Downloader B.O. dr. virus In Outlook XP

Discussion in 'malware problems & news' started by corndale, Dec 4, 2002.

Thread Status:
Not open for further replies.
  1. corndale

    corndale Registered Member

    Dec 4, 2002
    Newark NJ, USA
    I have SystemWorks 2003, and continue to get the automatic detection notice on the Downloader B.O. dr virus when I open Outlook XP. The virus was delivered to me in an email from sender:, Subject: Failed Delivery. The item name changes each time: CC92BO.TMP, CC9174.TMP, etc. I deleted this email completely from my system sometime ago, but continue to get the detection notice. Once I select Finish, I can continue to receive email. I have run a system scan twice on my HD. No infections are detected. What steps can I take to completely eradicate this virus (short of reformating my HD and reinstalling all of my programs)?
  2. Primrose

    Primrose Registered Member

    Sep 21, 2002
  3. Technodrome

    Technodrome Security Expert

    Feb 13, 2002
    New York
    From Sophos:

    Troj/Dloader-BO downloads and executes a file from the website within 3 days of being run for the first time. At the time of writing Sophos Anti-Virus detects this file as Troj/Bdoor-Aml but, of course, the file could be changed. Troj/Dloader-BO has been seen in the files MASTERAZ.EXE and JIMKRE.EXE

    The Trojan adds the following entry to the registry

    .inr\5Nzg1mOWKzFnuvu6 = "C:\<path to Trojan>".

    This will run the Trojan on system restart.

    The Trojan also creates the following entry within the registry


    To manually delete this Trojan go here

  4. controler

    controler Guest

    From what I saw of the Klez virus, Norton doesn't clean your System Resore files which keep protected copies of almost everything.
    This sounds similar to the klez infections. You always ended up with
    TMP files with different names.
    try NOD-32 or Here is another cool AV I been trying that is for XP.
    AVAST.. Seems to be very fast.
Thread Status:
Not open for further replies.