1. Home
  2. Forums
  3. Hardware and Software
  4. Information Security

Downloader-EV Virus HELP!

0

I have the downloader-EV virus on my pc and I wonder if anyone knows ow to get it off i am a computer newbie so could you explain in detail
thankyou

3
Contributors
9
Replies
10
Views
14 Years
Discussion Span
14 Years Ago
Last Post by daymonkey
0

Hi there. First up I would go & have an on-line scan from here http://housecall.antivirus.com/ .
Then download a program called 'HijackThis' & unzip it into it's own folder in My Documents, or somewhere. Not a temporary one or it cannot create backups. Start HJT & scan your computer. DO NOT FIX ANYTHING YET, most of the stuff there is necessary. When the scan is finished the scan button will change to a save button. Save the log to a text file, copy & post it back here.
Get HijackThis here. http://www.zerosrealm.com/downloads/hjt.zip

0

no prob crunchie i found what it is though .. its a Trojan horse that takes advantage of a vulnerability in Microsoft Internet Explorer to download and execute arbitrary code on the system.... so a virus scan and removal should take care of this also this definition is is spybot SaD ( look below ) and Adaware 6.0...

0

when it is executed, it performs the following actions:

  1. Creates the Mutex "BotNetd" so that only one copy of the Trojan runs on the system at any one time.
  2. Attempts to download a file from one of the following servers:

    http:/ /66.98.190.39/
    http:/ /sonyasys.com/

    and save the file as one of the following:

    %Windir%\Notepad.exe
    %System%\Notepad.exe
    %Temp%\<random file name>.tmp

    Notes:

    • %Windir% is a variable. The Trojan locates the Windows installation folder (by default, this is C:\Windows or C:\Winnt) and saves the file to that location.
    • %System% is a variable. The Trojan locates the System folder and saves the file to that location. By default, this is C:\Windows\System (Windows 95/98/Me), C:\Winnt\System32 (Windows NT/2000), or C:\Windows\System32 (Windows XP).
    • %Temp% is a variable. The Trojan locates the temporary folder and saves the file to that location. By default, this is C:\Windows\TEMP (Windows 95/98/Me), or C:\WINNT\Temp (Windows NT/2000), or C:\Document and Settings\<UserName>\Local Settings\Temp (Windows XP).
  3. Adds the value:

    "qbotd"="<filename of Trojan>"

    to the registry key:

    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run

    so that the Trojan runs when you start Windows

0

Cool. I'm still learning the ropes at the mo.
Do you know what this is?
O8 - Extra context menu item: &RSDN Search - res://C:\WINDOWS\2020SE~1.DLL/GoRSDN.dll.htm

EDIT Where do you find the definitions in spybot?

0

Ok this is what I'd like you to do

1.)
Download CWShredder:

Unzip, run and hit the ->next tab to fix all found problems
Reboot.

2.)
Download Spybot - Search & Destroy

pls. read instructions carefully
Next, close all Internet Explorer windows, hit 'Check for Problems', and have SpyBot remove all it finds in Red.
Reboot.


3.)
Download Ad-Aware:
Pls. read the instructions carefully

One final reboot and then post a new HJT log please.

not sure on what it is but it has to do with these tool bars...'My Search Bar' (MySearch variant), 'MyWay Speed Bar' (MyWay) or 'My Web Search Bar' (MyWeb) entries...

0
OP

i can not open anythng except documents so i can not use any virus scanners or anything but 3 websites have told me i had this virus if any1 wants a picture of what happens leave your email

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.