Strange virus

Secure Home | Search | About

Lost Password?

Microsoft Antivirus Discussions

get this group's latest topics as an RSS feed

add this group's latest topics to your My MSN content

add this group's latest topics to your My Yahoo content

add this group's latest topics to your Google content

Subject

Author

Date

Strange virus

antioch

10-03-2006

Malke

antioch

Malke

antioch

Malke

Posted by antioch on October 3, 2006, 9:16 pm

If you were Registered and logged in, you could reply and use other advanced thread options

I just did my daily virus scan and the below was picked up.
Before I dealt with this infected file, I looked in Win Explorer but could
not find 'Local Settings'? And could not get into Content IE5.
I got eTrust to do a scan and it found nothing.
So I deleted it and rebooted, ran another scan(not eTrust) and there was
nothing.
Re the part 'Top Posting' in the below, is a common phrase I and others use
in the group.
Have I or someone else brought a virus into the groups?
I have also been onto my ISP's site to look for the definition file name
given in the virus report i.e. avsdk-20062750.msp which is like a reference
number I suppose. I could find nothing there nor in Google(not that I
expected) but thought it best to do some homework.
Rgds
Antioch

a.. C:\Documents and Settings\XXXXXXX\Local Settings\Temporary Internet
Files\Content.IE5\DYKLJQ6S\Top_Posting[1]
File is infected with a virus.

Posted by Malke on October 3, 2006, 9:54 pm

If you were Registered and logged in, you could reply and use other advanced thread options

antioch wrote:

> I just did my daily virus scan and the below was picked up.

> Before I dealt with this infected file, I looked in Win Explorer but

> could

> not find 'Local Settings'? And could not get into Content IE5.

> I got eTrust to do a scan and it found nothing.

> So I deleted it and rebooted, ran another scan(not eTrust) and there

> was nothing.

> Re the part 'Top Posting' in the below, is a common phrase I and

> others use in the group.

> Have I or someone else brought a virus into the groups?

> I have also been onto my ISP's site to look for the definition file

> name given in the virus report i.e. avsdk-20062750.msp which is like a

> reference

> number I suppose. I could find nothing there nor in Google(not that I

> expected) but thought it best to do some homework.

> Rgds

> Antioch

> a.. C:\Documents and Settings\XXXXXXX\Local Settings\Temporary

> Internet

> Files\Content.IE5\DYKLJQ6S\Top_Posting[1]

> File is infected with a virus.

While it is possible for you to get a virus from a newsgroup if you
clicked on a link or an attachment, since almost all newsgroup postings
(except for a very few people who use html by mistake) are plain text
it is very unlikely. Since you use OE, you should set it to read (and
send) plain text.

Since you say you can't see "Local Settings", here are the places to
enable viewing hidden files:

a. Check "Display the contents of system folders".
b. Check "Show hidden files and folders".
c. Uncheck "Hide extensions for known file types".
d. Uncheck "Hide protected operating system files" and click "OK" to the
dialog box.

Since you have already deleted the file, there isn't much we can do. It
would have been better to submit the file to Virus Total:
http://www.virustotal.com/flash/index_en.html

I'm really not sure what you are asking or what we can do to help since
you've deleted the file.

Malke
--
Elephant Boy Computers
www.elephantboycomputers.com
"Don't Panic!"
MS-MVP Windows - Shell/User

Posted by antioch on October 4, 2006, 5:31 pm

If you were Registered and logged in, you could reply and use other advanced thread options

Reply intertwined to your response.
Sorry for the delay - had to follow your suggestions more than once.

> antioch wrote:

>> I just did my daily virus scan and the below was picked up.

>> Before I dealt with this infected file, I looked in Win Explorer but

>> could

>> not find 'Local Settings'? And could not get into Content IE5.

>> I got eTrust to do a scan and it found nothing.

>> So I deleted it and rebooted, ran another scan(not eTrust) and there

>> was nothing.

>> Re the part 'Top Posting' in the below, is a common phrase I and

>> others use in the group.

>> Have I or someone else brought a virus into the groups?

