Virus: WIN32/TrojanDownloader.Dyfica.BMtrojan

Discussion in 'NOD32 version 2 Forum' started by kentec, Jan 23, 2005.

Thread Status:
Not open for further replies.
  1. kentec

    kentec Registered Member

    Joined:
    Jan 23, 2005
    Posts:
    2
    A message from one of my customers any ideas?

    Following is the info that Amon brings up when I ma running AdAware:
    File: C:\ DOCUME~1\Owner\LOCALS~1\Temp\AAWTMP\C107697328\161B4\UniDist.ocx

    Virus: WIN32/TrojanDownloader.Dyfica.BMtrojan

    Comment: Amon cannot clean this finfiltration. Event occurred on a newly created file.
    When I run the NOD scan it finds nothing however the AMON logscan tells me there are now 1773 infected files.
    HELP!!!
     
    kentec, Jan 23, 2005
    #1
  2. quexx88

    quexx88 Registered Member

    Joined:
    Nov 26, 2004
    Posts:
    235
    Location:
    Radnor, Pennsylvania
    It seems as though Ad-Aware is unpacking something that AMON is picking up as infected. Although you could disable AMON while Ad-Aware is scanning to let it finish, try to delete the file (from the AMON alert screen...uncleanable does not mean un-deletable! There is a "delete button"). In any event, Ad-Aware will probably either detect and clean the offending malware, or at the very least delete those temporary files that it is creating. After you're through with that, try a scan with a product like ewido (www.ewido.net for a free 30 day trial) Let us know what happens!
     
    quexx88, Jan 23, 2005
    #2
  3. kentec

    kentec Registered Member

    Joined:
    Jan 23, 2005
    Posts:
    2
    Re: Virus: WIN32/TrojanDownloader.Dyfica.BMtrojan/Result from Customer

    I down loaded Ewido and ran that. It picked up a file and cleaned it.

    I also uninstalled the latest version of Adaware dated 11/01/2005 which was what seemed to be causing all the problems. I reloaded my old Adaware personal SE but it still reads as the latest version and still brings up the AMON.
    I had tried Delete and Quarantine but Amon says the same thing as previously : Cannot clean this infiltration..etc

    Interestingly after I ran Ewido the virus log reset to Nil files infected!

    You may like to pass this info on to Eset.
     
    kentec, Jan 24, 2005
    #3
  4. Sweetie(*)(*)

    Sweetie(*)(*) Registered Member

    Joined:
    Aug 10, 2004
    Posts:
    419
    Location:
    Venus
    Hi,

    WIN32/TrojanDownloader.Dyfica.BMtrojan is designed to retrieve and install additional files, when run. Most will be configured to retrieve from a designated web or FTP site.

    The 1773 Files that are comming up infected may be a result of the additional downloads this Trojan has preformed.

    Possible solutions I would suggest:

    If available use System restore (you should be able to tell the install date from Nod32 logs.)

    Online AV Scan followed by Nod32 in safe mode with max settings using clean function.

    Install Microsoft Anti-Spyware, scan as back up to Adaware. (ive had good results using this with my customer PC's)
     
    Sweetie(*)(*), Jan 24, 2005
    #4
  5. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    164,199
    Location:
    Texas
    When the trojan is found in a file, select to delete it. After the scan completes, you'll be prompted to reboot the machine for the cleaning to take effect.

    https://www.wilderssecurity.com/showthread.php?t=61016
     
    ronjor, Jan 24, 2005
    #5
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...