Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Computer Support > How does Downloader Trojan virus infect from a webpage?

Reply
Thread Tools

How does Downloader Trojan virus infect from a webpage?

 
 
Bill R
Guest
Posts: n/a
 
      04-17-2004
Seems so, Mike. Seemed to be a false positive AND nothing to do with the
site. Trendmicro could't find anything, but NAV still moaned, so I let a
NAV full scan delete the temporary-ish files it wasn't happy with (had to
disable System Restore for this), and thereafter it was happy again. Thanks
for checking.

Bill

"°Mike°" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> What I am saying is that those files did not come
> from that web site; they must have come from
> another source. I have browsed that page with
> I.E. and checked my cache. There is nothing
> untoward in it.
>
>
> On Thu, 15 Apr 2004 17:10:42 +0000 (UTC), in
> <c5mfmi$hdr$(E-Mail Removed)>
> Bill R scrawled:
>
> >If it was a false positive, does that mean that the following files were

all
> >legitimate (especially the ones in \Program Files\) ? From the Norton log
> >... .. I've since deleted the quarantined files ... Bill
> >
> >Date: 15/04/2004, Time: 15:38:54, Bill on DEFAULT
> >The file C:\WINDOWS\Temporary Internet
> >Files\Content.IE5\KLU7WX2R\msits[1].exe is infected with the
> >Downloader.Trojan virus.
> >Unable to repair this file.
> >
> >Date: 15/04/2004, Time: 15:39:06, Bill on DEFAULT
> >The file C:\WINDOWS\Temporary Internet
> >Files\Content.IE5\KLU7WX2R\msits[1].exe was infected with the
> >Downloader.Trojan virus.
> >The file was deleted.
> >
> >Date: 15/04/2004, Time: 15:40:08, Bill on DEFAULT
> >The file C:\Program Files\Internet Explorer\ksrdtwa.exe is infected with

the
> >Downloader.Trojan virus.
> >Unable to repair this file.
> >
> >Date: 15/04/2004, Time: 15:40:12, Bill on DEFAULT
> >The file C:\Program Files\Internet Explorer\ksrdtwa.exe was infected with
> >the Downloader.Trojan virus.
> >The file was quarantined.
> >
> >Date: 15/04/2004, Time: 15:41:50, Bill on DEFAULT
> >The file C:\WINDOWS\Temporary Internet
> >Files\Content.IE5\CNNN6GTX\msits[1].exe was infected with the
> >Downloader.Trojan virus.
> >The file was deleted.
> >
> >Date: 15/04/2004, Time: 15:41:58, Bill on DEFAULT
> >The file C:\Program Files\Internet Explorer\hhwesfwa.exe is infected with
> >the Downloader.Trojan virus.
> >Unable to repair this file.
> >
> >Date: 15/04/2004, Time: 15:42:00, Bill on DEFAULT
> >The file C:\Program Files\Internet Explorer\hhwesfwa.exe was infected

with
> >the Downloader.Trojan virus.
> >The file was quarantined.
> >
> >Date: 15/04/2004, Time: 15:46:44, Bill on DEFAULT
> >The file C:\WINDOWS\Temporary Internet
> >Files\Content.IE5\2XTENYTK\msits[1].exe is infected with the
> >Downloader.Trojan virus.
> >Unable to repair this file.
> >
> >Date: 15/04/2004, Time: 15:46:50, Bill on DEFAULT
> >The file C:\WINDOWS\Temporary Internet
> >Files\Content.IE5\2XTENYTK\msits[1].exe was infected with the
> >Downloader.Trojan virus.
> >The file was deleted.
> >
> >Date: 15/04/2004, Time: 15:46:56, Bill on DEFAULT
> >The file C:\Program Files\Internet Explorer\gwjpfnpm.exe is infected with
> >the Downloader.Trojan virus.
> >Unable to repair this file.
> >
> >Date: 15/04/2004, Time: 15:47:02, Bill on DEFAULT
> >The file C:\Program Files\Internet Explorer\gwjpfnpm.exe was infected

with
> >the Downloader.Trojan virus.
> >The file was quarantined.
> >
> >"°Mike°" <(E-Mail Removed)> wrote in message
> >news:(E-Mail Removed)...
> >> Norton is throwing up a false positive. There is nothing
> >> on that page, except javascript; KAV & eZ give it a clean
> >> bill of health.
> >>
> >>
> >> On Thu, 15 Apr 2004 15:37:59 +0000 (UTC), in
> >> <c5ma8m$58r$(E-Mail Removed)>
> >> Bill R scrawled:
> >>
> >> >I just accessed this tourist webpage and got notified by Norton AV

that
> >it
> >> >was trying to infect my machine with the Downloader.Trojan virus. It

> >seemed
> >> >to be trying to place two .exe files onto my system (one into

\Temporary
> >> >Internet Files\ and the other into \Program Files\Internet Explorer\.

My
> >IE
> >> >Security settings are customised to disable all the unsafe stuff, so I

> >don't
> >> >understand how the web-page was even able to make the attempt. But

> >Symantec
> >> >report that this virus has been around for a good two years. So

clearly
> >my
> >> >education is lacking. The web-page source looks innocuous. How can

this
> >> >virus lurk in a web-page?
> >> >
> >> > wwwDOTtirnanog-kilkennyDOTcom/kilkenny_countyDOThtm
> >> >
> >> >Bill
> >> >
> >>
> >> --
> >> Basic computer maintenance
> >> http://uk.geocities.com/personel44/maintenance.html

> >

>
> --
> Basic computer maintenance
> http://uk.geocities.com/personel44/maintenance.html



 
Reply With Quote
 
 
 
 
°Mike°
Guest
Posts: n/a
 
      04-17-2004
You're welcome.


On Sat, 17 Apr 2004 09:18:32 +0000 (UTC), in
<c5qsp8$a13$(E-Mail Removed)>
Bill R scrawled:

>Seems so, Mike. Seemed to be a false positive AND nothing to do with the
>site. Trendmicro could't find anything, but NAV still moaned, so I let a
>NAV full scan delete the temporary-ish files it wasn't happy with (had to
>disable System Restore for this), and thereafter it was happy again. Thanks
>for checking.
>
>Bill
>
>"°Mike°" <(E-Mail Removed)> wrote in message
>news:(E-Mail Removed)...
>> What I am saying is that those files did not come
>> from that web site; they must have come from
>> another source. I have browsed that page with
>> I.E. and checked my cache. There is nothing
>> untoward in it.

>

<snip>

--
Basic computer maintenance
http://uk.geocities.com/personel44/maintenance.html
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Can Viruses infect .AVI files??? Smiley Computer Support 109 05-17-2011 02:00 PM
Re: Harbor Freight Tools tried to infect your PC. BEWARE: James Computer Support 0 12-06-2008 12:32 AM
Trojan virus downloader!! °Mike° Computer Support 6 08-06-2004 09:06 AM
Cannot remove downloader trojan virus fjwilson Computer Information 3 11-10-2003 04:11 AM
Sobig, can it infect WITHOUT opening Trent Computer Support 0 08-21-2003 01:27 AM



Advertisments