downloader.vb.5.au

12-26-2004

Downloade avg7 free today and it found this trojan. Nothing on Google about
Trojan downloader.VB.5.AU

There are some links in Spanish and German about Downloader.VB.5

I think the German site recommended to run HIjackthis.

I (winxp) turned off System Restore. Finished running AVG 7 Free and once
the trojan was in the quarantine vault I deleted it. AVG info on the trojan
indicated it was located in a Hijackthis directory in a backup.
Question: Is this part of HIjackthis program or no ? Was this a false
positive?

I still cannot find anything on the ".AU" at the end of the identification
of the trojan. Possible P2P from Australia? uh, fishing here...........

Any comments?

P.s I have read much about problems with the AVG7 issue with email and so
far no problems with my OE6. FYI

--

Cherish, therefore, the spirit of our people, and keep alive their
attention. .If once they become inattentive to the public affairs, you and
I, and congress and Assemblies, Judges and governors, shall all become
wolves.

_________Jefferson to Carrington 1787

lsj7

12-26-2004

"lsj7" <> wrote message
news:dduzd.4014$:

> Downloade avg7 free today and it found this trojan. Nothing
> on Google about Trojan downloader.VB.5.AU
>
> There are some links in Spanish and German about
> Downloader.VB.5
>
> I think the German site recommended to run HIjackthis.
>
> I (winxp) turned off System Restore. Finished running AVG 7
> Free and once the trojan was in the quarantine vault I deleted
> it. AVG info on the trojan indicated it was located in a
> Hijackthis directory in a backup. Question: Is this part of
> HIjackthis program or no ? Was this a false positive?
>
> I still cannot find anything on the ".AU" at the end of the
> identification of the trojan. Possible P2P from Australia?
> uh, fishing here...........
>
> Any comments?
>
> P.s I have read much about problems with the AVG7 issue with
> email and so far no problems with my OE6. FYI

Does this help? http://filext.com/detaillist.php?extdetail=AU

12-26-2004

Boomer wrote:

> "lsj7" <> wrote message
> news:dduzd.4014$:

>> Downloade avg7 free today and it found this trojan. Nothing
>> on Google about Trojan downloader.VB.5.AU
>>
>> There are some links in Spanish and German about
>> Downloader.VB.5
>>
>> I think the German site recommended to run HIjackthis.
>>
>> I (winxp) turned off System Restore. Finished running AVG 7
>> Free and once the trojan was in the quarantine vault I deleted
>> it. AVG info on the trojan indicated it was located in a
>> Hijackthis directory in a backup. Question: Is this part of
>> HIjackthis program or no ? Was this a false positive?
>>
>> I still cannot find anything on the ".AU" at the end of the
>> identification of the trojan. Possible P2P from Australia?
>> uh, fishing here...........
>>
>> Any comments?
>>
>> P.s I have read much about problems with the AVG7 issue with
>> email and so far no problems with my OE6. FYI

> Does this help? http://filext.com/detaillist.php?extdetail=AU

Dude, file extensions don't mean a damn thing except only to those who wrote
the item.
I can literally use any file extension I want for any given item.
filename.jpg is an image right?
To me, it could be pure text.
normally, a certain extension is associated with a certain program to "open
with", but that is not always true.
If I choose a file in my folder, and click it on it, the registered
associate program opens it.
I can over ride that by using "open with" and choosing which program I want.

Autodialers often use extensions which are not commonly associated so that
no other program will open them.

12-26-2004

lsj7 wrote:

> Downloade avg7 free today and it found this trojan. Nothing on Google
> about Trojan downloader.VB.5.AU

> There are some links in Spanish and German about Downloader.VB.5

> I think the German site recommended to run HIjackthis.

> I (winxp) turned off System Restore. Finished running AVG 7 Free and once
> the trojan was in the quarantine vault I deleted it. AVG info on the
> trojan indicated it was located in a Hijackthis directory in a backup.
> Question: Is this part of HIjackthis program or no ? Was this a false
> positive?

It may be that the trojan implanted itself in this directory hoping you
wouldn't notice it so easily.

12-26-2004

Richard wrote:
> Boomer wrote:
>
>>> Any comments?
>>>
>>> P.s I have read much about problems with the AVG7 issue with
>>> email and so far no problems with my OE6. FYI
>
>> Does this help? http://filext.com/detaillist.php?extdetail=AU
>
> Dude, file extensions don't mean a damn thing except only to those
> who wrote the item.
> I can literally use any file extension I want for any given item.
> filename.jpg is an image right?
> To me, it could be pure text.
> normally, a certain extension is associated with a certain program to
> "open with", but that is not always true.
> If I choose a file in my folder, and click it on it, the registered
> associate program opens it.
> I can over ride that by using "open with" and choosing which program
> I want.
>
> Autodialers often use extensions which are not commonly associated so
> that no other program will open them.

1. That would be dude(ette)
2. Which part of '?' is giving you the most trouble?
3.Are you Bullis?

12-26-2004

Howdy!

"lsj7" <> wrote in message
news:dduzd.4014$...

> I (winxp) turned off System Restore. Finished running AVG 7 Free and once
> the trojan was in the quarantine vault I deleted it. AVG info on the
trojan
> indicated it was located in a Hijackthis directory in a backup.
> Question: Is this part of HIjackthis program or no ? Was this a false
> positive?

It's not - it was removed by HijackThis earlier.

Hence the fact that it was in a backup ...

Mmm ... I suggest next time before you panic, you think carefully
about where something was found. If in a quarantine or backup directory for
a clean up utility, it's normally perfectly safe there.

RwP

12-27-2004

Ralph W. Phillips wrote:
> Howdy!
>
> "lsj7" <> wrote in message
> news:dduzd.4014$...
>
>> I (winxp) turned off System Restore. Finished running AVG 7 Free
>> and once the trojan was in the quarantine vault I deleted it. AVG
>> info on the trojan indicated it was located in a Hijackthis
>> directory in a backup.
>> Question: Is this part of HIjackthis program or no ? Was this a
>> false positive?
>
> It's not - it was removed by HijackThis earlier.

Been a couple weeks since I ran HJT. I do not recall putting a check mark in
the box to remove any such trojan then or any time. I run A2, Ewido
Security, Housecall, Bazooka, SPybot S&D, Winpatrol, SPywareinfo scanner,
McAfee Stinger, AVG7.
I ran scheduled task run of AVG6 that morning and it found nothing. During
the day I uninstalled AVG6-saved it in a folder in case AVG7 was too
buggy-and downloaded AVG7 Free from Majorgeeks dot com. On first running
the trojan was found. If it had been hiding in the directory for awhile
nothing found it til the first test of AVG7. Or the trojan was downloaded
after the scheduled test at 101am of AVG6, and I don't think that happened.

>
> Hence the fact that it was in a backup ...

It should have been discovered by other means, don't you think?

>
> Mmm ... I suggest next time before you panic, you think
> carefully about where something was found.

No panic here, sir.

> If in a quarantine or
> backup directory for a clean up utility, it's normally perfectly safe
> there.
>
> RwP

Thanx.

--

Cherish, therefore, the spirit of our people, and keep alive their
attention. .If once they become inattentive to the public affairs, you
and I, and congress and Assemblies, Judges and governors, shall all
become wolves.

_________Jefferson to Carrington 1787

lsj7

12-27-2004

Richard wrote:
> lsj7 wrote:
>
>> Downloade avg7 free today and it found this trojan. Nothing on
>> Google about Trojan downloader.VB.5.AU
>
>> There are some links in Spanish and German about Downloader.VB.5
>
>> I think the German site recommended to run HIjackthis.
>
>> I (winxp) turned off System Restore. Finished running AVG 7 Free
>> and once the trojan was in the quarantine vault I deleted it. AVG
>> info on the trojan indicated it was located in a Hijackthis
>> directory in a backup. Question: Is this part of HIjackthis program
>> or no ? Was this a false positive?
>

> It may be that the trojan implanted itself in this directory hoping
> you wouldn't notice it so easily.

Possible. Lot of traffic on this computer with my teens home for the
holidays.

--

Cherish, therefore, the spirit of our people, and keep alive their
attention. .If once they become inattentive to the public affairs, you
and I, and congress and Assemblies, Judges and governors, shall all
become wolves.

_________Jefferson to Carrington 1787

lsj7

01-20-2005

H

I have also found downloader.vb.5.au when scanning with new AV viru
scan. It says that it cannot remove trojan as it is located in th
archive and cannot be healed or removed. Any suggestions please? An
is it harmful

--
dazz
-----------------------------------------------------------------------
dazzy's Profile: http://www.iamnotageek.com/member.php?userid=933
View this thread: http://www.iamnotageek.com/showthread.php?t=47300

02-14-2005

Is there anyone who has more information about this threat and how t
remove it

--
benni
-----------------------------------------------------------------------
bennie's Profile: http://www.iamnotageek.com/member.php?userid=993
View this thread: http://www.iamnotageek.com/showthread.php?t=47300