help please

Discussion in 'malware problems & news' started by Kroc, Jun 20, 2003.

Thread Status:
Not open for further replies.
  1. Kroc
    Offline

    Kroc Registered Member

    Hi Everyone, Im not sure if im posting in the right place or not but i would like some assistance with a problem im having. If im not in the right place could someone refer me on .....thanks

    ok im running windows xp
    have nortons anti virus 2002 with the latest updates

    I clicked on a web site and my nortans sent up an Alert reading as follows

    Date: 20/06/2003, Time: 8:53:32,
    The file
    C:\WINDOWS\System32\aupdate.exe
    is infected with the Download.Trojan virus.
    Unable to repair this file.

    and then this

    Date: 20/06/2003, Time: 8:53:32,
    The file
    C:\WINDOWS\System32\aupdate.exe
    is infected with the Download.Trojan virus.
    Access to the file was denied.

    I went looking for the file and couldnt find it
    I then went and checked symantics web pages and after about 3 hours of shere frustration downloaded a couple of Trojan scanners and did a scan.

    Neither Trojan Scanner picked it up
    I ran nortans thru about 5 more full scans as well as pointing nortons to any file with the file name of aupdate........

    my question is this....

    Is the virus still present ?

    If so how do i find out for sure ?

    How do i get rid of it ?

    Hoping someone can help

    Thanks

    Kroc
  2. Dan Perez
    Offline

    Dan Perez Retired Moderator

    Hi Kroc,

    Welcome aboard!

    Could you please go to

    http://www.diamondcs.com.au/index.php?page=asguard

    and download and extract the freeware AutoStart viewer utility.

    When you run it can you go to the "Main" menu and make sure the top three options are checked. Once this is done select Save from that menu, it will create an asviewer.txt file in the same directory you ran it from and paste the contents of that file here.

    Also, are you sure that the AV did not quarantine the file? You might want to look in your quarantine directory and/or check you AV log.

    Dan
  3. Pieter_Arntz
    Offline

    Pieter_Arntz Spyware Veteran

    Hi Kroc,

    Could be this one:
    http://www.doxdesk.com/parasite/TinyBar.html

    Regards,

    Pieter
  4. Gavin - DiamondCS
    Offline

    Gavin - DiamondCS Former DCS Moderator

    Yep those are the ones, its technically a webdownloader and detected by TDS and most if not all AV's too.

    Turn off ActiveX, clean it and its friends who have surely come along too with spyware removers :)
Thread Status:
Not open for further replies.