>> I have also been onto my ISP's site to look for the definition file

>> name given in the virus report i.e. avsdk-20062750.msp which is like a

>> reference

>> number I suppose. I could find nothing there nor in Google(not that I

>> expected) but thought it best to do some homework.

>> Rgds

>> Antioch

>> a.. C:\Documents and Settings\XXXXXXX\Local Settings\Temporary

>> Internet

>> Files\Content.IE5\DYKLJQ6S\Top_Posting[1]

>> File is infected with a virus.

> While it is possible for you to get a virus from a newsgroup if you

> clicked on a link or an attachment, since almost all newsgroup postings

> (except for a very few people who use html by mistake) are plain text

> it is very unlikely. Since you use OE, you should set it to read (and

> send) plain text.

Yes I do send in plain text for newsgroups. Not too sure with read though.
Should the box 'read all messages in plain text' under the read tab, be
checked. It is not though???

> Since you say you can't see "Local Settings", here are the places to

> enable viewing hidden files:

> a. Check "Display the contents of system folders".

> b. Check "Show hidden files and folders".

a & b already checked

> c. Uncheck "Hide extensions for known file types".

> d. Uncheck "Hide protected operating system files" and click "OK" to the

> dialog box.

c & d unchecked as asked - got a warning but carried on.
Should I check these boxes back to their original settings after this
trouble-shoot or can I leave them unchecked?
Did 'Apply' then 'OK' - Then Win Exp/C:/Docs & Sets/My Name/ NO LOCAL SETS
appear in the tree.
Tried all folders after Docs & Sets - even All Users - no trace of Local
Settings.

> Since you have already deleted the file, there isn't much we can do. It

> would have been better to submit the file to Virus Total:

> http://www.virustotal.com/flash/index_en.html

Yes I realised that as soon as I went into another site to submit it -
bloody fool that I am.
I do not spend enough time in the virus group. Should do.
I am still waiting for a response from my ISP re that definition file number
they gave me when it found the suspect file.

> I'm really not sure what you are asking or what we can do to help since

> you've deleted the file.

I appreciate the clock cannot be turned back - thank you for the input
though.
I wonder where that local settings is - it appears in a general search
folders and files.
Can it be found via Start/Run?
Thank you again
Rgds
Antioch

> Malke

> --

> Elephant Boy Computers

> www.elephantboycomputers.com

> "Don't Panic!"

> MS-MVP Windows - Shell/User

Posted by Malke on October 4, 2006, 7:51 pm

If you were Registered and logged in, you could reply and use other advanced thread options

antioch wrote:

Comments inline:

> Yes I do send in plain text for newsgroups. Not too sure with read

> though. Should the box 'read all messages in plain text' under the

> read tab, be

> checked. It is not though???

I'm sorry but I can't help you with OE since I never use it. I would
think that checking the box for reading in plain text would be the way
to go. Here are a few links about using OE as a newsreader; perhaps the
question is covered there:

http://michaelstevenstech.com/outlookexpressnewreader.htm - Set Up
Newsreader
http://rickrogers.org/setupoe.htm
Accessing the MS newsgroups in Outlook Express Newsreader
http://www.microsoft.com/windowsxp/expertzone/newsgroupsetup.mspx

>> Since you say you can't see "Local Settings", here are the places to

>> enable viewing hidden files:

>> a. Check "Display the contents of system folders".

>> b. Check "Show hidden files and folders".

> a & b already checked

>> c. Uncheck "Hide extensions for known file types".

>> d. Uncheck "Hide protected operating system files" and click "OK" to

>> the dialog box.

> c & d unchecked as asked - got a warning but carried on.

> Should I check these boxes back to their original settings after this

> trouble-shoot or can I leave them unchecked?

I would hide the protected operating system files afterwards and leave
the other items visible.

> Did 'Apply' then 'OK' - Then Win Exp/C:/Docs & Sets/My Name/ NO LOCAL

> SETS appear in the tree.

> Tried all folders after Docs & Sets - even All Users - no trace of

> Local Settings.

