-
February 5th, 2005, 08:20 PM
#1
Pulling my hair out
After allowing some careless family members to use my computer I have been stricken by a multitude of virii.
My antivirus (EZ trust antivirus) does not delete them and I cant find them through a manual search to do it.
These are them:
\Local Settings\Temporary Internet Files\Content.IE5\VQWBVXO1\S722[1].ZIP>plugins/s7sniffer.dll - Win32.SubSeven!plugin trojan.
\Local Settings\Temporary Internet Files\Content.IE5\VQWBVXO1\S722[1].ZIP>plugins/matrix.dll - Win32.SubSeven!plugin trojan.
\Local Settings\Temporary Internet Files\Content.IE5\VQWBVXO1\S722[1].ZIP>plugins/icqpwsteal.dll - Win32.SubSeven!plugin trojan.
\Local Settings\Temporary Internet Files\Content.IE5\VQWBVXO1\S722[1].ZIP>plugins/s7advanced.dll - Win32.SubSeven!plugin trojan.
\Local Settings\Temporary Internet Files\Content.IE5\VQWBVXO1\S722[1].ZIP>plugins/s7capture.dll - Win32.SubSeven!plugin trojan.
\Local Settings\Temporary Internet Files\Content.IE5\VQWBVXO1\S722[1].ZIP>plugins/s7fun1.dll - Win32.SubSeven!plugin trojan.
\Local Settings\Temporary Internet Files\Content.IE5\VQWBVXO1\S722[1].ZIP>plugins/s7fun2.dll - Win32.SubSeven!plugin trojan.
\Local Settings\Temporary Internet Files\Content.IE5\VQWBVXO1\S722[1].ZIP>plugins/s7takeover.dll - Win32.SubSeven!plugin trojan.
\Local Settings\Temporary Internet Files\Content.IE5\VQWBVXO1\S722[1].ZIP>plugins/s7keys.dll - Win32.SubSeven!plugin trojan.
\Local Settings\Temporary Internet Files\Content.IE5\VQWBVXO1\S722[1].ZIP>plugins/s7moreinfo.dll - Win32.SubSeven!plugin trojan.
\Local Settings\Temporary Internet Files\Content.IE5\VQWBVXO1\S722[1].ZIP>plugins/s7passwords.dll - Win32.SubSeven!plugin trojan.
\Local Settings\Temporary Internet Files\Content.IE5\VQWBVXO1\S722[1].ZIP>plugins/s7scanner.dll - Win32.SubSeven!plugin trojan.
\Local Settings\Temporary Internet Files\Content.IE5\VQWBVXO1\S722[1].ZIP>server.exe - Win32.SubSeven.AM trojan.
\Local Settings\Temporary Internet Files\Content.IE5\VQWBVXO1\S722[1].ZIP contains infected files.
Please someone tell me how to get rid of them the right way.
Thanks
-
February 5th, 2005, 08:28 PM
#2
try using hosecall.trendmicro.com its a free online virus scanner, and it works damn well.
-
February 5th, 2005, 08:32 PM
#3
All of thse appear to be installed with subseven - from what you've posted it appears you have several different variations of the trojan - here's the search page on symantec.com for the different varieties and their removal instructions:
http://search.symantec.com/custom/us/query.html
Good luck and hope that helped!
Even a broken watch is correct twice a day.
Which coder said that nobody could outcode Microsoft in their own OS? Write a bit and make a fortune!
-
February 5th, 2005, 08:37 PM
#4
Safe Mode
I'd recommend booting into Safe Mode (F8 at boot screen) and manually removing the ZIP file. Since it's just detecting these in a ZIP file you may not be infected...but more investigation would be needed to determine that.
After removing the ZIP file, scan the whole PC (while still in safe mode) with your anti-virus scanner --it *is* up-to-date signatures-wise right?
Things to check/do:
* Boot normally and run _netstat -an_ (assuming this is a Win2K or XP box). Review list of IPs in Foreign Address column to see if PC is connecting to any Internet IPs that you dont recognize. Also look at the port number (which is after the colon). SubSeven could run on many diff ports but the default is 27374 and 27573. Check here for list of ports http://andrew.triumf.ca/ports/sophos.html
* Symantec has instructions here on how to remove SubSeven: http://www.symantec.com/avcenter/ven...alinstructions
* Boot into Safe Mode with Networking and scan with Internet-based anti-virus scanner:
Symantec has one http://security.symantec.com/sscv6/d...d=ie&venid=sym
Trend Micro has one http://housecall.trendmicro.com/
Hope this helps. Good luck.
