|
-
January 13th, 2003, 05:43 PM
#1
Senior Member
virus like activity
it seeems to me that its a little odd.. or has been already been in the forums but here is the prob,,,,,,
i see two files in every folder of my WinME box... folder.sommething HTTP.something
a very well known pc magzine told me that its a vb script virus followed by an ellaborated method to remove it by changing some keys in the registry (actually deleting few keys around 10 ) but it didnt work.........
now my suspicion is that possibily this activity is some other form of microsofts snooping or so called value added services if not then can u ppl provide me with a good remedy whcih works coz it has slowed down my sys noticebaly.
thanx
ah nortan did not catch anything
Better Laugh At Your Own Problems..
Coz...The World Laughs At Them
-
January 13th, 2003, 05:56 PM
#2
Do a search on the virus' name you found in the mag... Then look up more information on it's name (virii are given specific names like virii.d) - maybe you could find the source code, this almost always help me when i'm dealing with script virii, although this usually does not work with File virii (or any virii written in ASM, cause i don't know ASM)...
Sorry I couldn't help :-(
yeah, I\'m gonna need that by friday...
-
January 13th, 2003, 06:34 PM
#3
Senior Member
the mag did not give a name just said that its an vb script polymorphic (or something similar) virus..... the reason taht i am using so much of something is that i dont have the mag + my box with me at this moment
Better Laugh At Your Own Problems..
Coz...The World Laughs At Them
-
January 13th, 2003, 06:47 PM
#4
Re: virus like activity
Originally posted here by coolnads
it seeems to me that its a little odd.. or has been already been in the forums but here is the prob,,,,,,
i see two files in every folder of my WinME box... folder.sommething HTTP.something
a very well known pc magzine told me that its a vb script virus followed by an ellaborated method to remove it by changing some keys in the registry (actually deleting few keys around 10 ) but it didnt work.........
now my suspicion is that possibily this activity is some other form of microsofts snooping or so called value added services if not then can u ppl provide me with a good remedy whcih works coz it has slowed down my sys noticebaly.
thanx
ah nortan did not catch anything
Your really not giving us much to go on here mate. Can you supply a couple of the 'real' file names (folder.sommething HTTP.something) really doesn't help much? Can you remember the Reg Keys you changed or deleted? You say it's "slowed down" your system, what processes are running, is it attempting an outbound Internet connection?
Try and give us as much detail as possible, maybe then, we can help you.
Cheers:
-
January 13th, 2003, 11:34 PM
#5
Junior Member
Have you recieved any strange emails lately that came with a .vbs attachment and that you opened? If so posting the text of the email may help in determining the type of virus.
[shadow]The hunter who chases two rabbits catches neither[/shadow] - Zen Master
All programmers are playwrights and all computers are lousy actors.
-
January 13th, 2003, 11:48 PM
#6
Coolnads
have a look at the info on a virus called Redlof.
http://www.sophos.com/virusinfo/anal...bsredlofa.html
Does this match what you are seeing?
A quote from the page above might also assist
"VBS/Redlof-A specifically targets the file folder.htt, which is stored as a hidden file in the web folder under Windows. Folder.htt is used as the template for information stored when viewing folders as webpages. If it exists it will be infected and also copied to kjwall.gif which is stored in the same directory. "
Don't get me wrong, i'm not saying it is, but have a look, and see if it might be.
------------------------------------------------------------------------------
All virus info from Sophos's website http://www.sophos.com
------------------------------------------------------------------------------
Regards
-
January 14th, 2003, 04:21 AM
#7
Senior Member
folder.htt and desktop.cfg i couldnt give u the names before as i thought it would be a pretty common question... and ppl will ahve some idea above all i was not working on my winMe box because this virus does slow down the dial up connection .... actually my dial up connection gets disconnected frequently and this has started happening only after these files have crept in... but i m not saying that there could not be other reasons......
no strange emails have been received and i dont use outlook.
it does not seem to be the Redlof coxzz there is no such gif file but still ill give the try.
There are no spl p[rocess running except mdm and ctfmon which i have tried removing from the startup but they still jump righyt back (i tried removing ctfmon from the mS setup as directed my microsoft)
here am i ... it seems with all the details.......
Better Laugh At Your Own Problems..
Coz...The World Laughs At Them
-
January 14th, 2003, 04:53 PM
#8
A search of the F-Secure database produced two hits, one is the Virus which bofhandpfy already mentioned (Redlof) and the other one is Happytime. Check the following links for information.
Happytime
Redlof
Good Luck
Cheers:
-
January 17th, 2003, 06:49 PM
#9
Member
These are system files used when you enable "Web View" in Windows Explorer
i.e. microsoft created them
Cheers
.....Brain Failure....dumping core.... z z z
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote
