argus tuft
December 7th, 2006, 01:14 AM
Hi, I have been experiencing some weirdness on my pc lately, and whenever I scan with DrWeb cureit, it finds Trojan.StartPage.1505 throughout system restore, and also Spybot backup. It is always a .reg file.
Sometimes the computer has been close to crashing, and I'm occasionally getting error must close messages from DrWtsn32 which is running two instances and seems to have frozen.
I have scanned with trojan hunter, a2, ewido etc and none report any trojans, but I have just cleaned any drweb found (6) yesterday.
But they keep coming back!
After scanning with trojan hunter it found these;
Warning: Unable to unpack UPX-packed file C:\Program Files\a-squared Free\a2free.exe (Add to ignore list)
Warning: Unable to unpack UPX-packed file C:\Program Files\Common Files\Autodesk Shared\adresc16.dll (Add to ignore list)
Warning: Unable to unpack UPX-packed file C:\Program Files\Rockstar Games\GTAIII\gta3.exe (Add to ignore list)
Warning: Executable file with double extensions found: C:\WINDOWS\assembly\GAC\Microsoft.VisualBasic.Vsa\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
Warning: Executable file with double extensions found: C:\WINDOWS\assembly\GAC\Microsoft.Vsa\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
Warning: Executable file with double extensions found: C:\WINDOWS\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
Warning: Executable file with double extensions found: C:\WINDOWS\assembly\GAC\System.Xml\1.0.5000.0__b77a5c561934e089\System.XML.dll
Warning: Executable file with double extensions found: C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_66c56f6f\System.Xml.dll
Warning: Executable file with double extensions found: C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Microsoft.VisualBasic.Vsa.dll
Warning: Executable file with double extensions found: C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Microsoft.Vsa.dll
Warning: Executable file with double extensions found: C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
Warning: Executable file with double extensions found: C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.XML.dll
No trojan files found
I am assuming that the unpackable files are ok, but what about those with double extensions?
Thanks, argus
Sometimes the computer has been close to crashing, and I'm occasionally getting error must close messages from DrWtsn32 which is running two instances and seems to have frozen.
I have scanned with trojan hunter, a2, ewido etc and none report any trojans, but I have just cleaned any drweb found (6) yesterday.
But they keep coming back!
After scanning with trojan hunter it found these;
Warning: Unable to unpack UPX-packed file C:\Program Files\a-squared Free\a2free.exe (Add to ignore list)
Warning: Unable to unpack UPX-packed file C:\Program Files\Common Files\Autodesk Shared\adresc16.dll (Add to ignore list)
Warning: Unable to unpack UPX-packed file C:\Program Files\Rockstar Games\GTAIII\gta3.exe (Add to ignore list)
Warning: Executable file with double extensions found: C:\WINDOWS\assembly\GAC\Microsoft.VisualBasic.Vsa\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
Warning: Executable file with double extensions found: C:\WINDOWS\assembly\GAC\Microsoft.Vsa\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
Warning: Executable file with double extensions found: C:\WINDOWS\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
Warning: Executable file with double extensions found: C:\WINDOWS\assembly\GAC\System.Xml\1.0.5000.0__b77a5c561934e089\System.XML.dll
Warning: Executable file with double extensions found: C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_66c56f6f\System.Xml.dll
Warning: Executable file with double extensions found: C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Microsoft.VisualBasic.Vsa.dll
Warning: Executable file with double extensions found: C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Microsoft.Vsa.dll
Warning: Executable file with double extensions found: C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
Warning: Executable file with double extensions found: C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.XML.dll
No trojan files found
I am assuming that the unpackable files are ok, but what about those with double extensions?
Thanks, argus