Not sure what this is!

Discussion in 'other anti-trojan software' started by tragic001, Jul 10, 2003.

Thread Status:
Not open for further replies.
  1. martindijk

    martindijk Registered Member

    Joined:
    Jun 13, 2003
    Posts:
    537
    Location:
    Gorredijk - the Netherlands
    Hi Tragic,

    Can you try and delete them in safe mode??

    rgds,
    Martin
     
  2. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,491
    Location:
    Netherlands
  3. Gavin - DiamondCS

    Gavin - DiamondCS Former DCS Moderator

    Joined:
    Feb 10, 2002
    Posts:
    2,080
    Location:
    Perth, Western Australia
    Send a copy to gavin@diamondcs.com.au if you can, thanks :)
     
  4. tragic001

    tragic001 Registered Member

    Joined:
    Jul 10, 2003
    Posts:
    35
    Darn, sorry guys but i booted to safe mode and deleted it from there. I wish i looked back at the forum so i could send it to both Mischel and Gavin.

    On scanning now with TH, i only get the C:\windows\Downloaded Program Files\UGO20.exe showing now. But i can find no trace of it on the computer o_O
    The other entry, the Conflict folder i deleted in safe mode.

    Do you think the pc is now clear of this beast?

    thanks.
     
  5. tragic001

    tragic001 Registered Member

    Joined:
    Jul 10, 2003
    Posts:
    35
    Here we go again o_O I thought i deleted the darn thing, but its still there. Using windows explorer to check the downloaded program files, i see nothing. I then typed the full address in the addy bar for the ugo20.exe and up come windows with a diaglogue box saying " you are downloading the ugo20.exe from windows" o_O

    I saved it to desktop and will now send it to gavin and mischel. But how do i get rid of the darn thing :)

    thanks guys
     
  6. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Hello tragic001, Did you do as suggested earlier and download a trial copy of TDS3 + the the latest radius file from the www.diamondcs.com.au? This may be able to delete it if it is a known Trojan.

    Thanks Pilli.
     
  7. tragic001

    tragic001 Registered Member

    Joined:
    Jul 10, 2003
    Posts:
    35
    Thanks Pilli.

    I have downloaded the trial version of TDS but i am unable to get the updates to install for the radius files. I have downloaded it to my desktop, where do i put it as windows says it cannot open this file.

    Thanks
     
  8. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,475
    Location:
    The Netherlands
    tragic,

    Put it in the TDS directory, overwriting the existing file. Restart TDS and perform the full system scan (which could take some time - don't worry, it's scanning deep...)

    regards.

    paul
     
  9. tragic001

    tragic001 Registered Member

    Joined:
    Jul 10, 2003
    Posts:
    35
  10. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,475
    Location:
    The Netherlands
    Sounds good - could be pointing to a false positive (which wouldn't be strange, since you have enabled heuristics in TrojanHunter.

    No need to be at a loss at all: you've submitted the file to Magnus and Gavin for examination. It might go over the weekend, but be assured they will come up with an analysis. For the moment: just block outgoing traffic for this one.

    btw: is: www.imagestation.com where you have uploaded this screen shot? If so, please upload images using the feature while posting - thanks ;)

    regards.

    paul
     
  11. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Did you send a copy to MM & Gavin?

    Did you have all the options ticked in the configuration menu? - If you are running XP W2K you can tick the first box, leave initialise sockets unticked.
    In the scan options tick everything, open the generic tab & tick both boxes, move the heuristics control to high and rescan " all hard drives"

    I found this link: http://miataru.computing.net/security/wwwboard/forum/5219.html

    HTH Pilli
     
  12. tragic001

    tragic001 Registered Member

    Joined:
    Jul 10, 2003
    Posts:
    35
    Thanks Paul and Pilli,

    Sorry about the image station, will remember next time.

    I have submitted the file to both Mishel and Gavin and i have already received a reply from Mischel.

    Unfortunately neither adaware of spybot detect it. I have re-run TDS as outlined by Pilli but again nothing showed up. Ran NOD32, negative also. Just TH still finding the UGO20.exe.

    As you say Paul, i have refused access via my firewall but would like to know how i can get ridof it. o_O

    Thanks to all. :)
     
  13. martindijk

    martindijk Registered Member

    Joined:
    Jun 13, 2003
    Posts:
    537
    Location:
    Gorredijk - the Netherlands
  14. tragic001

    tragic001 Registered Member

    Joined:
    Jul 10, 2003
    Posts:
    35
    Thanks Martin, but already came up negative with that one, ran it again, but still negative.

    Appreciated :)
     
  15. martindijk

    martindijk Registered Member

    Joined:
    Jun 13, 2003
    Posts:
    537
    Location:
    Gorredijk - the Netherlands
    Search your registry for win250dollar. Delete all references.
    If there is nothing there, search your Windows folder, then your entire hard drive.

    rgds,
    Martin
     
  16. tragic001

    tragic001 Registered Member

    Joined:
    Jul 10, 2003
    Posts:
    35
    Thanks again Martin, but that came up negative. Found no trace whatsoever.

    :)
     
  17. martindijk

    martindijk Registered Member

    Joined:
    Jun 13, 2003
    Posts:
    537
    Location:
    Gorredijk - the Netherlands
  18. martindijk

    martindijk Registered Member

    Joined:
    Jun 13, 2003
    Posts:
    537
    Location:
    Gorredijk - the Netherlands
    Tragic,

    Is your startpage the same when you open your browser or has it changed??

    Can you download this BHO prog. to see what browserhelpers are installed on your system.

    Download:
    http://www.wilders.org/HTMLobj-1008/bhodmon1.zip

    Can you show me the BHO list on your system.

    Can you check your registry for "e2give"

    rgds,
    Martin
     
  19. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,491
    Location:
    Netherlands
    Hi tragic001,

    Could you please try the following:
    In IE > Tools > Internet-options > General tab > Settings > View objects
    Is the Conflict.1 folder showing there and if so, can you remove it from there.

    Regards,

    Pieter
     
  20. martindijk

    martindijk Registered Member

    Joined:
    Jun 13, 2003
    Posts:
    537
    Location:
    Gorredijk - the Netherlands
    And the BHO list??

    rgds,
    Martin
     
  21. tragic001

    tragic001 Registered Member

    Joined:
    Jul 10, 2003
    Posts:
    35
  22. tragic001

    tragic001 Registered Member

    Joined:
    Jul 10, 2003
    Posts:
    35
    Thanks Pieter, but did manage to delete the conflict folder in safe mode. Its the exe one that will not go away....lol

    Thanks :)
     
  23. martindijk

    martindijk Registered Member

    Joined:
    Jun 13, 2003
    Posts:
    537
    Location:
    Gorredijk - the Netherlands
    Tragic,
    Can you scan your registry for "e2safe"

    Can you find this string:
    {3643ABC2-21BF-46B9-B230-F247DB0C6FD6}: IeBHOs.dll

    rgds,
    Martin
     
  24. tragic001

    tragic001 Registered Member

    Joined:
    Jul 10, 2003
    Posts:
    35
    Martin, is there a quick way to do that?? I mean the registry is huge and to look for that is gonna take me forever....lol. If you know a quicker way, i would prefer, if not, i shall be burning the midnight oil here...

    Thanks
     
  25. martindijk

    martindijk Registered Member

    Joined:
    Jun 13, 2003
    Posts:
    537
    Location:
    Gorredijk - the Netherlands
    open registry, select on the left pane - this computer, click edit, search, enter "e2safe" and search.

    rgds,
    Martin
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.