Downloader.VB.R...

Discussion in 'malware problems & news' started by Comp01, Oct 2, 2004.

Thread Status:
Not open for further replies.
  1. Comp01

    Comp01 Registered Member

    Joined:
    Sep 4, 2003
    Posts:
    638
    I was browsing the web for lyrics to a song, I opened a site, and all of the sudden a download window comes up in firefox (I forget which site, I closed everything very fast.) it downloads a file default.exe to my desktop, I scanned it with AVG, nothing, so I deleted it (Stupid I know, I should have kept it for analysis.) anyways, this was all after AVG warned me of a Downloader.VB.R trojan horse, so I scanned my PC with AVG, found it, and it now resides in the virus vault, I then scanned with AntiVir PE, and eScans antivirus utility, they found nothing, I scanned with Ewido Security Suite and a2 they found nothing as well, then scanned with adaware and spybot s&d and they found nothing, I am wondering if I should asusme that my PC is clean or not? The infected file was found in Firefox's browser cache folder, but after scanning with everything I have, nothing was found, I checked auto start entries, and nothing has been added, and I checked all services (In the service control panel) and nothing, I am wondering also if it is ok to put a Hijack This log up? - But mostly I want to make sure that my PC is clean.
     
  2. nadirah

    nadirah Registered Member

    Joined:
    Oct 14, 2003
    Posts:
    3,647
  3. Sweetie(*)(*)

    Sweetie(*)(*) Registered Member

    Joined:
    Aug 10, 2004
    Posts:
    419
    Location:
    Venus
    you should get the current ver of NOD32 anti virus, it has a HTTP scanner and Imon [internet monitor] that will warn you of these types of things by blocking the force download.

    unfortunatly this is becoming more common, and somewhat of a problem as not all PC users have a good AV or the current updates.
     
  4. sard

    sard Registered Member

    Joined:
    Apr 18, 2004
    Posts:
    175
    Location:
    UK
    An http scanner isn't really necessary. As long as your AV is capable of detecting the malware it doesn't matter if it detects it once the file has been created on the HD, or before it's downloaded, as long as it's detected.

    NOD32,s IMON module can't scan within self extracting archives anyway so the http scanner is often useless, and you end up relying on the real-time monitor scanning the files as they're extracted.
     
  5. Sweetie(*)(*)

    Sweetie(*)(*) Registered Member

    Joined:
    Aug 10, 2004
    Posts:
    419
    Location:
    Venus
    NOD32 will not let an infected file transfer from a web site to your computer.
    so you are protected before it even installs. if you relying on detection after the malicious file has installed itself on ur pc then ur taking a big chance.
     
  6. sard

    sard Registered Member

    Joined:
    Apr 18, 2004
    Posts:
    175
    Location:
    UK
    It will if it's in a self extracting archive. You can test this yourself with the eicar test file.

    What do you mean by installed? If you virus scanner scans all files that are created then you are just as protected as you would be by http scanning.
     
  7. stinkbomb

    stinkbomb Guest

    same thing happened to me, except that i told firefox to cancel...

    wierd..maybe security through obscurity (using firefox) is finally over!
     
  8. LLV

    LLV Guest

    No, my son picked up this same virus and he uses IE.

    I just found it on mine. Do I go ahead and delete the default.exe?
     
  9. LLV

    LLV Guest

    Never mind, my anti-virus cleaned it. But I keep picking it up from somewhere and I can't tell where it's coming from.
     
  10. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,763
    Location:
    Texas
  11. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Like Ronjor posted, that General Cleaning Guide should set your mind at ease. You already have used some very good programs, I would suggest following through each of the steps found in the link provided by Ronjor. At the end are further links to threads discussing securing your PC and what is sensible...

    Hope this helps...

    Cheers :D
     
  12. DX'er

    DX'er Guest

    Where is this virus picked up, does anyone know? I know it would be hard to pinpoint exactly, but maybe there's a 'typical norm' out there as to where it comes from.
     
Thread Status:
Not open for further replies.