it will find it.  You can be in a DOS shell
and a 'dir' will show the file but a search, even when specifying that
folder only, won't list it.  This sucks and has been a stupid mistake
by Microsoft.  The file search included in Windows XP is unreliable
which means it is worthless.  Instead I use a product called Agent
Ransack (yeah, not a good product name) which is the free version of
FileLocator Pro.  Besides going back to a real file search tool, it
will let you specify regular expressions to more accurately identify
what you are searching for, or you can revert to using just the inane
wildcarding that Microsoft supports.  Just because the Search included
in Windows XP doesn't find a file doesn't mean that it doesn't exist.
It just means the stupidly malcoded search tool can't read that file's
content so it decides not to show it to you.  Yeah, stupid.

http://www.mythicsoft.com/agentransack/


Re: Need help removing malware

On Thu, 1 Nov 2007 19:11:11 -0500, "VanguardLH"

Quoted text here. Click to load it

Thanks for the good advice.  BTW, I drilled down manually for the file
(folder) - but still couldn't find it in Windows.  I'm going to get
Agent Ransack.  Thanks again........

Re: Need help removing malware


Quoted text here. Click to load it

The quickest and best way would be a format/clean install.
Make copies of your favorites(bookmarks)folder,address book,any
documents and/or pictures. Put them on removeable media.
Get yourself a AntiVirus that has real-time scanning. AntiVir has a
free version(good detection rate).
DogPile is not a virus/trojan. It is a toolbar add-on.
http://vil.nai.com//vil/content/v_135388.htm#tab4
backdoor.dssdoor.c is a trojan.
http://www.sophos.com/security/analyses/trojdssdoorc.html
I think BugHunter will remove it.
See my pages below for more tools and tips.
max
--
Virus Removal http://max.shplink.com/removal.html
Keep Clean http://max.shplink.com/keepingclean.html
Tools http://max.shplink.com/tools.html
Change nomail.afraid.org to gmail.com to reply by email.

Re: Need help removing malware

On Thu, 01 Nov 2007 20:40:11 GMT, Maximus the Mad

Quoted text here. Click to load it

Thank you for the good advice!!

Site Timeline