Embedded HTML

Discussion in 'privacy problems' started by ENT, Jan 30, 2005.

Thread Status:
Not open for further replies.
  1. ENT

    ENT Registered Member

    Joined:
    Jan 4, 2005
    Posts:
    67
    Hi, Does anyone know what embeded HTML means? When Kav scanned it said scan failed because of embedded HTML in sp3res.dll. Just wondering what that means? Thanks, ENT
     
  2. NOD32 user

    NOD32 user Registered Member

    Joined:
    Jan 23, 2005
    Posts:
    1,766
    Location:
    Australia
    May I suggest testing your copy of sp3res.dll on the JOTTI online virus scan web site and I'd be interested to hear the result. http://virusscan.jotti.org/
     
  3. ENT

    ENT Registered Member

    Joined:
    Jan 4, 2005
    Posts:
    67
    Hi, I did the scan but how do you know what the results are? Thanks
     
  4. Bubba

    Bubba Updates Team

    Joined:
    Apr 15, 2002
    Posts:
    11,271
    When the scan finishes....there should be a box similar to the below pic....with the 10 scanner results for your file.
     

    Attached Files:

  5. ENT

    ENT Registered Member

    Joined:
    Jan 4, 2005
    Posts:
    67
    Hi, The box down below showed the same one that was there before my file was scanned. Does that mean that it's not a nasty? Thanks, ENT
     
  6. NOD32 user

    NOD32 user Registered Member

    Joined:
    Jan 23, 2005
    Posts:
    1,766
    Location:
    Australia
    There is a result box that shows the scan result for the file that you submitted. If theres nothing found in it it looks like the one below.
     

    Attached Files:

  7. ENT

    ENT Registered Member

    Joined:
    Jan 4, 2005
    Posts:
    67
    UhhhhOhhhhh! Scanner Malware name Time taken
    AntiVir X 0.28 seconds
    Avast Win32:Ciadoor-024 1.52 seconds
    BitDefender X 1.00 seconds
    ClamAV X 0.81 seconds
    Dr.Web BackDoor.Cia.17 0.98 seconds
    F-Prot Antivirus X 1.24 seconds
    Fortinet Suspicious 0.69 seconds
    Kaspersky Anti-Virus X 2.10 seconds
    mks_vir X 0.43 seconds
    NOD32 probably unknown NewHeur_PE 2.13 seconds
    Norman Virus Control X 8.13 seconds What do I do nowo_O
     
  8. NOD32 user

    NOD32 user Registered Member

    Joined:
    Jan 23, 2005
    Posts:
    1,766
    Location:
    Australia
    The Lavasoft (AdAware SE) threat assesment for cleaning ciadoor is a 1 (v.v.easy) and 0 (none) for integration.
    You can download a free version of AdAware from Lavasoft --> HERE
    Do a full scan / clean as directed in the 'Getting Started' section of the included help file and that SHOULD take care of it. You will have to manually select each item found individually in the free version. After that is completed and you have re-booted your PC perform another scan and make sure it comes up clean.
    You should be aware that one of the things ciadoor is known for is sending out the keys and registration info for your installed software so you may prefer to keep your infected machine offline until you're finished if thats possible.
    I strongly suggest purcasing the plus version to get some real time protection after you have satisfied yourself it will do what you want.
    I haven't personally tried them personally but I also understand that software like SpyBot S&D and Trojan Defense Suite from DiamonCS (elsewhere in this forum) are considered quite reputable.
    Let us know how you go with one of those if thats O.K.?

    Do any mods want to move this to Trojans & Backdoors?
     
  9. ENT

    ENT Registered Member

    Joined:
    Jan 4, 2005
    Posts:
    67
    Hi, forgive me if I sound depressed....I have AD-Aware,Spybot S&D With (Tea Timer), Worm Gaurd, Spywareguard, TrojanHunter, ZoneAlarm Pro, CWShredder, TDS,IDBlaster, SpywareBlaster and Firefox. I don't open Applications, Don't go to naughty sights, and I have a dumb backdoor called Cia.17!.... I am just now trying KAV and since it is the one that found it maybe I've had it for a long time, but who knows? I scanned with everything and nothing but Kav found it but can't get rid of it because it's embedded. Is that right? Is there a way I can get rid of it manually? What else does it do? I am always on not Dial up so I can't get off of here...Thanks for your help, ENT
     
  10. NOD32 user

    NOD32 user Registered Member

    Joined:
    Jan 23, 2005
    Posts:
    1,766
    Location:
    Australia
    During the searching for info it seemed to me the particular variant you have is relatively new or not widely distributed. It's also possible that it's been on your system for a long time undetected.
    I'd be interested to see if my own security would pick it up with its current configuration - how would you feel about emailing a zipped sample to me?
     
  11. ENT

    ENT Registered Member

    Joined:
    Jan 4, 2005
    Posts:
    67
    Hi,That would be fine but I don't have your e-mail address?
     
  12. NOD32 user

    NOD32 user Registered Member

    Joined:
    Jan 23, 2005
    Posts:
    1,766
    Location:
    Australia
    you can email it --> HERE
    :)
     
    Last edited: Feb 3, 2005
  13. ENT

    ENT Registered Member

    Joined:
    Jan 4, 2005
    Posts:
    67
    Hi, I got an e-mail message that you couldn't receive it because it was an illegal attach. o_O?? Thanks, ENT
     
  14. NOD32 user

    NOD32 user Registered Member

    Joined:
    Jan 23, 2005
    Posts:
    1,766
    Location:
    Australia
    ...?
    Got it fine to my inbox - the autoforward probably failed (I keep copies of my mail elsewhere for when I'm away)

    What you emailed me was all clear, so that's good right?

    ...and the file does have a heap of embedded HTML in it. Looks like the same thing repeated for each available windows character set to cater for almost every language.
     

    Attached Files:

    Last edited: Feb 3, 2005
  15. ENT

    ENT Registered Member

    Joined:
    Jan 4, 2005
    Posts:
    67
    Hi, So I can breath a sigh of relief? Wonder why my scan was different? Whazzup? I'm not going to say WHEW! until you say yea! Thanks Nod, ENT
     
  16. NOD32 user

    NOD32 user Registered Member

    Joined:
    Jan 23, 2005
    Posts:
    1,766
    Location:
    Australia
    quote me - yea!
    :)
     
Thread Status:
Not open for further replies.