Every Windows XP box that I've ever seen has:

C:\Documents and Settings\username\ [where C:\ = system drive]
Double-click the folder for username. Inside you will see folders for:

Application Data
Contacts (optional)
Cookies
Desktop
Favorites
Local Settings
My Documents ... and some more folders afterwards that aren't pertinent
to this question.

Double-click the Local Settings folder and inside you will find:
Application Data
History
Temp
Temporary Internet Files
desktop.ini

If you have enabled viewing the hidden files, you have the same folders
as every other XP user on the planet.

Malke
--
Elephant Boy Computers
www.elephantboycomputers.com
"Don't Panic!"
MS-MVP Windows - Shell/User

Posted by antioch on October 4, 2006, 8:29 pm

If you were Registered and logged in, you could reply and use other advanced thread options

> antioch wrote:

> Comments inline:

>> Yes I do send in plain text for newsgroups. Not too sure with read

>> though. Should the box 'read all messages in plain text' under the

>> read tab, be

>> checked. It is not though???

> I'm sorry but I can't help you with OE since I never use it. I would

> think that checking the box for reading in plain text would be the way

> to go. Here are a few links about using OE as a newsreader; perhaps the

> question is covered there:

> http://michaelstevenstech.com/outlookexpressnewreader.htm - Set Up

> Newsreader

> http://rickrogers.org/setupoe.htm

> Accessing the MS newsgroups in Outlook Express Newsreader

> http://www.microsoft.com/windowsxp/expertzone/newsgroupsetup.mspx

>>> Since you say you can't see "Local Settings", here are the places to

>>> enable viewing hidden files:

>>>

>>> a. Check "Display the contents of system folders".

>>> b. Check "Show hidden files and folders".

>> a & b already checked

>>> c. Uncheck "Hide extensions for known file types".

>>> d. Uncheck "Hide protected operating system files" and click "OK" to

>>> the dialog box.

>> c & d unchecked as asked - got a warning but carried on.

>> Should I check these boxes back to their original settings after this

>> trouble-shoot or can I leave them unchecked?

> I would hide the protected operating system files afterwards and leave

> the other items visible.

>> Did 'Apply' then 'OK' - Then Win Exp/C:/Docs & Sets/My Name/ NO LOCAL

>> SETS appear in the tree.

>> Tried all folders after Docs & Sets - even All Users - no trace of

>> Local Settings.

> Every Windows XP box that I've ever seen has:

> C:\Documents and Settings\username\ [where C:\ = system drive]

> Double-click the folder for username. Inside you will see folders for:

> Application Data

> Contacts (optional)

> Cookies

> Desktop

> Favorites

> Local Settings

> My Documents ... and some more folders afterwards that aren't pertinent

> to this question.

> Double-click the Local Settings folder and inside you will find:

> Application Data

> History

> Temp

> Temporary Internet Files

> desktop.ini

> If you have enabled viewing the hidden files, you have the same folders

> as every other XP user on the planet.

> Malke

> --

> Elephant Boy Computers

> www.elephantboycomputers.com

> "Don't Panic!"

> MS-MVP Windows - Shell/User

Hello Malke
I AM A PRAT - I had uncheched your b above - all has been displayed.
Sorry to have wasted your time.
I found two lots of Content IE5 - one under named user and the other under
default user - neither had the file I was looking for so it is lost :-(
Thank you again
Antioch

Similar Threads	Posted
Strange Virus Activity	October 18, 2007, 5:49 pm
Re: Strange one..can someone send me a virus...pleez	July 19, 2005, 2:52 pm
RE: Strange one..can someone send me a virus...pleez	October 15, 2005, 5:07 pm
Strange virus/malware problem	October 19, 2007, 2:09 pm
Strange behaviour of a virus or the hacker.	February 13, 2008, 4:04 pm
Virus, rootkit or something else ??? Strange network behavior...	January 6, 2006, 5:59 pm
Strange one	October 17, 2007, 12:39 am
Strange AVG behavior.	March 31, 2007, 3:41 pm
Strange svchost.exe	April 23, 2008, 8:54 am
Strange msfeeds. self-scheduled	July 21, 2006, 1:08 pm

The site map in XML format XML site map