Downloader B.O. dr. virus In Outlook XP

Discussion in 'malware problems & news' started by corndale, Dec 4, 2002.

Thread Status:
Not open for further replies.
  1. corndale

    corndale Registered Member

    Joined:
    Dec 4, 2002
    Posts:
    1
    Location:
    Newark NJ, USA
    I have SystemWorks 2003, and continue to get the automatic detection notice on the Downloader B.O. dr virus when I open Outlook XP. The virus was delivered to me in an email from sender: Mailer-Daemon@optonline.net, Subject: Failed Delivery. The item name changes each time: CC92BO.TMP, CC9174.TMP, etc. I deleted this email completely from my system sometime ago, but continue to get the detection notice. Once I select Finish, I can continue to receive email. I have run a system scan twice on my HD. No infections are detected. What steps can I take to completely eradicate this virus (short of reformating my HD and reinstalling all of my programs)?
     
    corndale, Dec 4, 2002
    #1
  2. Primrose

    Primrose Registered Member

    Joined:
    Sep 21, 2002
    Posts:
    2,743
    Primrose, Dec 4, 2002
    #2
  3. Technodrome

    Technodrome Security Expert

    Joined:
    Feb 13, 2002
    Posts:
    2,140
    Location:
    New York
    From Sophos:

    Troj/Dloader-BO downloads and executes a file from the website
    masteraz.hypermart.net within 3 days of being run for the first time. At the time of writing Sophos Anti-Virus detects this file as Troj/Bdoor-Aml but, of course, the file could be changed. Troj/Dloader-BO has been seen in the files MASTERAZ.EXE and JIMKRE.EXE

    The Trojan adds the following entry to the registry

    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\
    .inr\5Nzg1mOWKzFnuvu6 = "C:\<path to Trojan>".

    This will run the Trojan on system restart.

    The Trojan also creates the following entry within the registry

    HKLM\Software\CLASSES\.inr\5Nzg1mOWKzFnuvu6.

    http://www.sophos.com


    To manually delete this Trojan go here http://www.vsantivirus.com/inor-a.htm



    Technodrome
     
    Technodrome, Dec 4, 2002
    #3
  4. controler

    controler Guest

    From what I saw of the Klez virus, Norton doesn't clean your System Resore files which keep protected copies of almost everything.
    This sounds similar to the klez infections. You always ended up with
    TMP files with different names.
    try NOD-32 or Here is another cool AV I been trying that is for XP.
    AVAST.. Seems to be very fast.
     
    controler, Dec 4, 2002
    #4
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...