|
Posted by Sue Chaisone on March 13, 2007, 11:34 pm
If you were Registered and logged in, you could reply and use other advanced thread options
> Sue Chaisone wrote:
>> A few days ago, I noticed that my computer was slowing down.
>>
>> As I have a very decent Virus Scanner (Avast) and a good Spyware
>> detector, I didn't suspect any virus intrusion in my computer system.
>>
>> But when I did a "Windows Task Manager" run, a file showed-up in the
>> running processes which was not a program that I had installed.
>>
>> The file was always "drf1173407703.html", but the digits changed every
>> time the file was loaded into memory.. Strange was the fact that
>> although it was a HTML file. it appeared in the "Running Processes".
>>
>> I tried to do a full search of this file, but Windows could only find
>> the "drf??????????.html" in my Internet Cache.
>>
>> I did a clear of the Cache and Internet files, but the file kept
>> reappearing.
>>
>> This time I did a more detailled search and found that the file was a
>> HTML file but renamed to an EXE file when downloaded. The originator
>> of the file was:
>>
>> http://216.95.196.22/passthru/th204.exe//drf1173407703.html
>>
>> CAREFUL: THIS WEBSITE MAY CONTAIN A VIRUS
>>
>> I have tried everything I could think off, but the file keep
>> appearing in my system.
>>
>> AVAST, my virusscanner and my spyware detector have not reacted to
>> this file.
>>
>> Does anybody know if this is a virus/trojan and most important how to
>> remove it?
>>
>> TIA
>
> Hi Sue, you are correct it is a trojan, this one.
> http://www.google.com/search?hl=en&q=win32%2Fdialer.ri+trojan&btnG=Google+Se
> arch
>
> you can sumit the file here for a scan
> http://www.kaspersky.com/scanforvirus.html
>
> or scan your entire system here
> http://www.kaspersky.com/virusscanner
>
> Avast really isn't that good of a scanner, spend a few $ and have peace of
> mind get of of these.
> http://www.kaspersky.com/trials?chapter=186685140
> http://www.nod32usa.com/nod32-antivirus-trial/
I have Kaspersky Virus Lab on my second partition, and the virus is neither
detected by Kaspersky.
It seems that the virs has some routine to included to turn off the virus
scanners.
In Avast, I have noticed that the HTML files are in the exceptions (no to be
scanned) and there is NO WAY to turn this off.
I also noticed that somefiles which have approximative the same size as the
Virus are suddenly loaded into my computer system.
One of these files is VERCLSID.EXE-3667BD80.pf in the Windows\Prefetch
folder.
Deleting this file, brings them back immediatly.
I have the feeling that the only way to get rid of this Trojan is by
performing a scan of my system from OUTSIDE my system in order to prevent
the Trojan to diasble the virus checker or to have a trojan remover which
cannotbe fooled.
Regards,
> --
> Mike Pawlak
>
>
| 
XML site map