Trojan horse.downloader.vb.ec--help!

[Rev. Carbuncle Fondue]

Hello,
Frequent reader, seldom poster, here.

Q: How do I get rid of this damned thing? I seem to have removed most
infected files via AVG, but there are still 5 infected files, all in my
Restore. AVG now lists restore files infected with downloader.small. I let
my NAV subscription run out, but resubscribed, and when attempting to run, I
am told to reinstall NAV. I'm using the 2001. Granted, I haven't done any
MS critical updates in a couple months, but this is a bugbear! I cannot
reinstall NAV from CD. I did research on the klezworm which hit me last
summer, and successfully removed, but this bug is keeping me from internet
access to find out how to remove it. And, yes, I've done several scans &
removals in "safe mode" to avoid replication in the restore -- running
Windows ME. I'm a bit of a boob, but not unfamiliar with DOS, if I need to
manually remove some stuff, but would rather have my newly subscribed Norton
take care of it if I can reinstall. So, a multitude of questions, actually.
How can I reinstall NAV? How can I properly name this bug in the rare case
I get through to the internet? How can I keep my wife, who takes internet
courses, from killing me? BTW, the most annoying part of the problem is
adware from "Golden Casino" which seems to load something every time i start
IE.

With many questions,
Carbuncle

 

[Geese_Hunter]

Hello,
Frequent reader, seldom poster, here.

Q: How do I get rid of this damned thing? I seem to have removed most
infected files via AVG, but there are still 5 infected files, all in my
Restore. AVG now lists restore files infected with downloader.small. I let
my NAV subscription run out, but resubscribed, and when attempting to run, I
am told to reinstall NAV. I'm using the 2001. Granted, I haven't done any
MS critical updates in a couple months, but this is a bugbear! I cannot
reinstall NAV from CD. I did research on the klezworm which hit me last
summer, and successfully removed, but this bug is keeping me from internet
access to find out how to remove it. And, yes, I've done several scans &
removals in "safe mode" to avoid replication in the restore -- running
Windows ME. I'm a bit of a boob, but not unfamiliar with DOS, if I need to
manually remove some stuff, but would rather have my newly subscribed Norton
take care of it if I can reinstall. So, a multitude of questions, actually.
How can I reinstall NAV? How can I properly name this bug in the rare case
I get through to the internet? How can I keep my wife, who takes internet
courses, from killing me? BTW, the most annoying part of the problem is
adware from "Golden Casino" which seems to load something every time i start
IE.

With many questions,
Carbuncle

The only thing that will remove it from the restore folder is to turn
off the system restore, removing all restore points, & then turn it back
on to create a new restore point.

 

[FromTheRafters]

Hello,
Frequent reader, seldom poster, here.

Q: How do I get rid of this damned thing? I seem to have removed most
infected files via AVG, but there are still 5 infected files, all in my
Restore.

Purge the restore points.

[snip]

Sorry, I can't help with NAV removal or reinstallation problems other
than to say Add/Remove Programs followed by rnav????.exe from
their website should do the trick.

So, a multitude of questions, actually.
How can I reinstall NAV?

Probably by removing it as thoroughly as possible first.

How can I properly name this bug in the rare case
I get through to the internet?

What bug? The downloader trojan? Purging the restore points
should remove it from your system - however, you may want
to address how it got there in the first place.

How can I keep my wife, who takes internet courses, from
killing me?

Take self defense courses?

BTW, the most annoying part of the problem is adware from
"Golden Casino" which seems to load something every time i
start IE.

You may need to utilize some other removal tools to address the
adware - and while you are at it, you might want to scan for the
spyware that is no doubt also infesting the system.

Ad-Aware is an anti-adware scanner. Spybot S&D is an anti-
spyware scanner (there is some overlap), and if some problems
are not addressed by these programs there is a program called
"Hijack This" that relies on knowledgeable people analyzing the
log file that it creates to help deal with some of these as well as
browser hijackers (which it also seem likely that you have).

 

[Topper]

How do you purge all the restore documents?

I assumed this was automatic when you switched system restore off but this
doesn't seem to be the case as after several attempts its still there.

Ive tried SR off> AVG> Reboot> SR on, SR off> Reboot> AVG but still no luck.

"Rev. Carbuncle Fondue" <[email protected]> wrote in

message news:gthfc.140027$w54.896029@attbi_s01...

Hello,
Frequent reader, seldom poster, here.

Q: How do I get rid of this damned thing? I seem to have removed most
infected files via AVG, but there are still 5 infected files, all in my
Restore.

Purge the restore points.

[snip]

Sorry, I can't help with NAV removal or reinstallation problems other
than to say Add/Remove Programs followed by rnav????.exe from
their website should do the trick.

So, a multitude of questions, actually.
How can I reinstall NAV?

Probably by removing it as thoroughly as possible first.

How can I properly name this bug in the rare case
I get through to the internet?

What bug? The downloader trojan? Purging the restore points
should remove it from your system - however, you may want
to address how it got there in the first place.

How can I keep my wife, who takes internet courses, from
killing me?

Take self defense courses?

BTW, the most annoying part of the problem is adware from
"Golden Casino" which seems to load something every time i
start IE.

You may need to utilize some other removal tools to address the
adware - and while you are at it, you might want to scan for the
spyware that is no doubt also infesting the system.

Ad-Aware is an anti-adware scanner. Spybot S&D is an anti-
spyware scanner (there is some overlap), and if some problems
are not addressed by these programs there is a program called
"Hijack This" that relies on knowledgeable people analyzing the
log file that it creates to help deal with some of these as well as
browser hijackers (which it also seem likely that you have).

 

[Gabriele Neukam]

On that special day, Rev. Carbuncle Fondue,
([email protected]) said...

Granted, I haven't done any
MS critical updates in a couple months, but this is a bugbear!

With "bugbear", did you mean that one?

http://vil.nai.com/vil/content/v_101162.htm

"The email may carry the worm in a MIME HTML file, constructed to run
the worm when the HTML is viewed. (Please see the Exploit-Codebase
description for more information.)"

Better do the updates. Or don't use IE, use something different.


Gabriele Neukam

(e-mail address removed)

 

[FromTheRafters]

How do you purge all the restore documents?

I assumed this was automatic when you switched system restore off but this
doesn't seem to be the case as after several attempts its still there.

I have been told that that is all that is required, but I always
thought reboots were needed.

Disable restore
Reboot
Re-enable restore (if desired)
Reboot again

Ive tried SR off> AVG> Reboot> SR on, SR off> Reboot> AVG but still no luck.

Purging the restore point doesn't require the AV program. It
is similar to just emptying the trash. Scanning while restore is
disabled might just be for those desiring to keep their restore
points yet still removing the malware within. I don't have any
such restore feature on my Win98 machine, so I can't confirm
this by experimenting.