The Trojan horse TR/Click.Verzil.A.5

  • Thread starter Thread starter Haircut
  • Start date Start date
H

Haircut

Hi

I'm new to this group so be gentle, my AV keeps finding the above. Has
anyone heard of it or know how to delete it for good.

I am using Win XP with AntVir Personal the virus is found in the following
location:

C:\DOCUMENTS AND SETTINGS\...\APPLICATION
DATA\MICROSOFT\CRYPTNETURLCACHE\CONTENT\74BFD122C0875EC75DBE5C6DB4C59019

Any info would be apreciated.

ta
 
1) Download the following three items...

Trend Sysclean Package
http://www.trendmicro.com/download/dcs.asp

Latest Trend signature files.
http://www.trendmicro.com/download/pattern.asp

Adaware SE (free personal version v1.05)
http://www.lavasoftusa.com/

Create a directory.
On drive "C:\"
(e.g., "c:\New Folder")
or the desktop
(e.g., "C:\Documents and Settings\lipman\Desktop\New Folder")

Download SYSCLEAN.COM and place it in that directory.
Download the Trend Pattern File by obtaining the ZIP file.
For example; lpt255.zip

Extract the contents of the ZIP file and place the contents in the same directory as
SYSCLEAN.COM.

2) Update Adaware with the latest definitions.
3) If you are using WinME or WinXP, disable System Restore
http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm
4) Reboot your PC into Safe Mode
5) Using both the Trend Sysclean utility and Adaware, perform a Full Scan of your
platform and clean/delete any infectors/parasites found.
(a few cycles may be needed)
6) Restart your PC and perform a "final" Full Scan of your platform using both the
Trend Sysclean utility and Adaware
7) If you are using WinME or WinXP,Re-enable System Restore and re-apply any
System Restore preferences, (e.g. HD space to use suggested 400 ~ 600MB),
8) Reboot your PC.
9) If you are using WinXP, create a new Restore point

* * * Please report back your results * * *

Dave





| Hi
|
| I'm new to this group so be gentle, my AV keeps finding the above. Has
| anyone heard of it or know how to delete it for good.
|
| I am using Win XP with AntVir Personal the virus is found in the following
| location:
|
| C:\DOCUMENTS AND SETTINGS\...\APPLICATION
| DATA\MICROSOFT\CRYPTNETURLCACHE\CONTENT\74BFD122C0875EC75DBE5C6DB4C59019
|
| Any info would be apreciated.
|
| ta
|
|
 
David H. Lipman said:
1) Download the following three items...

Trend Sysclean Package
http://www.trendmicro.com/download/dcs.asp

Latest Trend signature files.
http://www.trendmicro.com/download/pattern.asp

Adaware SE (free personal version v1.05)
http://www.lavasoftusa.com/

Create a directory.
On drive "C:\"
(e.g., "c:\New Folder")
or the desktop
(e.g., "C:\Documents and Settings\lipman\Desktop\New Folder")

Download SYSCLEAN.COM and place it in that directory.
Download the Trend Pattern File by obtaining the ZIP file.
For example; lpt255.zip

Extract the contents of the ZIP file and place the contents in the same
directory as
SYSCLEAN.COM.

2) Update Adaware with the latest definitions.
3) If you are using WinME or WinXP, disable System Restore
http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm
4) Reboot your PC into Safe Mode
5) Using both the Trend Sysclean utility and Adaware, perform a Full
Scan of your
platform and clean/delete any infectors/parasites found.
(a few cycles may be needed)
6) Restart your PC and perform a "final" Full Scan of your platform
using both the
Trend Sysclean utility and Adaware
7) If you are using WinME or WinXP,Re-enable System Restore and
re-apply any
System Restore preferences, (e.g. HD space to use suggested 400 ~
600MB),
8) Reboot your PC.
9) If you are using WinXP, create a new Restore point

* * * Please report back your results * * *

Dave
Click to expand...
<snip>

Hi Dave

Thanks for your help.

I already have adaware and spybot on my system both fully updated and both
used regularly.

I followed your instructions to the letter however the scan did not find
anything.

However just before I ran the scan my AV threw up more notifications listed
below in the logfile:

19/11/2004,21:19:34 WARNING: AVGuard detected a problem in the file
C:\PROGRAM FILES\COMMON FILES\REAL\COMMON\APPADDITIONSDB
INFO: This executable has an invalid start address!
19/11/2004,21:19:34 WARNING: AVGuard detected a problem in the file
C:\PROGRAM FILES\COMMON FILES\REAL\COMMON\APPLOCALDB
INFO: This executable has an invalid start address!
19/11/2004,21:35:58 WARNING: AVGuard detected a problem in the file
C:\PROGRAM FILES\COMMON FILES\REAL\COMMON\APPADDITIONSDB
INFO: This executable has an invalid start address!
19/11/2004,21:35:58 WARNING: AVGuard detected a problem in the file
C:\PROGRAM FILES\COMMON FILES\REAL\COMMON\APPLOCALDB
INFO: This executable has an invalid start address!
19/11/2004,21:34:05 WARNING: The Trojan horse TR/Dldr.IstBar.A!
C:\WINDOWS\AVXOSCAN\SUSPICIOUS\PROMPT[1].HTM
File has been deleted!
 
Back
Top