![[AK]Clay is offline](images/statusicon/user-offline.png)
![[AK]Clay's Avatar](image.php?s=1c0b39bdc0245cee33532322340c976d&u=239&dateline=1254266727 "[AK]Clay's Avatar")
I got hit by something tenatious in the last couple days that's giving me a tough time of it. I'm posting this because it may get some others here too - particulaly those using MYIE2 and IE
Source:
Unknown - but suspect related to MYIE2 usage. Using Firefox now with reliable performance.
Name:
Downloader.agent.BF (or something similar to that). I see that troj_Agent.AC is currently the number 1 virus out there - so it's probably some form of it.
Description:
This is a tenatious little bastard that AVG (my virus scanner) pops up and starts saying files in the Windows directory are infected with. The more you move around, the more it starts infecting files. So far, AVG has identified the following files as infected:
C:\Windows\:
iesw.exe
d3cd32.exe
addgo32.exe
\System32\:
crne.exe
bzndo.dll
notqf32
ulgpr.dll (this one's annoying, because this is somehow involved in hijacking IE - had to use regedit to kill this one out)
javadav32.exe
javaave32.exe
iditk.dll
sysuv32.exe
rraag.dll
I don't know how many of the above are legit windows files that are infected - or are complete viruses.
The good news is AVG finds these and fixes them. The bad news is that AVG does not appear to be able to eliminate the virus, becuase it keeps coming back. Particulaly when you launch IE.
Behavior:
For now, it looks like it's staying within the Windows and Windows\System32 directories, infecting dll's and exe's only. I haven't discovered any data corruption, key logger evidence, or other particularly nasty behavior. But it is fast. The more you let it build in your system, the faster it starts infecting. I've been running AVG and adware ALOT today. It doesn't appear to have seriously damaged anything, but panic'd behavior can do that for you!
Fix:
Not sure. Adaware 6.0 JUST came out with a patch late this evening that found a bunch of new registry hacks that it fixed. But the problem came back for me. AVG finds and fixes infected files, but the problem came back for me. I updated Windows today - there were 2 new critical updates (you'd think they would have found most of the holes by now) and installed. The good news is some of the damage I did by panic deleting files I probably shouldn't have appeared to be repaired by the updates, because Windows stopped whinning on boot-up. The bad news is, the problem came back. It's buried in here somewhere.
My current status:
Oddly, I can't get the virus to act up anymore and AVG and Adaware are no longer finding anything. I'm not sure why this is - I haven't done anything seriously new.
There is one item that I'm suspect about. in my Task manager there is something called d3cn32.exe running. I don't know what this is, and can't find anything on it on a google search. I've ended the execution, and like I said, it's all quiet now - pretty suspicious. Before I nuke this file from my Windows directory, do any of you know what this might be?
Here's a handy link - you may need this. There is a fix program in it. I just ran it while typing this. It may help - may not. Needless to say, I'm not entering anything into MSMoney right now. Thank goodness I don't have any sensative financial info stored on my PC - and I keep my simple MSMoney checkbook registry is passworded and without account numbers.
http://www.trendmicro.com/vinfo/default.asp?sect=TT
Reply With Quote![[AK]Hylander's Avatar](image.php?s=1c0b39bdc0245cee33532322340c976d&u=96&dateline=1079721188 "[AK]Hylander's Avatar")
![Send a message via ICQ to [AK]Hylander](images/misc/im_icq.gif)
![Send a message via AIM to [AK]Hylander](images/misc/im_aim.gif)
![Send a message via MSN to [AK]Hylander](images/misc/im_msn.gif)
![Send a message via Yahoo to [AK]Hylander](images/misc/im_yahoo.gif)
![[AK]Sonic Boom's Avatar](image.php?s=1c0b39bdc0245cee33532322340c976d&u=183&dateline=1126673976 "[AK]Sonic Boom's Avatar")
