I have the downloader-EV virus on my pc and I wonder if anyone knows ow to get it off i am a computer newbie so could you explain in detail
thankyou
RC_Razor 7
let me see if i can find some info hold on k
RC_Razor 7
before i search if this is a known problem scan with a virus scan..
crunchie 990
Hi there. First up I would go & have an on-line scan from here http://housecall.antivirus.com/ .
Then download a program called 'HijackThis' & unzip it into it's own folder in My Documents, or somewhere. Not a temporary one or it cannot create backups. Start HJT & scan your computer. DO NOT FIX ANYTHING YET, most of the stuff there is necessary. When the scan is finished the scan button will change to a save button. Save the log to a text file, copy & post it back here.
Get HijackThis here. http://www.zerosrealm.com/downloads/hjt.zip
crunchie 990
Too slow again.
RC_Razor 7
no prob crunchie i found what it is though .. its a Trojan horse that takes advantage of a vulnerability in Microsoft Internet Explorer to download and execute arbitrary code on the system.... so a virus scan and removal should take care of this also this definition is is spybot SaD ( look below ) and Adaware 6.0...
RC_Razor 7
when it is executed, it performs the following actions:
- Creates the Mutex "BotNetd" so that only one copy of the Trojan runs on the system at any one time.
- Attempts to download a file from one of the following servers:
http:/ /66.98.190.39/
http:/ /sonyasys.com/and save the file as one of the following:
%Windir%\Notepad.exe
%System%\Notepad.exe
%Temp%\<random file name>.tmpNotes:
- %Windir% is a variable. The Trojan locates the Windows installation folder (by default, this is C:\Windows or C:\Winnt) and saves the file to that location.
- %System% is a variable. The Trojan locates the System folder and saves the file to that location. By default, this is C:\Windows\System (Windows 95/98/Me), C:\Winnt\System32 (Windows NT/2000), or C:\Windows\System32 (Windows XP).
- %Temp% is a variable. The Trojan locates the temporary folder and saves the file to that location. By default, this is C:\Windows\TEMP (Windows 95/98/Me), or C:\WINNT\Temp (Windows NT/2000), or C:\Document and Settings\<UserName>\Local Settings\Temp (Windows XP).
- Adds the value:
"qbotd"="<filename of Trojan>"
to the registry key:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
so that the Trojan runs when you start Windows
crunchie 990
Cool. I'm still learning the ropes at the mo.
Do you know what this is?
O8 - Extra context menu item: &RSDN Search - res://C:\WINDOWS\2020SE~1.DLL/GoRSDN.dll.htm
EDIT Where do you find the definitions in spybot?
RC_Razor 7
Ok this is what I'd like you to do
1.)
Download CWShredder:
Unzip, run and hit the ->next tab to fix all found problems
Reboot.
2.)
Download Spybot - Search & Destroy
pls. read instructions carefully
Next, close all Internet Explorer windows, hit 'Check for Problems', and have SpyBot remove all it finds in Red.
Reboot.
3.)
Download Ad-Aware:
Pls. read the instructions carefully
One final reboot and then post a new HJT log please.
not sure on what it is but it has to do with these tool bars...'My Search Bar' (MySearch variant), 'MyWay Speed Bar' (MyWay) or 'My Web Search Bar' (MyWeb) entries...
i can not open anythng except documents so i can not use any virus scanners or anything but 3 websites have told me i had this virus if any1 wants a picture of what happens leave your email