-
February 5th, 2005, 08:52 PM
#5
KISS = KEEP IT SIMPLE STUPID
Every file you listed was "\Local Settings\Temporary Internet Files\Content.IE5" so why don't you simply empty your temporary internet files and be done with it?
Now you probably have some more that are not showing in your temporary files and after you empty your temporary internet files and cashe, I would run something like Trend 'Housecall' to remove the rest.
\"Life should NOT be a journey to the grave with the intention of arriving safely in an attractive and well preserved body, but rather to skid in sideways, Champagne in one hand - strawberries in the other, body thoroughly used up, totally worn out and screaming WOO HOO - What a Ride!\"
Author Unknown
-
February 6th, 2005, 12:36 AM
#6
BlackIce I hope you don't mind if I take your link...
http://********firefox.com/
"Content.IE5\"
Whats that? Haven't seen that in years.
Get Firefox, perfered by most -- secure (for the most part).
Cheers
-
February 6th, 2005, 08:53 AM
#7
Hey Hey,
First off: Why do people want to constantly push Firefox and think everyone should replace IE.... I visit many websites which I MUST use IE for... I had to install IE on Linux just to be able to access the pages properly... Some people like to use IE... and you people that come on here and say "Get Firefox... it'll fix all your problems"... BULLSHIT!... smart computing practices fix your problems.... Firefox has a cache, Netscape has a cache.. every browse these days has a cache.... He's most likely accessed the file at some point for it to be in his Temporary Internet files... don't blame IE for stupid users... and stop pushing Firefox... you're as bad as people that push Linux as a fix to Microsoft.... it's not relevant...
Anyways... now that I've ranted... clear the cache like moxnix said....
The other thing I'd recommend is getting rid of your AV... and replacing it with something better... We use eTrust in our corporate environment and since switching from Norton to it (gotta love when cost plays a roll) we're constantly being infected by viruses.... I've ran tests that show eTrust to be rather awful... out of my office (since we work on individuals computers)... we offer eTrust (we have it licensed for them) and AVG Free .... everyone wants AVG.... from the most experienced computer users to the ones that say my roommate got eTrust and she's got viruses now...
Basically someone in your house downloaded subseven... They clicked the open button... and it was saved to your temp files.... they opened it looked at it and closed it.. now the zip is till there... it's really not too much of a concern... I have friends that collect viruses, as long as they're zipped it's no big deal... btw it is viruses... not virii.. there have been several discussions on here regarding that topic..
As for your multitude of viruses, you don't have a single virus... You've got one Trojan and the associated files about it.... it's not really the end of the world... clear your Temp files... install real AV and run a scan... you'll be good to go.
Peace,
HT
-
February 6th, 2005, 09:20 PM
#8
I never said IE wasn't secure, for the most part it is if you know what your doing. This is the new age, FireFox has something new, something secure (AGAIN for the most part).
All I was doing was recommending, either you take it or you don't.
Obviously Firefox can't protect aganist anothers downloading habits.
Now as for a(n) AV I prefer Symantec.
We all differ in preference...
Cheers
-
February 7th, 2005, 06:35 PM
#9
If you're running XP don't forget to turn off the system restore prior to cleaning!
-
February 7th, 2005, 06:40 PM
#10
Why do people want to constantly push Firefox and think everyone should replace IE.... I visit many websites which I MUST use IE for... I had to install IE on Linux just to be able to access the pages properly... Some people like to use IE... and you people that come on here and say "Get Firefox... it'll fix all your problems"...
Never once have I said Firefox will fix all the problems. I support it and push it because it beats the living hell out of MSIE, plain and simple. There are certain sites I still need to use IE for, but they're becoming fewer and fewer - MS Update and a scant few others Mrs. |ce needs. I show the link and logo in my signature because I'd dearly love to see FF become the industry standard rather than the exception - perhaps then MS will get off its bum and fix the things in its product that have been needing repair for 10 years now.
Even a broken watch is correct twice a day.
Which coder said that nobody could outcode Microsoft in their own OS? Write a bit and make a fortune!
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|