Dr Web found these viruses......

Discussion in 'malware problems & news' started by Spyros, Jan 4, 2004.

Thread Status:
Not open for further replies.
  1. Spyros

    Spyros Guest

    I scanned today my system with Drweb 4.30a and it found the following: Parite, IRC.Randon, Trojan.flood 22016 ( i didn't find any additional info for this in any place i searched). My operating system is Windows 98SE. Drweb deleted the following 2 infected files located in the folder windows\system\wbem\support\drivers: The first one was disdn.exe (infected with trojan.flood2016) and the second was sysroot.cab (infected with IRC.Randon). Several exe files were infected with Parite. The problem is that i am still infected. I looked in registry unde the run key to see if there are any strange programs running at startup but i found nothing. I can connect to the internet but can't see any web pages, also drweb can make any updates.
     
  2. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,330
    Location:
    Netherlands
    Hi Spyros,

    Could you please follow the intructions in this post:
    http://www.wilderssecurity.com/showthread.php?t=15913
    HijackThis also shows any strange/missing files in your winsock, and I think that could be your problem.

    Regards,

    Pieter
     
  3. infini

    infini Registered Member

    Joined:
    Oct 11, 2002
    Posts:
    110
    Thanks for replying, i will check it :) About every five minutes Zonealarm pops up this message" Zonealarm has blocked internet access to your computer (TCP Port 135) from ip 212.251.123.22 (port3304). Sometimes 22 changes to 16 and the tcp port from 3304 to 3361. Checking againg the run key in the registry i found out that there was a new entry called remotecontrol. The file next to thsi entry was windows\syste\rmctrl.exe
     
  4. bigc73542

    bigc73542 Retired Moderator

    Joined:
    Sep 21, 2003
    Posts:
    23,873
    Location:
    SW. Oklahoma
    At the link you will find the cleaning utilitie for the flood trojan also known as coorflood


    http://www.wilderssecurity.com/showthread.php?t=16405
     
  5. illukka

    illukka Spyware Fighter

    Joined:
    Jun 23, 2003
    Posts:
    633
    Location:
    S.A.V.O
    do you have PowerDVD XP 4.0 installed, if you have that would explain the remote control thing.. if you haven't installed it then it's another story..

    http://www.kephyr.com/filedb/index.php?search=RemoteControl

    here's a removal tool for the parite virus AKA:pinfi
    http://www3.ca.com/files/virusinformationandprevention/clnpinfi.zip
     
  6. infini

    infini Registered Member

    Joined:
    Oct 11, 2002
    Posts:
    110
    Thanks for your help! I have installed PowerDVD 5. Anybody knows what the files disdn.exe and sysroot.cab are used for?
     
  7. illukka

    illukka Spyware Fighter

    Joined:
    Jun 23, 2003
    Posts:
    633
    Location:
    S.A.V.O
    google doesn't know them, try to scan them with kaspersky online: http://www.kaspersky.com/remoteviruschk.html
    and submit them to your av vendor
    if you can CC me illukka@dslr.net i'd appreciate it
     
  8. infini

    infini Registered Member

    Joined:
    Oct 11, 2002
    Posts:
    110
    I run the romoval tools bur found nothing. Drweb has deleted the two files i mentioned so it is impossible to send them to kaspersky for checking. Pieter_Arntz, i run HijackThis but i didn't find an option to show strange or missing files in winsock. I suspect that some important windows files are missing, that's why i can't connect to any sites or updating the antivirus. I reinstalled dial-up networking from the add-remove programs, with no result.
     
  9. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,330
    Location:
    Netherlands
    Hi infini,

    Could you copy & paste the content of that log file into your next post?
    Maybe someone here can spot something.
    Any odd entries in the winsock should be listed under O10 by the way.

    Regards,

    Pieter
     
  10. infini

    infini Registered Member

    Joined:
    Oct 11, 2002
    Posts:
    110
    First of all I would like to thank everyone who replied to my posts. I uninstalled and reinstalled Internet Explorer with no result. I uninstalled Drweb, reinstalled windows, and my internet connection was ok! I reinstalled Drweb but i had problems again with internet! I uninstalled it and everything is ok. Could Drweb cause some problems in Internet? I was trying to update it and always getting the message" The connection with the server could not be established". I have many alerts from Zonealarm that it is blocking access to my computer from an ip that starts with 212.251
     
Loading...
Thread Status:
Not open for further replies.