Dropper.DP.A Trojan?

Discussion in 'NZ Computing' started by ~misfit~, Sep 4, 2003.

  1. ~misfit~

    ~misfit~ Guest

    As I've mentioned, I have AVG free edition 6.0 on my machines at home. While
    I've been playing with them in the last day or so I checked the test results
    on the machine that houses my modem and shares it on my LAN. Running XP Pro
    with the built-in firewall enabled and using ICS. No email programs run on
    this machine.

    The machine is set to scan every day and I've never seen it detect a virus.
    However, in the test results it tells me that I have the Dropper.DP.A
    'virus' in
    D:\RECYCLER\S-1-5-21-1220945662-1935655697-1343024091-1003\DD1\NET.ZIP.\NETL
    IGHT.EXE and it's status is 'Still infected'.

    The D: drive on this machine is a 10GB drive that contains my mp3 collection
    and the incoming folder for Kazaa (mapped and run from another machine). I
    have 'emptied' the recycle bin, even though it was empty. Then I re-scanned
    with AVG, using the latest definition, and it's still there, no change.

    I've done a web-search for Dropper.DP.A and found no results. I checked
    Grisoft's site and there are various 'Droppers' listed (but not this one?)
    and it seems that they are all trojans that can over-write or write to the
    boot sector of drives.

    I went to Symantec's site and they don't have this variant listed either.
    While I was there I did a remote virus scan using their tools and it came up
    clean. However, another local scan with AVG still shows it as being on the
    machine.

    I tried to delete the 'Recycler' folder but Windows won't allow it as it's a
    system file.

    I've scaned all my other machines on the LAN and they come up clean, using
    AVG and the same definition file.

    What do I do next? I've thought about copying all the data off this drive
    across the LAN to my machine and re-formatting the drive concerned. Is this
    the best option?

    Thoughts please? As you can imagine, I'm a little concerned. I'm not sure
    how I got it, all I can think of is that it came through Kazaa.

    Thanks,
    --
    ~misfit~



    ---
    Outgoing mail is certified Virus Free.
    Checked by AVG anti-virus system (http://www.grisoft.com).
    Version: 6.0.515 / Virus Database: 313 - Release Date: 1/09/2003
     
    ~misfit~, Sep 4, 2003
    #1
    1. Advertising

  2. ~misfit~

    The Flash Guest

    Three options here, one just ignore it.

    Two, you can manualy rename / delete the file, you will have to look at
    google with the procedure about what files / folders that you unhide and how
    to turn file locking / protection etc off. Just be carefully.

    Three, Stick the HDD in another system with an OS that can access NTFS (if
    you are using it) and scan / delete / repair from that system (This is what
    I usually do)

    For a good online scanner try this : http://housecall.trendmicro.com/





    "~misfit~" <misfit@'SPAMTRAP'orcon.net.nz> wrote in message
    news:Giy5b.136844$...
    > As I've mentioned, I have AVG free edition 6.0 on my machines at home.

    While
    > I've been playing with them in the last day or so I checked the test

    results
    > on the machine that houses my modem and shares it on my LAN. Running XP

    Pro
    > with the built-in firewall enabled and using ICS. No email programs run on
    > this machine.
    >
    > The machine is set to scan every day and I've never seen it detect a

    virus.
    > However, in the test results it tells me that I have the Dropper.DP.A
    > 'virus' in
    >

    D:\RECYCLER\S-1-5-21-1220945662-1935655697-1343024091-1003\DD1\NET.ZIP.\NETL
    > IGHT.EXE and it's status is 'Still infected'.
    >
    > The D: drive on this machine is a 10GB drive that contains my mp3

    collection
    > and the incoming folder for Kazaa (mapped and run from another machine). I
    > have 'emptied' the recycle bin, even though it was empty. Then I

    re-scanned
    > with AVG, using the latest definition, and it's still there, no change.
    >
    > I've done a web-search for Dropper.DP.A and found no results. I checked
    > Grisoft's site and there are various 'Droppers' listed (but not this one?)
    > and it seems that they are all trojans that can over-write or write to the
    > boot sector of drives.
    >
    > I went to Symantec's site and they don't have this variant listed either.
    > While I was there I did a remote virus scan using their tools and it came

    up
    > clean. However, another local scan with AVG still shows it as being on the
    > machine.
    >
    > I tried to delete the 'Recycler' folder but Windows won't allow it as it's

    a
    > system file.
    >
    > I've scaned all my other machines on the LAN and they come up clean, using
    > AVG and the same definition file.
    >
    > What do I do next? I've thought about copying all the data off this drive
    > across the LAN to my machine and re-formatting the drive concerned. Is

    this
    > the best option?
    >
    > Thoughts please? As you can imagine, I'm a little concerned. I'm not sure
    > how I got it, all I can think of is that it came through Kazaa.
    >
    > Thanks,
    > --
    > ~misfit~
    >
    >
    >
    > ---
    > Outgoing mail is certified Virus Free.
    > Checked by AVG anti-virus system (http://www.grisoft.com).
    > Version: 6.0.515 / Virus Database: 313 - Release Date: 1/09/2003
    >
    >
     
    The Flash, Sep 4, 2003
    #2
    1. Advertising

  3. ~misfit~

    ~misfit~ Guest

    "The Flash" <> wrote in message
    news:bqz5b.136893$...
    > Three options here, one just ignore it.
    >
    > Two, you can manualy rename / delete the file, you will have to look at
    > google with the procedure about what files / folders that you unhide and

    how
    > to turn file locking / protection etc off. Just be carefully.
    >
    > Three, Stick the HDD in another system with an OS that can access NTFS (if
    > you are using it) and scan / delete / repair from that system (This is

    what
    > I usually do)
    >
    > For a good online scanner try this : http://housecall.trendmicro.com/


    Trying the trendmicro thing now. As it's not my boot drive and it's on an XP
    system can I just run those commands on the system it's in?

    If so what will they do and how do I run them? Will they destroy the data at
    all? (other than the trojan).

    Thanks for the advise. I'm not comfortable ignoring it.

    'Two,' sounds a little complicated and I'll keep it as a last resort for
    now. I'm unable to delete or rename the file as windows keeps insisting it's
    in use.

    Cheers,
    --
    ~misfit~



    ---
    Outgoing mail is certified Virus Free.
    Checked by AVG anti-virus system (http://www.grisoft.com).
    Version: 6.0.515 / Virus Database: 313 - Release Date: 1/09/2003
     
    ~misfit~, Sep 4, 2003
    #3
  4. ~misfit~

    Andrew Guest

    You could try loading up in Safemode and then try deleting it

    "~misfit~" <misfit@'SPAMTRAP'orcon.net.nz> wrote in message
    news:Giy5b.136844$...
    > As I've mentioned, I have AVG free edition 6.0 on my machines at home.

    While
    > I've been playing with them in the last day or so I checked the test

    results
    > on the machine that houses my modem and shares it on my LAN. Running XP

    Pro
    > with the built-in firewall enabled and using ICS. No email programs run on
    > this machine.
    >
    > The machine is set to scan every day and I've never seen it detect a

    virus.
    > However, in the test results it tells me that I have the Dropper.DP.A
    > 'virus' in
    >

    D:\RECYCLER\S-1-5-21-1220945662-1935655697-1343024091-1003\DD1\NET.ZIP.\NETL
    > IGHT.EXE and it's status is 'Still infected'.
    >
    > The D: drive on this machine is a 10GB drive that contains my mp3

    collection
    > and the incoming folder for Kazaa (mapped and run from another machine). I
    > have 'emptied' the recycle bin, even though it was empty. Then I

