Hi, Does anyone know what embeded HTML means? When Kav scanned it said scan failed because of embedded HTML in sp3res.dll. Just wondering what that means? Thanks, ENT

May I suggest testing your copy of sp3res.dll on the JOTTI online virus scan web site and I'd be interested to hear the result. http://virusscan.jotti.org/

Hi, I did the scan but how do you know what the results are? Thanks

{QUOTE-> Hi, I did the scan but how do you know what the results are? Thanks <-QUOTE}When the scan finishes....there should be a box similar to the below pic....with the 10 scanner results for your file.

Hi, The box down below showed the same one that was there before my file was scanned. Does that mean that it's not a nasty? Thanks, ENT

There is a result box that shows the scan result for the file that you submitted. If theres nothing found in it it looks like the one below.

UhhhhOhhhhh! Scanner Malware name Time taken
AntiVir X 0.28 seconds
Avast Win32:Ciadoor-024 1.52 seconds
BitDefender X 1.00 seconds
ClamAV X 0.81 seconds
Dr.Web BackDoor.Cia.17 0.98 seconds
F-Prot Antivirus X 1.24 seconds
Fortinet Suspicious 0.69 seconds
Kaspersky Anti-Virus X 2.10 seconds
mks_vir X 0.43 seconds
NOD32 probably unknown NewHeur_PE 2.13 seconds
Norman Virus Control X 8.13 seconds What do I do now???

The Lavasoft (AdAware SE) threat assesment for cleaning ciadoor is a 1 (v.v.easy) and 0 (none) for integration.
You can download a free version of AdAware from Lavasoft --> HERE (www.lavasoft.com)
Do a full scan / clean as directed in the 'Getting Started' section of the included help file and that SHOULD take care of it. You will have to manually select each item found individually in the free version. After that is completed and you have re-booted your PC perform another scan and make sure it comes up clean.
You should be aware that one of the things ciadoor is known for is sending out the keys and registration info for your installed software so you may prefer to keep your infected machine offline until you're finished if thats possible.
I strongly suggest purcasing the plus version to get some real time protection after you have satisfied yourself it will do what you want.
I haven't personally tried them personally but I also understand that software like SpyBot S&D and Trojan Defense Suite from DiamonCS (elsewhere in this forum) are considered quite reputable.
Let us know how you go with one of those if thats O.K.?

Do any mods want to move this to Trojans & Backdoors?

Hi, forgive me if I sound depressed....I have AD-Aware,Spybot S&D With (Tea Timer), Worm Gaurd, Spywareguard, TrojanHunter, ZoneAlarm Pro, CWShredder, TDS,IDBlaster, SpywareBlaster and Firefox. I don't open Applications, Don't go to naughty sights, and I have a dumb backdoor called Cia.17!.... I am just now trying KAV and since it is the one that found it maybe I've had it for a long time, but who knows? I scanned with everything and nothing but Kav found it but can't get rid of it because it's embedded. Is that right? Is there a way I can get rid of it manually? What else does it do? I am always on not Dial up so I can't get off of here...Thanks for your help, ENT

During the searching for info it seemed to me the particular variant you have is relatively new or not widely distributed. It's also possible that it's been on your system for a long time undetected.
I'd be interested to see if my own security would pick it up with its current configuration - how would you feel about emailing a zipped sample to me?

Hi,That would be fine but I don't have your e-mail address?

{QUOTE-> Hi,That would be fine but I don't have your e-mail address? <-QUOTE}
you can email it --> HERE
:)

Hi, I got an e-mail message that you couldn't receive it because it was an illegal attach. ????? Thanks, ENT

...?
Got it fine to my inbox - the autoforward probably failed (I keep copies of my mail elsewhere for when I'm away)

What you emailed me was all clear, so that's good right?

...and the file does have a heap of embedded HTML in it. Looks like the same thing repeated for each available windows character set to cater for almost every language.

Hi, So I can breath a sigh of relief? Wonder why my scan was different? Whazzup? I'm not going to say WHEW! until you say yea! Thanks Nod, ENT

quote me - yea!
:)