Stubby.A

Discussion in 'adware, spyware & hijack cleaning' started by Mauveen, Feb 2, 2004.

Thread Status:
Not open for further replies.
  1. Mauveen

    Mauveen Guest

    I run windowns XP and I have just done a on-line scan with Trends @housecall' it tells me that I havce a trojan call 'stubby.A' I had this trojan over the weekend and got rid of it. But now it seems to have returned but TDS 3 doesn't detect it. Can anyone give me some advise as I'm new to program.
     
  2. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,332
    Location:
    Netherlands
    Hi Mauveen,

    Could you please give us the full path (location) where this trojan is found?

    Regards,

    Pieter
     
  3. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Hi Mauveen, This is spyware so may not be detected by TDS3. I cannot find it in the TDS primaries list but nevertheless.
    If you can trace the file as Pieter has asked, can you please zip it and send to : submit@diamondcs.com.au
    I am wondering if you have execution Protection installed?
    Also did you scan with all the scan options selected.
    Almost forgot, have you downloaded the latest radius file from here:
    http://tds.diamondcs.com.au/index.php?page=update Follow the instructions on the page.

    Thanks Pilli
     
  4. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    Googling around i see it mentioned a trojan downloader, indicating spyware. But first answer Pieter please about it's location as i guess Pieter has a workable solution in mind and send a sample to the address Pilli gave.
     
  5. morbeens

    morbeens Registered Member

    Joined:
    Feb 2, 2004
    Posts:
    6
     
  6. morbeens

    morbeens Registered Member

    Joined:
    Feb 2, 2004
    Posts:
    6
    Hi

    Sorry to have been so long in getting back, but there are lots of stange thing happening on my PC.

    I had the virus 'mydoom' as well, so was trying to get rid of that as well. I managed to get rid of 'mydoom.a' and 'stubby.A'. This is what the Trend on line scanner is telling me, but when I rund my installed version of AVG.6, Mydoom has definately gone but stubbly remains.
    Everytime I run the test is gives a different file. The path is as follows:- C:\docume~1\owner\locals~1\temp\V3T53Ca03636 or V3VG3Ca03740 or V553CA03120.

    I hope I've replied OK as I've never joined a forum before
     
  7. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,332
    Location:
    Netherlands
    Hi morbeens,

    Nice to see you joined us. :)

    I will remove your first post after I finish this one. ;)

    First, make sure you have Hidden files/folders showing.
    Launch My Computer from the Desktop Icon.
    Select View, Details.
    Select the Folders button.
    Select Tools, Folder Options. Then select the View Tab. Select the Show hidden files and folders radio button is selected
    and that the Hide file extensions for known file types check box is unchecked. Once this is done, select Apply and then
    Like Current Folder (located near the top of the Folder Options box). Then select OK.

    Then navigate to the C:\documents and settings\owner\local settings\temp folder and empty (NOT delete) it.

    If stubby returns after you rebooted, please follow the instructions in this post:
    http://www.wilderssecurity.com/showthread.php?t=15913

    Regards,

    Pieter
     
  8. morbeens

    morbeens Registered Member

    Joined:
    Feb 2, 2004
    Posts:
    6
    When you say empty it, do you mean 'select all' from inside the folder and then delete rather that just deleting the whole folder, only I have something like 795 files in this 'temp' folder.
     
  9. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,332
    Location:
    Netherlands
    Hi morbeens,

    Select all of them and then delete the content of that folder.

    A temp folder is as it's name indicates a temporary storage facility and it is a matter of housekeeping to clean them out on a regular basis, where Windows fails to do that itself.

    Regards,

    Pieter
     
  10. morbeens

    morbeens Registered Member

    Joined:
    Feb 2, 2004
    Posts:
    6
    Thanks, thats what I thought you meant so went ahead and did it anyway last night.

    Unfortuneately in doing so 'Mydoom' has re-infested me. This time I used a more powerful virus program 'Sophas' on a trial basis, but that has only found me even more viruses which are in my 'system retore' as well. Some of which are password protected and cannot clean or delete. Though I must say I seem to have lost 'Stubby'

    Unless I can find away of removing these other virused files, I think I will have to reformat my HD and re-install XP. Which probably will save me time in the long run. Thanks anyway for your help, its back to the drawing board for me.

    Morbeans
     
  11. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,332
    Location:
    Netherlands
    Hi morbeens,

    No need to reformat over malware found in your Restore Points.
    I would advise you to disable System Restore, reboot and re-enable System Restore.
    Do a full scan until you are satisfied you are clean and make a manual Restore Point.

    More information about dis- and enabling System Restore for Windows XP can be found here:
    http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001111912274039

    Regards,

    Pieter
     
  12. morbeens

    morbeens Registered Member

    Joined:
    Feb 2, 2004
    Posts:
    6
    Many thanks, will give it a try tonight, but at the moment I cant even get onto the internet from my machine at home using internet explorer, I have had to install a old copy of msn explorer and its just getting really p****d off
     
  13. morbeens

    morbeens Registered Member

    Joined:
    Feb 2, 2004
    Posts:
    6
    Hi Pieter,

    Many thanks your a diamond, I now have a clean machine, you guys are wonderful.

    Morbeens :D
     
  14. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,332
    Location:
    Netherlands
    Glad we could help. :)

    Pieter
     
Thread Status:
Not open for further replies.