Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

AIM Instant Message Trojan - Unknown Name [RESOLVED]


  • This topic is locked This topic is locked

#16
Guest_thatman_*

Guest_thatman_*
  • Guest
Hi blueheadsets

To scan individual files for malware analysis, you can use Jotti here: http://virusscan.jotti.org/

C:\I386 bridge (no extension) bridge:.xxx
Paste and copy the report here:


C:\windows\system\drivers (system file) bridge:.xxx
Paste and copy the report here:


c:\windows\servicepackfiles\i386 (system file) bridge:.xxx
Paste and copy the report here:


Thanks

Kc :tazz:
  • 0

Advertisements


#17
blueheadsets

blueheadsets

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
I don't think that was it! ;)

Hi blueheadsets

To scan individual files for malware analysis, you can use Jotti here: http://virusscan.jotti.org/

C:\I386 bridge (no extension) bridge:.xxx
File:    BRIDGE.SY_
Status: 
OK
MD5  3c50e1556906b823777b38d9e3fa417c
Packers detected: 
-
Scanner results
AntiVir 
Found nothing
ArcaVir 
Found nothing
Avast 
Found nothing
AVG Antivirus 
Found nothing
BitDefender 
Found nothing
ClamAV 
Found nothing
Dr.Web 
Found nothing
F-Prot Antivirus 
Found nothing
Fortinet 
Found nothing
Kaspersky Anti-Virus 
Found nothing
NOD32 
Found nothing
Norman Virus Control 
Found nothing
VBA32 
Found nothing
C:\windows\system\drivers (system file) bridge:.xxx
File:    bridge.sys
Status: 
OK (Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database)
MD5  e4e6a0922e3d983728c9ad4e8d466954
Packers detected: 
-
Scanner results
AntiVir 
Found nothing
ArcaVir 
Found nothing
Avast 
Found nothing
AVG Antivirus 
Found nothing
BitDefender 
Found nothing
ClamAV 
Found nothing
Dr.Web 
Found nothing
F-Prot Antivirus 
Found nothing
Fortinet 
Found nothing
Kaspersky Anti-Virus 
Found nothing
NOD32 
Found nothing
Norman Virus Control 
Found nothing
VBA32 
Found nothing
c:\windows\servicepackfiles\i386 (system file) bridge:.xxx
File:    bridge.sys
Status: 
OK
MD5  e4e6a0922e3d983728c9ad4e8d466954
Packers detected: 
-
Scanner results
AntiVir 
Found nothing
ArcaVir 
Found nothing
Avast 
Found nothing
AVG Antivirus 
Found nothing
BitDefender 
Found nothing
ClamAV 
Found nothing
Dr.Web 
Found nothing
F-Prot Antivirus 
Found nothing
Fortinet 
Found nothing
Kaspersky Anti-Virus 
Found nothing
NOD32 
Found nothing
Norman Virus Control 
Found nothing
VBA32 
Found nothing

Kc  :tazz:

View Post


  • 0

#18
Guest_thatman_*

Guest_thatman_*
  • Guest
Hi blueheadsets

What is all this about ;) I do hope it is not directed at me ;)

Most of the items that you are getting is tracking cookie's this is done to how your setting are.

Please read this and follow the guide. How To Better Secure IE

When done post back and we will the look at improving your system defence's.

Kc :tazz:
  • 0

#19
blueheadsets

blueheadsets

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
:tazz: was directed to the fact that those files weren't the problem and not at you at all. I am more than grateful for your assistance! As a matter of fact I planned on asking you do you accept donations or is this strictly volunteer.

Edited by blueheadsets, 23 June 2005 - 09:50 AM.

  • 0

#20
blueheadsets

blueheadsets

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
Ok, I got those IE settings tweaked. Any further ideas at getting rid of Bridge? Did I miss something somewhere in my registry maybe??
  • 0

#21
Guest_thatman_*

Guest_thatman_*
  • Guest
Hi

Pick the bone out of this

When Adware.WinFavorites is executed, it does the following:

1. Attempts to insert the files:
* bridge.dll
* bridge.inf

2. May drop the file:

%System%\a.exe

3. Creates one or more of the following registry keys:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{9C691A33-7DDA-4C2F-BE4C-C176083F35CF}
HKEY_LOCAL_MACHINE\Software\Classes\Bridge.brdg
HKEY_LOCAL_MACHINE\Software\Classes\Bridge.brdg.1
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{78e25b5d-78e25b5d-78e25b5d-78e25b5d-78e25b5d}
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{80BB7465-A638-43B5-9827-8E8FE38DFCC1}
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{9C691A33-7DDA-4C2F-BE4C-C176083F35CF}
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{4FDBDBAD-FEFE-4C4C-9CC1-1181052AFB12}
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{B88A3AF1-4F1B-4400-8FFB-3FCB108CE115}
HKEY_LOCAL_MACHINE\Software\Classes\Jao.jao
HKEY_LOCAL_MACHINE\Software\Classes\Jao.jao.1
HKEY_LOCAL_MACHINE\Software\Classes\TypeLib\{C094876D-1B0E-46FA-B6A6-7FFc0F970c27}
HKEY_LOCAL_MACHINE\Software\Classes\TypeLib\{DDAF2479-6F00-4599-998A-3ED75686C6D0}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\UNinstall\bridge
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\bridge

4. Adds one of the following values:

"mswpl"="<file name of adware>"
"RunDLL"="rundll32.exe "C:\WINNT\System32\bridge.dll",Load"
"Systray"="<the full path of the adware program>"

to the registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run

so that the adware runs when you start Windows.

