Discussion in 'other anti-trojan software' started by tragic001, Jul 10, 2003.
Can you try and delete them in safe mode??
Why CONFLICT Directories Are Created During Code Download
How to Remove an ActiveX Control in Windows
Send a copy to firstname.lastname@example.org if you can, thanks
Darn, sorry guys but i booted to safe mode and deleted it from there. I wish i looked back at the forum so i could send it to both Mischel and Gavin.
On scanning now with TH, i only get the C:\windows\Downloaded Program Files\UGO20.exe showing now. But i can find no trace of it on the computer
The other entry, the Conflict folder i deleted in safe mode.
Do you think the pc is now clear of this beast?
Here we go again I thought i deleted the darn thing, but its still there. Using windows explorer to check the downloaded program files, i see nothing. I then typed the full address in the addy bar for the ugo20.exe and up come windows with a diaglogue box saying " you are downloading the ugo20.exe from windows"
I saved it to desktop and will now send it to gavin and mischel. But how do i get rid of the darn thing
Hello tragic001, Did you do as suggested earlier and download a trial copy of TDS3 + the the latest radius file from the www.diamondcs.com.au? This may be able to delete it if it is a known Trojan.
I have downloaded the trial version of TDS but i am unable to get the updates to install for the radius files. I have downloaded it to my desktop, where do i put it as windows says it cannot open this file.
Put it in the TDS directory, overwriting the existing file. Restart TDS and perform the full system scan (which could take some time - don't worry, it's scanning deep...)
Ok i downloaded and installed the new radius updates. I ran the full system scan and the results show negative.
TH still picks it up, spybot and adaware do not. At a loss as to how i can get rid of the pest.
Sounds good - could be pointing to a false positive (which wouldn't be strange, since you have enabled heuristics in TrojanHunter.
No need to be at a loss at all: you've submitted the file to Magnus and Gavin for examination. It might go over the weekend, but be assured they will come up with an analysis. For the moment: just block outgoing traffic for this one.
btw: is: www.imagestation.com where you have uploaded this screen shot? If so, please upload images using the feature while posting - thanks
Did you send a copy to MM & Gavin?
Did you have all the options ticked in the configuration menu? - If you are running XP W2K you can tick the first box, leave initialise sockets unticked.
In the scan options tick everything, open the generic tab & tick both boxes, move the heuristics control to high and rescan " all hard drives"
I found this link: http://miataru.computing.net/security/wwwboard/forum/5219.html
Thanks Paul and Pilli,
Sorry about the image station, will remember next time.
I have submitted the file to both Mishel and Gavin and i have already received a reply from Mischel.
Unfortunately neither adaware of spybot detect it. I have re-run TDS as outlined by Pilli but again nothing showed up. Ran NOD32, negative also. Just TH still finding the UGO20.exe.
As you say Paul, i have refused access via my firewall but would like to know how i can get ridof it.
Thanks to all.
Here is the link for Rapidblaster Killer:
Thanks Martin, but already came up negative with that one, ran it again, but still negative.
Search your registry for win250dollar. Delete all references.
If there is nothing there, search your Windows folder, then your entire hard drive.
Thanks again Martin, but that came up negative. Found no trace whatsoever.
Please download Regclean, maybe it can filter some garbage out of your registry.
Is your startpage the same when you open your browser or has it changed??
Can you download this BHO prog. to see what browserhelpers are installed on your system.
Can you show me the BHO list on your system.
Can you check your registry for "e2give"
Could you please try the following:
In IE > Tools > Internet-options > General tab > Settings > View objects
Is the Conflict.1 folder showing there and if so, can you remove it from there.
And the BHO list??
Hi Martin, i seem to be having probs uploading using wilders. No my startup page has not changed at all. The results of the scan you asked for are below. I hope.
Sorry Paul, but the attach thingy is not working for me...
Thanks Pieter, but did manage to delete the conflict folder in safe mode. Its the exe one that will not go away....lol
Can you scan your registry for "e2safe"
Can you find this string:
Martin, is there a quick way to do that?? I mean the registry is huge and to look for that is gonna take me forever....lol. If you know a quicker way, i would prefer, if not, i shall be burning the midnight oil here...
open registry, select on the left pane - this computer, click edit, search, enter "e2safe" and search.
Separate names with a comma.