Advice Needed on threat found by Ewido

Discussion in 'malware problems & news' started by Elray, Jul 6, 2005.

Thread Status:
Not open for further replies.
  1. Elray

    Elray Registered Member

    Joined:
    Oct 10, 2004
    Posts:
    95
    Location:
    Rural Queensland, Australia
    Hi Everyone,

    Hope somebody can advise me on this threat identified today by Ewido. It is named as:

    "C:\WINDOWS\OEBackup.CAB/OEBackup.exe -> Heuristic.Win32.Hijacker1"

    Ewido cannot clean the file and returns the error message below:

    "The file 'C:\WINDOWS\OEBackup.exe' cannot be removed because it is embedded in the archive 'C:\WINDOWS\OEBackup.CAB'. Do you want to remove the whole archive?"

    I don't know whether it would be safe to remove the whole archive out of CAB files and hope somebody on the forum can help me with this.

    TIA,
    Elray
     
  2. controler

    controler Guest

    Maybe these guys can help.

    http://www.geekstogo.com/forum/Antivirus_gold_Trojan_and_oneclicksearch escom-t41416.html

    Appears you been hit by.

    http://www,tonowhere.com

    ~Mod note....edited clickable hyperlink. We have enough users machines infected....Bubba~
     
    Last edited by a moderator: Jul 7, 2005
  3. Elray

    Elray Registered Member

    Joined:
    Oct 10, 2004
    Posts:
    95
    Location:
    Rural Queensland, Australia
    Thanks for your reply, Controler. I have posted at the site you referred me to and will see what they say.

    I don't have any evidence of infection in my system. No hijacking or system slowdown and no other application finds a problem with the file Ewido objects to. When I track it down it is really only a file archived in Winzip and which has been there since September 2003 so I think it is a false positive!

    Thanks for taking the time to redirect me. I don't like to find ANY malware on my system so I'll follow it up.

    Cheers,

    Elray
     
  4. controler

    controler Guest

    Elray

    you are welcome and if the file is only in a archive and has not been executed,
    you should be ok. I would still wonder where you picked up the archive.

    You should tell right away after your Hijackthis log has been posted at that site.
    You, yourself would see some of the same lines in your log as listed on that page.

    I am suspicious about that site , since I went there, it gave me an alert my PC was infected LOL. I don't think Spysweeper would alow an infection.
    Still a naughty site.

    controler
     
  5. Elray

    Elray Registered Member

    Joined:
    Oct 10, 2004
    Posts:
    95
    Location:
    Rural Queensland, Australia
    FYI Controler,

    I've double checked the file Ewido dislikes. It is definitely a file archived in WinZip from a "Backup Outlook Express" program I intended to try - this was back in 2003! That file has been sitting in the WinZip archive since then with no problems arising.

    I've now scanned that file with several other apps. and get no alerts at all. As I said, my computer is not experiencing any slowdowns at all and no hijacking or other disturbances and everything is running very well. No strange processes in evidence and no firewall breaches.

    I've now deleted the archive (and quarantined it) and will send it to Ewido once I can get it away. Last night I couldn't connect to their servers. Too many people downloading the new version I suppose. I'll try again later.
    Thanks for your response and advice.

    Elray. ;)
     
  6. HD rider UK

    HD rider UK Registered Member

    Joined:
    Feb 16, 2005
    Posts:
    121
    Location:
    Gloucestershire, UK
    Hi there Elray

    I am on the HJT staff at GTG (UKBiker) so i had a look to see if your post had been responded to. Unfortunately, you posted in the wrong section of the forums. If you go to

    http://www.geekstogo.com/forum/Malware_Removal_HiJackThis_Logs_Go_Here-f37.html

    read the instructions as to how to post a HJT log, then post one. I will pick it up and deal with it for you. Send me a PM at GTG to let me know when you have made the post.

    HDRider UK
     
  7. Elray

    Elray Registered Member

    Joined:
    Oct 10, 2004
    Posts:
    95
    Location:
    Rural Queensland, Australia
    Thank you. I've posted as requested.

    Elray
     
  8. HD rider UK

    HD rider UK Registered Member

    Joined:
    Feb 16, 2005
    Posts:
    121
    Location:
    Gloucestershire, UK
    Hi Elray, just to let you know that the log was clean.

    HDRiderUK
     
Loading...
Thread Status:
Not open for further replies.