5. Attempts to download files from www.flingstone.com.


removal instructions

The following instructions pertain to all Symantec antivirus products that support Security Risk detection.

1. Update the definitions.
2. Close all open browser windows.
3. Run a full system scan and delete all the files detected as Adware.WinFavorites.
4. Delete the values that were added to the registry.

For specific details on each of these steps, read the following instructions.

1. To update the definitions
To obtain the most recent definitions, start your Symantec program and run LiveUpdate.

2. To close all open browser windows
As Adware.WinFavorites functions as a Microsoft Internet Explorer plugin, close all the open browser windows to remove it. If you are reading this writeup in Internet Explorer, print this writeup using our printer-friendly option at the top of the page, or write down the following instructions, and then close all the open browser windows.

3. To scan for and delete the files

1. Start your Symantec antivirus program and run a full system scan.
2. If any files are detected as Adware.WinFavorites, click Delete.

Note: If your Symantec antivirus product reports that it cannot delete a detected file, write down the path and file name. Then use Windows Explorer to locate and delete the file.


4. To delete the values from the registry
WARNING: Symantec strongly recommends that you back up the registry before making any changes to it. Incorrect changes to the registry can result in permanent data loss or corrupted files. Modify the specified keys only. Read the document, "How to make a backup of the Windows registry," for instructions.

1. Click Start > Run.
2. Type regedit

Then click OK.

3. Navigate to the following keys and delete them, if present:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{9C691A33-7DDA-4C2F-BE4C-C176083F35CF}
HKEY_LOCAL_MACHINE\Software\Classes\Bridge.brdg
HKEY_LOCAL_MACHINE\Software\Classes\Bridge.brdg.1
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{78e25b5d-78e25b5d-78e25b5d-78e25b5d-78e25b5d}
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{80BB7465-A638-43B5-9827-8E8FE38DFCC1}
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{9C691A33-7DDA-4C2F-BE4C-C176083F35CF}
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{4FDBDBAD-FEFE-4C4C-9CC1-1181052AFB12}
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{B88A3AF1-4F1B-4400-8FFB-3FCB108CE115}
HKEY_LOCAL_MACHINE\Software\Classes\Jao.jao
HKEY_LOCAL_MACHINE\Software\Classes\Jao.jao.1
HKEY_LOCAL_MACHINE\Software\Classes\TypeLib\{C094876D-1B0E-46FA-B6A6-7FFc0F970c27}
HKEY_LOCAL_MACHINE\Software\Classes\TypeLib\{DDAF2479-6F00-4599-998A-3ED75686C6D0}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\UNinstall\bridge
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\bridge

4. Navigate to the key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run

5. In the right pane, delete any of the following values:

"mswpl"="<file name of adware>"
"RunDLL"="rundll32.exe "C:\WINNT\System32\bridge.dll",Load"
"Systray"="<the full path of the adware program>"

6. Exit the Registry Editor.

When done post back and let me know

Kc :tazz:
  • 0

#22
blueheadsets

blueheadsets

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
I found these 3:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{9C691A33-7DDA-4C2F-BE4C-C176083F35CF}
---I found this at MICROSOFT\SOFTWARE\INTERNET EXPLORER\ACTIVE X COMPATIBILITY. OK TO DELETE YOU THINK?

HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{80BB7465-A638-43B5-9827-8E8FE38DFCC1}
--- I found this at MICROSOFT\SOFTWARE\INTERNET EXPLORER\ACTIVE X COMPATIBILITY. OK TO DELETE YOU THINK?

HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{9C691A33-7DDA-4C2F-BE4C-C176083F35CF}
--- I found this at MICROSOFT\SOFTWARE\INTERNET EXPLORER\ACTIVE X COMPATIBILITY. OK TO DELETE YOU THINK?


HKEY_LOCAL_MACHINE\Software\Classes\Bridge.brdg ----- NOT PRESENT
HKEY_LOCAL_MACHINE\Software\Classes\Bridge.brdg.1 ------- NOT PRESENT
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{78e25b5d-78e25b5d-78e25b5d-78e25b5d-78e25b5d} ------ NOT PRESENT
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{4FDBDBAD-FEFE-4C4C-9CC1-1181052AFB12} ------ NOT PRESENT
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{B88A3AF1-4F1B-4400-8FFB-3FCB108CE115} ------ NOT PRESENT
HKEY_LOCAL_MACHINE\Software\Classes\Jao.jao ------ NOT PRESENT
HKEY_LOCAL_MACHINE\Software\Classes\Jao.jao.1 ------ NOT PRESENT
HKEY_LOCAL_MACHINE\Software\Classes\TypeLib\{C094876D-1B0E-46FA-B6A6-7FFc0F970c27} ------ NOT PRESENT
HKEY_LOCAL_MACHINE\Software\Classes\TypeLib\{DDAF2479-6F00-4599-998A-3ED756866D0} ------ NOT PRESENT
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\UNinstall\bridge ------ NOT PRESENT
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\bridge ------ NOT PRESENT

In HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run I have the following which may or may not be suspicious based on what
was in your previous post:


Name: NvCplDaemon RUNDDL32.EXE C:\WINDOWS\System32\NvCpl.dll,NVStartup
Name: nwiz nwiz.exe /install
Name: SM1BG C:\WINDOWS\SM1BG.EXE

Edited by blueheadsets, 23 June 2005 - 11:12 AM.

  • 0

#23
Guest_thatman_*

Guest_thatman_*
  • Guest
Hi blueheadsets

Well I think that Panda have got one wrong here don't you. (BRIDGE MY A$$)

NvCplDaemon (NvQTwk.dll) is a module related to Nvidia graphics cards SAFE

nwiz.exe is a part of NVidia's Nview features SAFE

SM1bg.exe is a process belonging to the Cypress USB Mass Storage Adapter. It is installed with iTunes, Napster and USB devices. This program is a non-essential system process, but should not be terminated unless suspected to be causing problems.SAFE

How is the system running now.

Kc :tazz:
  • 0

#24
blueheadsets

blueheadsets

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
So far so good. I do not have to delete those other 3 registery entries I found? They are OK in the Active X Compatibility section of the registry?

I am going to run a different online virus scan and post the results.

THANKS!

Mark
  • 0

#25
blueheadsets

blueheadsets

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
So far so good. I ran Spyware doctor and that got rid of some miscellaneous tracking stuff I picked up from legit websites. Ad-Aware came back clean. TrendMicro virus scan was clean. I can run Ewido and NOD again later. Should I run these in Safe mode?? I noticed NOD can't open some files because they are in use.

I did the IE tweaking with Java and Active X.

As far as the software...there is a lot out there and stuff like Spyware Doctor and Ewido are not free. Are these worth paying to have? There's also the Ad-Aware upgrade to Ad-Watch. Do you have any recommendations as to what's worth paying for and what's not?

Thanks!

Mark
  • 0

Advertisements


#26
Guest_thatman_*

Guest_thatman_*
  • Guest
Hi blueheadsets

All the programs in this list are free and very good they are ablock Malware

http://www.winpatrol.com/index.html
Microsoft® Windows AntiSpyware (Beta) 2000 and XP ONLY.
Ad-Aware SE Personal Edition Free
Please download SpyBot V1.4 http://www.majorgeek...wnload2471.html
Spybot Tutorial
Disable Spybot Tutorial

How do you prevent spyware from being installed again? We strongly recommend installing SpywareBlaster (it's free for personal use). Click Here
QUOTE
Prevent the installation of ActiveX-based spyware, adware, browser hijackers, dialers, and other potentially unwanted pests.
Block spyware/tracking cookies in Internet Explorer and Mozilla/Firefox.
Restrict the actions of potentially dangerous sites in Internet Explorer.
Consumes no system resources.

Kc :tazz:
  • 0

#27
blueheadsets

blueheadsets

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
The "No disk in drive..." error is somehow related to Zone Alarm. I was running a program that had trouble with Zone Alarm and while tweaking some Zone Alarm settings every time I manually added a program to the allowable Zone Alarm program list it would flash up the "No disk...." error. I uninstalled Zone Alarm and then reinstalled it and it seems to have fixed the problem.
  • 0

#28
Guest_thatman_*

Guest_thatman_*
  • Guest
Hi blueheadsets

The items in my list are all you will need Ad-aware pul/professional at a waste of time and money stick with the free version.

I use Ad-aware plus/pro but don't the add ons

I do use ewido plus this program is improve constantly

Winpatrol plus is what I use this will do the same jog and a better job than Ad-aware adwatch

How is your system running now.

Kc :tazz:
  • 0

#29
blueheadsets

blueheadsets

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
System is running well, especially after re-installing Zone Alarm and stopping some programs from running on startup. I only have 512MB of ram and when I work during the day I have to have several programs running that I know take up a lot of memory. My business budget doesn't call for a new desktop computer until 2006 or 2007 so it was important to me that I get these problems fixed and with your help I was able to do it!
I upgraded two laptops this year and the second one will be here next week. I didn't want to spend a lot of money on anti-viral stuff since we don't use them as much as we do the desktop and with your recommendations I think we're fairly safe and secure without spending a fortune!


:tazz: ;) ;) :help:

Thanks!

Mark
  • 0

#30
Guest_thatman_*

Guest_thatman_*
  • Guest
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :tazz:

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP