[Trevuren]

Please provide me with the name and location of the file(s) Norton identifies.

Thanks,

Trevuren

[Advertisements]

Filename: icon.exe

Location: c:\windows\casicon.exe

[jupiter583]

Filename: icon.exe

Location: c:\windows\casicon.exe

[Trevuren]

I would like youu to submit ithat file to Jotti's for analysis.

1. Click HERE to get to Jotti's site.

2. At the top of the Jotti window, use the Browse button to locate the file on your system.

3. Once you have located the file, click SUBMIT and the content of the file will be uploaded by the site and analysed.

4. Please provide me with the results of the analysis.

Regards,

Trevuren

[jupiter583]

I hope I'm doing this right but here's what it said:

File: casicon.exe
Status: INFECTED/MALWARE
MD5 b32f2b42b39fcd590d85d60bd379d252
Packers detected: UPX

Scanner results:
AntiVir Found TR/VB.QG.1
ArcaVir Found Trojan.Vb.Qg
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found Trojan.Vb.QG
ClamAV Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
Fortinet Found W32/VB.QG-tr
Kaspersky Anti-Virus Found Trojan.Win32.VB.qg
NOD32 Found nothing
Norman Virus Control Found nothing
UNA Found nothing
VBA32 Found Trojan.Win32.VB.qg

Scanner Malware name
AntiVir TR/Spy.Perfloger.O
ArcaVir Trojan.Spy.Perfloger.O
Avast X
AVG Antivirus X
BitDefender Trojan.Keylogger.RT.A
ClamAV X
Dr.Web Trojan.DownLoader.2605
F-Prot Antivirus X
Fortinet Keylog/Perfect
Kaspersky Anti-Virus not-a-virus:Monitor.Win32.Perflogger.az
NOD32 Win32/Spy.PerfKey.N
Norman Virus Control X
UNA X
VBA32 Trojan.Perflog

If there was another, better or easier way for me to show you, let me know and I'll do it again.

[Trevuren]

That was perfect. It also shows you that not all antivirus programs are equal. Some pick up some things and not others.

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order in which they are mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes.

Download Killbox here: http://www.downloads...org/KillBox.exe and put it on your desktop

Open Killbox

Check the following boxes:

Standard File Kill
End Explorer Shell While Killing file

Copy & paste the full path of the file below into the Killbox topmost box.

c:\windows\casicon.exe

With the full path to the file name in the topmost textbox, Click the Red X ...and for the confirmation message that will appear, you will need to click Yes

It may not delete.

If it didn't delete, use killbox to delete the file you were not able to delete as follows:

Open Killbox

Check the following boxes:

Delete on Reboot

With the full path to the file name in the topmost textbox. Click the Red X ...and for the confirmation message that will appear, you will need to click Yes

A second message will ask to Reboot now? you will need to click Yes

Note: Killbox will let you know if the file does not exist.

Note: Rescan your system to make sure it is gone. These critters often take 3-5 times to kill


Please post a HJT log for review and provide any comments about your system that you deem important.

Regards,

Trevuren

Edited by Trevuren, 13 July 2005 - 10:20 PM.

[Trevuren]

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.