    re-scanned
    > with AVG, using the latest definition, and it's still there, no change.
    >
    > I've done a web-search for Dropper.DP.A and found no results. I checked
    > Grisoft's site and there are various 'Droppers' listed (but not this one?)
    > and it seems that they are all trojans that can over-write or write to the
    > boot sector of drives.
    >
    > I went to Symantec's site and they don't have this variant listed either.
    > While I was there I did a remote virus scan using their tools and it came

    up
    > clean. However, another local scan with AVG still shows it as being on the
    > machine.
    >
    > I tried to delete the 'Recycler' folder but Windows won't allow it as it's

    a
    > system file.
    >
    > I've scaned all my other machines on the LAN and they come up clean, using
    > AVG and the same definition file.
    >
    > What do I do next? I've thought about copying all the data off this drive
    > across the LAN to my machine and re-formatting the drive concerned. Is

    this
    > the best option?
    >
    > Thoughts please? As you can imagine, I'm a little concerned. I'm not sure
    > how I got it, all I can think of is that it came through Kazaa.
    >
    > Thanks,
    > --
    > ~misfit~
    >
    >
    >
    > ---
    > Outgoing mail is certified Virus Free.
    > Checked by AVG anti-virus system (http://www.grisoft.com).
    > Version: 6.0.515 / Virus Database: 313 - Release Date: 1/09/2003
    >
    >
     
    Andrew, Sep 4, 2003
    #4
  5. ~misfit~

    ~misfit~ Guest

    "Andrew" <> wrote in message
    news:y_A5b.1121$...
    > You could try loading up in Safemode and then try deleting it


    Thanks Andrew, I'll add that to my list of possible fixes. :)
    --
    ~misfit~


    > "~misfit~" <misfit@'SPAMTRAP'orcon.net.nz> wrote in message
    > news:Giy5b.136844$...
    > > As I've mentioned, I have AVG free edition 6.0 on my machines at home.

    > While
    > > I've been playing with them in the last day or so I checked the test

    > results
    > > on the machine that houses my modem and shares it on my LAN. Running XP

    > Pro
    > > with the built-in firewall enabled and using ICS. No email programs run

    on
    > > this machine.
    > >
    > > The machine is set to scan every day and I've never seen it detect a

    > virus.
    > > However, in the test results it tells me that I have the Dropper.DP.A
    > > 'virus' in
    > >

    >

    D:\RECYCLER\S-1-5-21-1220945662-1935655697-1343024091-1003\DD1\NET.ZIP.\NETL
    > > IGHT.EXE and it's status is 'Still infected'.
    > >
    > > The D: drive on this machine is a 10GB drive that contains my mp3

    > collection
    > > and the incoming folder for Kazaa (mapped and run from another machine).

    I
    > > have 'emptied' the recycle bin, even though it was empty. Then I

    > re-scanned
    > > with AVG, using the latest definition, and it's still there, no change.
    > >
    > > I've done a web-search for Dropper.DP.A and found no results. I checked
    > > Grisoft's site and there are various 'Droppers' listed (but not this

    one?)
    > > and it seems that they are all trojans that can over-write or write to

    the
    > > boot sector of drives.
    > >
    > > I went to Symantec's site and they don't have this variant listed

    either.
    > > While I was there I did a remote virus scan using their tools and it

    came
    > up
    > > clean. However, another local scan with AVG still shows it as being on

    the
    > > machine.
    > >
    > > I tried to delete the 'Recycler' folder but Windows won't allow it as

    it's
    > a
    > > system file.
    > >
    > > I've scaned all my other machines on the LAN and they come up clean,

    using
    > > AVG and the same definition file.
    > >
    > > What do I do next? I've thought about copying all the data off this

    drive
    > > across the LAN to my machine and re-formatting the drive concerned. Is

    > this
    > > the best option?
    > >
    > > Thoughts please? As you can imagine, I'm a little concerned. I'm not

    sure
    > > how I got it, all I can think of is that it came through Kazaa.
    > >
    > > Thanks,
    > > --
    > > ~misfit~
    > >
    > >
    > >
    > > ---
    > > Outgoing mail is certified Virus Free.
    > > Checked by AVG anti-virus system (http://www.grisoft.com).
    > > Version: 6.0.515 / Virus Database: 313 - Release Date: 1/09/2003
    > >
    > >

    >
    >



    ---
    Outgoing mail is certified Virus Free.
    Checked by AVG anti-virus system (http://www.grisoft.com).
    Version: 6.0.515 / Virus Database: 313 - Release Date: 1/09/2003
     
    ~misfit~, Sep 4, 2003
    #5
  6. "~misfit~" <misfit@'SPAMTRAP'orcon.net.nz> wrote in message
    news:4DC5b.137052$...
    >
    > "Andrew" <> wrote in message
    > news:y_A5b.1121$...
    > > You could try loading up in Safemode and then try deleting it

    >
    > Thanks Andrew, I'll add that to my list of possible fixes. :)
    > --
    > ~misfit~
    >


    I think XP safemode still locks these files. You might need a DOS (Win9x)
    boot disk (you did say it was a fat32 drive?) and a copy of deltree.exe
    (from %win%\command\ as it's not on the EBD by default)

    deltree /y d:\recycled

    The OS rebuilds Rubbish Bins on all drives that don't have one.
     
    Fred the Fish, Sep 4, 2003
    #6
  7. In article <4DC5b.137052$>,
    misfit@'SPAMTRAP'orcon.net.nz says...
    > "Andrew" <> wrote in message
    > news:y_A5b.1121$...
    > > You could try loading up in Safemode and then try deleting it

    >
    > Thanks Andrew, I'll add that to my list of possible fixes. :)
    > --
    > ~misfit~



    I was going to suggest the same thing, except from shell (boot - F8 -
    shell only)

    One beauty of having a dual boot system: if one of my os' goes down or
    does something stupid I can usually boot into the other and fix it from
    the outside :)

    BTW did you mistype the path to that file? d:\recycler\etc ??? looks
    fishy to me as it is.
    Also that huge alphanumerical directory after looks fishy in that place.
    i.i.r.c. XP uses those for system restore states, and possibly for
    checkdisk purposes but I don't think I've seen them in the recycle bin,
    ever.

    You might try to dis-associate XP from zip files and that might free
    accesss to this thing if that has anything to do with it being locked.
    You could turn off the recycle bin for drive D:\ if it in fact IS the
    recycle bin.

    -P.

    --

    Please note munged reply address - delete the obvious ....
     
    Peter Huebner, Sep 4, 2003
    #7
  8. ~misfit~

    ~misfit~ Guest

    "Peter Huebner" <> wrote in message
    news:...
    > In article <4DC5b.137052$>,
    > misfit@'SPAMTRAP'orcon.net.nz says...
    > > "Andrew" <> wrote in message
    > > news:y_A5b.1121$...
    > > > You could try loading up in Safemode and then try deleting it

    > >
    > > Thanks Andrew, I'll add that to my list of possible fixes. :)
    > > --
    > > ~misfit~

    >
    >
    > I was going to suggest the same thing, except from shell (boot - F8 -
    > shell only)
    >
    > One beauty of having a dual boot system: if one of my os' goes down or
    > does something stupid I can usually boot into the other and fix it from
    > the outside :)
    >
    > BTW did you mistype the path to that file? d:\recycler\etc ??? looks
    > fishy to me as it is.
    > Also that huge alphanumerical directory after looks fishy in that place.
    > i.i.r.c. XP uses those for system restore states, and possibly for
    > checkdisk purposes but I don't think I've seen them in the recycle bin,
    > ever.
    >
    > You might try to dis-associate XP from zip files and that might free
    > accesss to this thing if that has anything to do with it being locked.
    > You could turn off the recycle bin for drive D:\ if it in fact IS the
    > recycle bin.


    On all my XP machines, when I look in a drive or partition there is always a
    folder called 'recycler' (I have my preferences set to show hidden and
    system files) I typed the file path exactly as AVG reported it,
    double-checked it too.

    Anyway, I've just copied all my data off the drive to a networked machine
    and the disk in question is being re-formatted as we speak. (64%) NTFS by
    the way, as it was before.

    Thanks for the input. Most of my other systems are dual or triple boot (XP,
    98SE and Mandrake 9.1) but this machine only has a 2 GB C: drive for the OS
    and the 10 GB drive for mp3 storage. As I said previously, it's only used as
    a modem/firewall/ICS machine and a file server. It's an old Celeron
    Mendicino 400 @ 545Mhz. XP Pro, 128Mb RAM, modem and NIC. (Oh, and an old
    AGP GeForce2 MX400/64MB that was unreliable in my main machine (just
    wouldn't start one morning) but hasn't missed a beat since I put it in this
    one.) Bit of a waste of a graphics card for a file-server really, overkill
    when a 2MB PCI card would do. Or an 8MB S3 AGP I have here. But as it proved
    to be flakey in my main machine I'm loathe to sell it, I hate come-backs.
    And yet it's been running perfectly in the server for 3 months.

    Ok, format finished. Time to copy the files back.

    Cheers,
    --
    ~misfit~



    ---
    Outgoing mail is certified Virus Free.
    Checked by AVG anti-virus system (http://www.grisoft.com).
    Version: 6.0.515 / Virus Database: 313 - Release Date: 1/09/2003
     
    ~misfit~, Sep 4, 2003
    #8
  9. ~misfit~

    ~misfit~ Guest

    "Fred the Fish" <> wrote in message
    news:ihE5b.1150$...
    >
    > "~misfit~" <misfit@'SPAMTRAP'orcon.net.nz> wrote in message
    > news:4DC5b.137052$...
    > >
    > > "Andrew" <> wrote in message
    > > news:y_A5b.1121$...
    > > > You could try loading up in Safemode and then try deleting it

    > >
    > > Thanks Andrew, I'll add that to my list of possible fixes. :)
    > > --
    > > ~misfit~
    > >

    >
    > I think XP safemode still locks these files. You might need a DOS (Win9x)
    > boot disk (you did say it was a fat32 drive?) and a copy of deltree.exe
    > (from %win%\command\ as it's not on the EBD by default)


    It's NTFS.

    > deltree /y d:\recycled
    >
    > The OS rebuilds Rubbish Bins on all drives that don't have one.


    That's what I figured when I tried to delete it.

    Oh well, re-formatted now, just transfering the data back. Hopefully when I
    scan it with AVG in a few minutes it'll come up clean. <fingers crossed>
    --
    ~misfit~



    ---
    Outgoing mail is certified Virus Free.
    Checked by AVG anti-virus system (http://www.grisoft.com).
    Version: 6.0.515 / Virus Database: 313 - Release Date: 1/09/2003
     
    ~misfit~, Sep 4, 2003
    #9
  10. In article <DAG5b.137273$>,
    misfit@'SPAMTRAP'orcon.net.nz says...
    >
    > On all my XP machines, when I look in a drive or partition there is always a
    > folder called 'recycler' (I have my preferences set to show hidden and
    > system files) I typed the file path exactly as AVG reported it,
    > double-checked it too.


    This is ODD, to my mind. There is no directory 'recycler' on my machine
    anywhere.
    Unfortunately I wiped XP from my wife's machine as she wanted 98 back so
    I can't double check there.
    I am going down to the village tomorrow, I may check on the server at the
    Community Resource Centre, if I have the time and if I don't forget. ;-)
    I am sure somebody else who reads this can pipe up and pitch in!

    It could be of course that since my machine already had 'recycled'
    directories that XP decided to recycle those for its own purposed when I
    installed it as a second OS (rarely used, only for educational and
    experimantal purposes b.t.w.)

    But I smell a rat. This could be s.th. like the trojan that disguised
    itself as kernel32.exe masquerading to look similar to kernel32.dll.

    -P.
     
    Peter Huebner, Sep 4, 2003
    #10
  11. ~misfit~

    Rider Guest

    "Peter Huebner" <> wrote in message
    news:...
    > In article <DAG5b.137273$>,
    > misfit@'SPAMTRAP'orcon.net.nz says...
    > >
    > > On all my XP machines, when I look in a drive or partition there is

    always a
    > > folder called 'recycler' (I have my preferences set to show hidden and
    > > system files) I typed the file path exactly as AVG reported it,
    > > double-checked it too.

    >
    > This is ODD, to my mind. There is no directory 'recycler' on my machine
    > anywhere.


    Its an XP thing. Dunno why they decided to chage the name.

    Rider
     
    Rider, Sep 4, 2003
    #11
  12. ~misfit~

    Rider Guest

    "~misfit~" <misfit@'SPAMTRAP'orcon.net.nz> wrote in message
    news:Giy5b.136844$...
    > As I've mentioned, I have AVG free edition 6.0 on my machines at home.

    While
    > I've been playing with them in the last day or so I checked the test

    results
    > on the machine that houses my modem and shares it on my LAN. Running XP

    Pro
    > with the built-in firewall enabled and using ICS. No email programs run on
    > this machine.
    >
    > The machine is set to scan every day and I've never seen it detect a

    virus.
    > However, in the test results it tells me that I have the Dropper.DP.A
    > 'virus' in
    >

    D:\RECYCLER\S-1-5-21-1220945662-1935655697-1343024091-1003\DD1\NET.ZIP.\NETL
    > IGHT.EXE and it's status is 'Still infected'.
    >
    > The D: drive on this machine is a 10GB drive that contains my mp3

    collection
    > and the incoming folder for Kazaa (mapped and run from another machine). I
    > have 'emptied' the recycle bin, even though it was empty. Then I

    re-scanned
    > with AVG, using the latest definition, and it's still there, no change.
    >
    > I've done a web-search for Dropper.DP.A and found no results. I checked
    > Grisoft's site and there are various 'Droppers' listed (but not this one?)
    > and it seems that they are all trojans that can over-write or write to the
    > boot sector of drives.
    >
    > I went to Symantec's site and they don't have this variant listed either.
    > While I was there I did a remote virus scan using their tools and it came

    up
    > clean. However, another local scan with AVG still shows it as being on the
    > machine.
    >
    > I tried to delete the 'Recycler' folder but Windows won't allow it as it's

    a
    > system file.
    >
    > I've scaned all my other machines on the LAN and they come up clean, using
    > AVG and the same definition file.
    >
    > What do I do next? I've thought about copying all the data off this drive
    > across the LAN to my machine and re-formatting the drive concerned. Is

    this
    > the best option?
    >
    > Thoughts please? As you can imagine, I'm a little concerned. I'm not sure
    > how I got it, all I can think of is that it came through Kazaa.
    >
    > Thanks,
    > --
    > ~misfit~



    I have seen this kinda thing once before, AVG picked up a piece of spyware
    as a trojan (gave it a name too) in this fashion. I checked Symantec and it
    didnt have it listed so did some hunting and found out that the file was
    just spyware, but AVG decided it was a virus.

    Stoopid thing kept reinstalling itself because AVG kept putting it in the
    vault. So everytime this womans pc started up AVG sprang into life saying
    she had a virus. Made her bloody paranoid LOL

    Rider
     
    Rider, Sep 4, 2003
    #12
  13. Well I did get down to the Resource Centre today ... their server has no
    'recycler' directory/ies listed either (and yes, I have 'show hidden and
    system files' enabled down there).

    <scratches head>

    -P.
     
    Peter Huebner, Sep 5, 2003
    #13
  14. ~misfit~

    ~misfit~ Guest

    "Rider" <> wrote in message
    news:bj8d7f$4pj$...
    >
    > "~misfit~" <misfit@'SPAMTRAP'orcon.net.nz> wrote in message
    > news:Giy5b.136844$...
    > > As I've mentioned, I have AVG free edition 6.0 on my machines at home.

    > While
    > > I've been playing with them in the last day or so I checked the test

    > results
    > > on the machine that houses my modem and shares it on my LAN. Running XP

    > Pro
    > > with the built-in firewall enabled and using ICS. No email programs run

    on
    > > this machine.
    > >
    > > The machine is set to scan every day and I've never seen it detect a

    > virus.
    > > However, in the test results it tells me that I have the Dropper.DP.A
    > > 'virus' in
    > >

    >

    D:\RECYCLER\S-1-5-21-1220945662-1935655697-1343024091-1003\DD1\NET.ZIP.\NETL
    > > IGHT.EXE and it's status is 'Still infected'.
    > >
    > > The D: drive on this machine is a 10GB drive that contains my mp3

    > collection
    > > and the incoming folder for Kazaa (mapped and run from another machine).

    I
    > > have 'emptied' the recycle bin, even though it was empty. Then I

    > re-scanned
    > > with AVG, using the latest definition, and it's still there, no change.
    > >
    > > I've done a web-search for Dropper.DP.A and found no results. I checked
    > > Grisoft's site and there are various 'Droppers' listed (but not this

    one?)
    > > and it seems that they are all trojans that can over-write or write to

    the
    > > boot sector of drives.
    > >
    > > I went to Symantec's site and they don't have this variant listed

    either.
    > > While I was there I did a remote virus scan using their tools and it

    came
    > up
    > > clean. However, another local scan with AVG still shows it as being on

    the
    > > machine.
    > >
    > > I tried to delete the 'Recycler' folder but Windows won't allow it as

    it's
    > a
    > > system file.
    > >
    > > I've scaned all my other machines on the LAN and they come up clean,

    using
    > > AVG and the same definition file.
    > >
    > > What do I do next? I've thought about copying all the data off this

    drive
    > > across the LAN to my machine and re-formatting the drive concerned. Is

    > this
    > > the best option?
    > >
    > > Thoughts please? As you can imagine, I'm a little concerned. I'm not

    sure
    > > how I got it, all I can think of is that it came through Kazaa.
    > >
    > > Thanks,
    > > --
    > > ~misfit~

    >
    >
    > I have seen this kinda thing once before, AVG picked up a piece of spyware
    > as a trojan (gave it a name too) in this fashion. I checked Symantec and

    it
    > didnt have it listed so did some hunting and found out that the file was
    > just spyware, but AVG decided it was a virus.
    >
    > Stoopid thing kept reinstalling itself because AVG kept putting it in the
    > vault. So everytime this womans pc started up AVG sprang into life saying
    > she had a virus. Made her bloody paranoid LOL


    Since I reformatted it seems to have gone. Just running spybot on it now
    anyway.
    --
    ~misfit~



    ---
    Outgoing mail is certified Virus Free.
    Checked by AVG anti-virus system (http://www.grisoft.com).
    Version: 6.0.515 / Virus Database: 313 - Release Date: 1/09/2003
     
    ~misfit~, Sep 5, 2003
    #14
  15. ~misfit~

    Paradox Guest

    From: "~misfit~"
    >
    > Anyone wanna look at their XP hidden and system files and folders for me
    > please and see


    2 machines, XP Pro, no 'recycler' anywhere.

    Rob
     
    Paradox, Sep 5, 2003
    #15
  16. ~misfit~

    ~misfit~ Guest

    "Paradox" <> wrote in message
    news:bj9mco$887$...
    > From: "~misfit~"
    > >
    > > Anyone wanna look at their XP hidden and system files and folders for me
    > > please and see

    >
    > 2 machines, XP Pro, no 'recycler' anywhere.


    Now that's a worry. When I open a disk drive (or partition) in 'my computer'
    every one of them has a 'recycler' bin greyed out. This is with 'show all
    files' including system files selected in tools-folder options-view (you get
    a warning about tampering with system files) The 'recycler' bin shows up
    semi-see-through, sorta what passes for greyed-out, I assume as a warning
    not to touch it.

    BTW, I'm not running any service packs or updates.
    --
    ~misfit~



    ---
    Outgoing mail is certified Virus Free.
    Checked by AVG anti-virus system (http://www.grisoft.com).
    Version: 6.0.515 / Virus Database: 313 - Release Date: 1/09/2003
     
    ~misfit~, Sep 5, 2003
    #16
  17. ~misfit~

    bambam Guest

    "~misfit~" <misfit@'SPAMTRAP'orcon.net.nz> wrote in
    news:wdW5b.137935$:

    > Strange, this doesn't tie in with what Rider said. We need more
    > people to check their machines.
    >
    > Anyone wanna look at their XP hidden and system files and folders
    > for me please and see?


    Win XP Home SP1 - No "recycler" on this box.

    --
    The last fight was my fault.
    My wife asked "what's on the TV"?
    I said "Dust"
     
    bambam, Sep 5, 2003
    #17
  18. ~misfit~

    bAZZ Guest

    bambam wrote:
    > "~misfit~" <misfit@'SPAMTRAP'orcon.net.nz> wrote in
    > news:wdW5b.137935$:
    >
    >
    >>Strange, this doesn't tie in with what Rider said. We need more
    >>people to check their machines.
    >>
    >>Anyone wanna look at their XP hidden and system files and folders
    >>for me please and see?

    >
    >
    > Win XP Home SP1 - No "recycler" on this box.
    >


    Hey misfit.

    Just to confuse the issue. XP pro SP1 and all updates.

    c:\ Recycled (with stuff I deleted earlier tonite. A few photos).

    j:\ Recycler with 6 directories named S-1-5-21-xxxxxxx-xxxxxxx-xxxxxx-1000
    and so on with different numers/letters etc. Also has WINNT\inf (greyed
    out). I just had a look at the directories and all apart from winnt
    contain the same 70 odd photos I deleted.

    And to make it even more confusing the old recyle bin is on the desktop.

    HTH (not !!!!!)
    bAZZ
     
    bAZZ, Sep 5, 2003
    #18
  19. ~misfit~

    Mainlander Guest

    In article <>,
    says...
    >
    > Well I did get down to the Resource Centre today ... their server has no
    > 'recycler' directory/ies listed either (and yes, I have 'show hidden and
    > system files' enabled down there).


    And what version of Windows is that?
     
    Mainlander, Sep 9, 2003
    #19
  20. In article <>, *@*.*
    says...
    > In article <>,
    > says...
    > >
    > > Well I did get down to the Resource Centre today ... their server has no
    > > 'recycler' directory/ies listed either (and yes, I have 'show hidden and
    > > system files' enabled down there).

    >
    > And what version of Windows is that?
    >


    XP Home on Fat32 partitions. We were talking about XP here, you know :)

    -P.

    --

    Please note munged reply address - delete the obvious ....
     
    Peter Huebner, Sep 10, 2003
    #20
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. gorf
    Replies:
    3
    Views:
    2,018
    relic
    Dec 13, 2004
  2. Andy Mann

    Trojan dropper Win32.purityscan.k

    Andy Mann, Feb 24, 2005, in forum: Computer Support
    Replies:
    1
    Views:
    654
    °Mike°
    Feb 24, 2005
  3. Big Ron

    trojan.dropper

    Big Ron, Oct 10, 2005, in forum: Computer Support
    Replies:
    1
    Views:
    545
    Brian
    Oct 10, 2005
  4. buzz Light Beer

    Trojan Dropper found in notepad.exe

    buzz Light Beer, Aug 2, 2004, in forum: Computer Security
    Replies:
    2
    Views:
    2,873
  5. ~misfit~

    Dropper.DP.A Trojan. Help please!!

    ~misfit~, Sep 6, 2003, in forum: NZ Computing
    Replies:
    4
    Views:
    521
    ~misfit~
    Sep 7, 2003
Loading...

Share This Page