Help!

W32/Spybot.FS

  
  
Post new topic   General Reply to Topic (not reply to a specific post)    Forums Home -> Spybot S&D RSS
Next:  w32.spybot.worm  
Author Message
John Gawe
External


Since: Jan 23, 2006
Posts: 9
PostPosted: Mon Jan 23, 2006 1:30 pm    Post subject: W32/Spybot.FS
Archived from groups: alt>comp>virus (more info?)
Hi there,

anybody help with this one?

John
Back to top
John Gawe
External


Since: Jan 23, 2006
Posts: 9
PostPosted: Thu Jan 26, 2006 7:41 am    Post subject: Re: W32/Spybot.FS [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
"David H. Lipman" <DLipman~nospam~@Verizon.Net> schrieb im Newsbeitrag news:h0aBf.8388$Fb3.4256@trnddc08...
> From: "John Gawe" <wegasoft DeleteThis @bigfoot.com>
>
> | Hi there,
> |
> | anybody help with this one?
> |
> | John
>
> Why didn't you return to the other post on the subject matter befor posting here ? I gave
> you a set of instructions and a tool to remove the SpyBot worm.
>
> Have you tried it yet ?

Well David, I did.
But it doesnīt work.
This s* is still here..

John
Back to top
John Gawe
External


Since: Jan 23, 2006
Posts: 9
PostPosted: Thu Jan 26, 2006 7:41 am    Post subject: Re: W32/Spybot.FS [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
"Art" <null RemoveThis @zilch.com> schrieb im Newsbeitrag news:g1t9t1pv5ds9oinhl012bqu5qobnfe3c4l@4ax.com...
> On Mon, 23 Jan 2006 13:30:07 +0100, "John Gawe" <wegasoft RemoveThis @bigfoot.com>
> wrote:
>
> >Hi there,
> >
> >anybody help with this one?
>
> There are detailed descriptions available, though I found I had to use
> a language translation service to translate from spanish to english.
> It looks pretty easy to remove manually. It's a rather old (2004)
> Trojan that is very likely to be handled by a number of antivirus
> products. Try the KASFX download from my web site. Let us know
> how its Kaspersky scan engine handles the infection, and what malware
> name(s) it finds.

KAV couldnīt help

John
Back to top
John Gawe
External


Since: Jan 23, 2006
Posts: 9
PostPosted: Fri Feb 03, 2006 9:51 am    Post subject: Re: W32/Spybot.FS [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
"David H. Lipman" <DLipman~nospam~@Verizon.Net> schrieb
> From: "John Gawe" <wegasoft.TakeThisOut@bigfoot.com>
>
>
> |
> | Well David, I did.
> | But it doesnīt work.
> | This s* is still here..

> What is the fully qualified name and path to the infected executable ?

I couldnīt find it jet.

> What software identified "W32/Spybot.FS" ?

There was no software.
I did a google search for "yyy.htm" - this is shown on every popup.
Google found a spanish-site.

See Arts answer above

Then I tried Xoftspy.
It found a trojan entry in the registry. Something like "TR/Drop.Parado.a.1"
I deleted the entry and the file.

But then I found 3 suspect dll files in "Win2000/System32":
Wierd filenames, like: 045785B145.dll size of 229 KB
But Hijackthis says: these are Systemfiles and put them in O20 =

O19 - User stylesheet hijack
O20 - AppInit_DLLs autorun Registry value, Winlogon Notify Registry keys
O21 - ShellServiceObjectDelayLoad (SSODL) autorun Registry key

When I try to delete one of these suspect dlls, they will be immediatly
back.

Still donīt know what to do.

John

John
Back to top
Display posts from previous:   
Post new topic   General Reply to Topic (not reply to a specific post)    Forums Home -> Spybot S&D All times are: Eastern Time (US & Canada) (change)
Page 1 of 1

 
 You can post new topics in this forum
You can reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum