How does Downloader Trojan virus infect from a webpage?

Discussion in 'Computer Support' started by Bill R, Apr 15, 2004.

  1. Bill R

    Bill R Guest

    I just accessed this tourist webpage and got notified by Norton AV that it
    was trying to infect my machine with the Downloader.Trojan virus. It seemed
    to be trying to place two .exe files onto my system (one into \Temporary
    Internet Files\ and the other into \Program Files\Internet Explorer\. My IE
    Security settings are customised to disable all the unsafe stuff, so I don't
    understand how the web-page was even able to make the attempt. But Symantec
    report that this virus has been around for a good two years. So clearly my
    education is lacking. The web-page source looks innocuous. How can this
    virus lurk in a web-page?

    wwwDOTtirnanog-kilkennyDOTcom/kilkenny_countyDOThtm

    Bill
     
    Bill R, Apr 15, 2004
    #1
    1. Advertising

  2. Bill R

    °Mike° Guest

    Norton is throwing up a false positive. There is nothing
    on that page, except javascript; KAV & eZ give it a clean
    bill of health.


    On Thu, 15 Apr 2004 15:37:59 +0000 (UTC), in
    <c5ma8m$58r$>
    Bill R scrawled:

    >I just accessed this tourist webpage and got notified by Norton AV that it
    >was trying to infect my machine with the Downloader.Trojan virus. It seemed
    >to be trying to place two .exe files onto my system (one into \Temporary
    >Internet Files\ and the other into \Program Files\Internet Explorer\. My IE
    >Security settings are customised to disable all the unsafe stuff, so I don't
    >understand how the web-page was even able to make the attempt. But Symantec
    >report that this virus has been around for a good two years. So clearly my
    >education is lacking. The web-page source looks innocuous. How can this
    >virus lurk in a web-page?
    >
    > wwwDOTtirnanog-kilkennyDOTcom/kilkenny_countyDOThtm
    >
    >Bill
    >


    --
    Basic computer maintenance
    http://uk.geocities.com/personel44/maintenance.html
     
    °Mike°, Apr 15, 2004
    #2
    1. Advertising

  3. Bill R

    Bill R Guest

    If it was a false positive, does that mean that the following files were all
    legitimate (especially the ones in \Program Files\) ? From the Norton log
    .... .. I've since deleted the quarantined files :( ... Bill

    Date: 15/04/2004, Time: 15:38:54, Bill on DEFAULT
    The file C:\WINDOWS\Temporary Internet
    Files\Content.IE5\KLU7WX2R\msits[1].exe is infected with the
    Downloader.Trojan virus.
    Unable to repair this file.

    Date: 15/04/2004, Time: 15:39:06, Bill on DEFAULT
    The file C:\WINDOWS\Temporary Internet
    Files\Content.IE5\KLU7WX2R\msits[1].exe was infected with the
    Downloader.Trojan virus.
    The file was deleted.

    Date: 15/04/2004, Time: 15:40:08, Bill on DEFAULT
    The file C:\Program Files\Internet Explorer\ksrdtwa.exe is infected with the
    Downloader.Trojan virus.
    Unable to repair this file.

    Date: 15/04/2004, Time: 15:40:12, Bill on DEFAULT
    The file C:\Program Files\Internet Explorer\ksrdtwa.exe was infected with
    the Downloader.Trojan virus.
    The file was quarantined.

    Date: 15/04/2004, Time: 15:41:50, Bill on DEFAULT
    The file C:\WINDOWS\Temporary Internet
    Files\Content.IE5\CNNN6GTX\msits[1].exe was infected with the
    Downloader.Trojan virus.
    The file was deleted.

    Date: 15/04/2004, Time: 15:41:58, Bill on DEFAULT
    The file C:\Program Files\Internet Explorer\hhwesfwa.exe is infected with
    the Downloader.Trojan virus.
    Unable to repair this file.

    Date: 15/04/2004, Time: 15:42:00, Bill on DEFAULT
    The file C:\Program Files\Internet Explorer\hhwesfwa.exe was infected with
    the Downloader.Trojan virus.
    The file was quarantined.

    Date: 15/04/2004, Time: 15:46:44, Bill on DEFAULT
    The file C:\WINDOWS\Temporary Internet
    Files\Content.IE5\2XTENYTK\msits[1].exe is infected with the
    Downloader.Trojan virus.
    Unable to repair this file.

    Date: 15/04/2004, Time: 15:46:50, Bill on DEFAULT
    The file C:\WINDOWS\Temporary Internet
    Files\Content.IE5\2XTENYTK\msits[1].exe was infected with the
    Downloader.Trojan virus.
    The file was deleted.

    Date: 15/04/2004, Time: 15:46:56, Bill on DEFAULT
    The file C:\Program Files\Internet Explorer\gwjpfnpm.exe is infected with
    the Downloader.Trojan virus.
    Unable to repair this file.

    Date: 15/04/2004, Time: 15:47:02, Bill on DEFAULT
    The file C:\Program Files\Internet Explorer\gwjpfnpm.exe was infected with
    the Downloader.Trojan virus.
    The file was quarantined.

    "°Mike°" <> wrote in message
    news:...
    > Norton is throwing up a false positive. There is nothing
    > on that page, except javascript; KAV & eZ give it a clean
    > bill of health.
    >
    >
    > On Thu, 15 Apr 2004 15:37:59 +0000 (UTC), in
    > <c5ma8m$58r$>
    > Bill R scrawled:
    >
    > >I just accessed this tourist webpage and got notified by Norton AV that

    it
    > >was trying to infect my machine with the Downloader.Trojan virus. It

    seemed
    > >to be trying to place two .exe files onto my system (one into \Temporary
    > >Internet Files\ and the other into \Program Files\Internet Explorer\. My

    IE
    > >Security settings are customised to disable all the unsafe stuff, so I

    don't
    > >understand how the web-page was even able to make the attempt. But

    Symantec
    > >report that this virus has been around for a good two years. So clearly

    my
    > >education is lacking. The web-page source looks innocuous. How can this
    > >virus lurk in a web-page?
    > >
    > > wwwDOTtirnanog-kilkennyDOTcom/kilkenny_countyDOThtm
    > >
    > >Bill
    > >

    >
    > --
    > Basic computer maintenance
    > http://uk.geocities.com/personel44/maintenance.html
     
    Bill R, Apr 15, 2004
    #3
  4. Bill R

    °Mike° Guest

    What I am saying is that those files did not come
    from that web site; they must have come from
    another source. I have browsed that page with
    I.E. and checked my cache. There is nothing
    untoward in it.


    On Thu, 15 Apr 2004 17:10:42 +0000 (UTC), in
    <c5mfmi$hdr$>
    Bill R scrawled:

    >If it was a false positive, does that mean that the following files were all
    >legitimate (especially the ones in \Program Files\) ? From the Norton log
    >... .. I've since deleted the quarantined files :( ... Bill
    >
    >Date: 15/04/2004, Time: 15:38:54, Bill on DEFAULT
    >The file C:\WINDOWS\Temporary Internet
    >Files\Content.IE5\KLU7WX2R\msits[1].exe is infected with the
    >Downloader.Trojan virus.
    >Unable to repair this file.
    >
    >Date: 15/04/2004, Time: 15:39:06, Bill on DEFAULT
    >The file C:\WINDOWS\Temporary Internet
    >Files\Content.IE5\KLU7WX2R\msits[1].exe was infected with the
    >Downloader.Trojan virus.
    >The file was deleted.
    >
    >Date: 15/04/2004, Time: 15:40:08, Bill on DEFAULT
    >The file C:\Program Files\Internet Explorer\ksrdtwa.exe is infected with the
    >Downloader.Trojan virus.
    >Unable to repair this file.
    >
    >Date: 15/04/2004, Time: 15:40:12, Bill on DEFAULT
    >The file C:\Program Files\Internet Explorer\ksrdtwa.exe was infected with
    >the Downloader.Trojan virus.
    >The file was quarantined.
    >
    >Date: 15/04/2004, Time: 15:41:50, Bill on DEFAULT
    >The file C:\WINDOWS\Temporary Internet
    >Files\Content.IE5\CNNN6GTX\msits[1].exe was infected with the
    >Downloader.Trojan virus.
    >The file was deleted.
    >
    >Date: 15/04/2004, Time: 15:41:58, Bill on DEFAULT
    >The file C:\Program Files\Internet Explorer\hhwesfwa.exe is infected with
    >the Downloader.Trojan virus.
    >Unable to repair this file.
    >
    >Date: 15/04/2004, Time: 15:42:00, Bill on DEFAULT
    >The file C:\Program Files\Internet Explorer\hhwesfwa.exe was infected with
    >the Downloader.Trojan virus.
    >The file was quarantined.
    >
    >Date: 15/04/2004, Time: 15:46:44, Bill on DEFAULT
    >The file C:\WINDOWS\Temporary Internet
    >Files\Content.IE5\2XTENYTK\msits[1].exe is infected with the
    >Downloader.Trojan virus.
    >Unable to repair this file.
    >
    >Date: 15/04/2004, Time: 15:46:50, Bill on DEFAULT
    >The file C:\WINDOWS\Temporary Internet
    >Files\Content.IE5\2XTENYTK\msits[1].exe was infected with the
    >Downloader.Trojan virus.
    >The file was deleted.
    >
    >Date: 15/04/2004, Time: 15:46:56, Bill on DEFAULT
    >The file C:\Program Files\Internet Explorer\gwjpfnpm.exe is infected with
    >the Downloader.Trojan virus.
    >Unable to repair this file.
    >
    >Date: 15/04/2004, Time: 15:47:02, Bill on DEFAULT
    >The file C:\Program Files\Internet Explorer\gwjpfnpm.exe was infected with
    >the Downloader.Trojan virus.
    >The file was quarantined.
    >
    >"°Mike°" <> wrote in message
    >news:...
    >> Norton is throwing up a false positive. There is nothing
    >> on that page, except javascript; KAV & eZ give it a clean
    >> bill of health.
    >>
    >>
    >> On Thu, 15 Apr 2004 15:37:59 +0000 (UTC), in
    >> <c5ma8m$58r$>
    >> Bill R scrawled:
    >>
    >> >I just accessed this tourist webpage and got notified by Norton AV that

    >it
    >> >was trying to infect my machine with the Downloader.Trojan virus. It

    >seemed
    >> >to be trying to place two .exe files onto my system (one into \Temporary
    >> >Internet Files\ and the other into \Program Files\Internet Explorer\. My

    >IE
    >> >Security settings are customised to disable all the unsafe stuff, so I

    >don't
    >> >understand how the web-page was even able to make the attempt. But

    >Symantec
    >> >report that this virus has been around for a good two years. So clearly

    >my
    >> >education is lacking. The web-page source looks innocuous. How can this
    >> >virus lurk in a web-page?
    >> >
    >> > wwwDOTtirnanog-kilkennyDOTcom/kilkenny_countyDOThtm
    >> >
    >> >Bill
    >> >

    >>
    >> --
    >> Basic computer maintenance
    >> http://uk.geocities.com/personel44/maintenance.html

    >


    --
    Basic computer maintenance
    http://uk.geocities.com/personel44/maintenance.html
     
    °Mike°, Apr 15, 2004
    #4
  5. Bill R

    Speck Tater Guest

    Maybe you can check you temp directory and see if the executables "Bridge"
    and "Optimize" have been infected. I had the trojan problem a couple of
    weeks ago.


    "Bill R" <> wrote in message
    news:c5ma8m$58r$...
    > I just accessed this tourist webpage and got notified by Norton AV that it
    > was trying to infect my machine with the Downloader.Trojan virus. It

    seemed
    > to be trying to place two .exe files onto my system (one into \Temporary
    > Internet Files\ and the other into \Program Files\Internet Explorer\. My

    IE
    > Security settings are customised to disable all the unsafe stuff, so I

    don't
    > understand how the web-page was even able to make the attempt. But

    Symantec
    > report that this virus has been around for a good two years. So clearly my
    > education is lacking. The web-page source looks innocuous. How can this
    > virus lurk in a web-page?
    >
    > wwwDOTtirnanog-kilkennyDOTcom/kilkenny_countyDOThtm
    >
    > Bill
    >
    >
     
    Speck Tater, Apr 15, 2004
    #5
  6. Bill R

    alan jeeves Guest

    "Speck Tater" <> wrote in message
    news:43Bfc.33337$...
    > Maybe you can check you temp directory and see if the executables "Bridge"
    > and "Optimize" have been infected. I had the trojan problem a couple of
    > weeks ago.
    >
    >
    > "Bill R" <> wrote in message
    > news:c5ma8m$58r$...
    > > I just accessed this tourist webpage and got notified by Norton AV that

    it
    > > was trying to infect my machine with the Downloader.Trojan virus. It

    > seemed
    > > to be trying to place two .exe files onto my system (one into \Temporary
    > > Internet Files\ and the other into \Program Files\Internet Explorer\.

    My
    > IE
    > > Security settings are customised to disable all the unsafe stuff, so I

    > don't
    > > understand how the web-page was even able to make the attempt. But

    > Symantec
    > > report that this virus has been around for a good two years. So clearly

    my
    > > education is lacking. The web-page source looks innocuous. How can this
    > > virus lurk in a web-page?
    > >
    > > wwwDOTtirnanog-kilkennyDOTcom/kilkenny_countyDOThtm
    > >
    > > Bill
    > >
    > >

    >
    >



    I've got that problem now - everytime (lately) i boot my PC AVG notifies me
    that i have a virus (Trojan horse Downloader Snall 4.D) then i remove it
    (well AVG says repaire - so i make sure i delete it) but it comes back.

    Can someone answer the following Qs for me please:
    Is there a way to stop this (the above)?
    Can it recreate itself without me going to the website that I downloaded the
    virus to my PC? Even though i have deleted it.
    And how can i stop IE downloading the trojans/viruses in the future - i use
    Zonealarm and AVG on winXP all fully patched / updated.

    Thanks.

    Alan.
     
    alan jeeves, Apr 16, 2004
    #6
  7. Bill R

    alan jeeves Guest

    "alan jeeves" <> wrote in message
    news:c5neoo$4cn$2surf.net...
    >
    > "Speck Tater" <> wrote in message
    > news:43Bfc.33337$...
    > > Maybe you can check you temp directory and see if the executables

    "Bridge"
    > > and "Optimize" have been infected. I had the trojan problem a couple of
    > > weeks ago.
    > >
    > >
    > > "Bill R" <> wrote in message
    > > news:c5ma8m$58r$...
    > > > I just accessed this tourist webpage and got notified by Norton AV

    that
    > it
    > > > was trying to infect my machine with the Downloader.Trojan virus. It

    > > seemed
    > > > to be trying to place two .exe files onto my system (one into

    \Temporary
    > > > Internet Files\ and the other into \Program Files\Internet Explorer\.

    > My
    > > IE
    > > > Security settings are customised to disable all the unsafe stuff, so I

    > > don't
    > > > understand how the web-page was even able to make the attempt. But

    > > Symantec
    > > > report that this virus has been around for a good two years. So

    clearly
    > my
    > > > education is lacking. The web-page source looks innocuous. How can

    this
    > > > virus lurk in a web-page?
    > > >
    > > > wwwDOTtirnanog-kilkennyDOTcom/kilkenny_countyDOThtm
    > > >
    > > > Bill
    > > >
    > > >

    > >
    > >

    >
    >
    > I've got that problem now - everytime (lately) i boot my PC AVG notifies

    me
    > that i have a virus (Trojan horse Downloader Snall 4.D) then i remove it
    > (well AVG says repaire - so i make sure i delete it) but it comes back.
    >
    > Can someone answer the following Qs for me please:
    > Is there a way to stop this (the above)?
    > Can it recreate itself without me going to the website that I downloaded

    the
    > virus to my PC? Even though i have deleted it.
    > And how can i stop IE downloading the trojans/viruses in the future - i

    use
    > Zonealarm and AVG on winXP all fully patched / updated.
    >
    > Thanks.
    >
    > Alan.
    >
    >


    opps sorry just found the post titled: "trojan - bridge.exe" which answered
    the most importnant Qs - sorry!
     
    alan jeeves, Apr 16, 2004
    #7
  8. Bill R

    Barry OGrady Guest

    On Fri, 16 Apr 2004 03:01:56 +0100, "alan jeeves" <> wrote:

    >
    >"Speck Tater" <> wrote in message
    >news:43Bfc.33337$...
    >> Maybe you can check you temp directory and see if the executables "Bridge"
    >> and "Optimize" have been infected. I had the trojan problem a couple of
    >> weeks ago.
    >>
    >>
    >> "Bill R" <> wrote in message
    >> news:c5ma8m$58r$...
    >> > I just accessed this tourist webpage and got notified by Norton AV that

    >it
    >> > was trying to infect my machine with the Downloader.Trojan virus. It

    >> seemed
    >> > to be trying to place two .exe files onto my system (one into \Temporary
    >> > Internet Files\ and the other into \Program Files\Internet Explorer\.

    >My
    >> IE
    >> > Security settings are customised to disable all the unsafe stuff, so I

    >> don't
    >> > understand how the web-page was even able to make the attempt. But

    >> Symantec
    >> > report that this virus has been around for a good two years. So clearly

    >my
    >> > education is lacking. The web-page source looks innocuous. How can this
    >> > virus lurk in a web-page?
    >> >
    >> > wwwDOTtirnanog-kilkennyDOTcom/kilkenny_countyDOThtm
    >> >
    >> > Bill
    >> >
    >> >

    >>
    >>

    >
    >
    >I've got that problem now - everytime (lately) i boot my PC AVG notifies me
    >that i have a virus (Trojan horse Downloader Snall 4.D) then i remove it
    >(well AVG says repaire - so i make sure i delete it) but it comes back.
    >
    >Can someone answer the following Qs for me please:
    >Is there a way to stop this (the above)?
    >Can it recreate itself without me going to the website that I downloaded the
    >virus to my PC? Even though i have deleted it.
    >And how can i stop IE downloading the trojans/viruses in the future - i use
    >Zonealarm and AVG on winXP all fully patched / updated.



    Are you aware that something is causing your Is to come through as lower case?
    It looks really wierd.

    >
    >Thanks.
    >
    >Alan.
    >



    -Barry
    ========
    Web page: http://members.optusnet.com.au/~barry.og
    Atheist, radio scanner, LIPD information.
     
    Barry OGrady, Apr 16, 2004
    #8
  9. Bill R

    fascistwatch Guest

    Are you aware of something that changes your e and i back to front,it looks
    really stupid.
    "Barry OGrady" <> wrote in message
    news:...
    > On Fri, 16 Apr 2004 03:01:56 +0100, "alan jeeves" <> wrote:
    >
    > >
    > >"Speck Tater" <> wrote in message
    > >news:43Bfc.33337$...
    > >> Maybe you can check you temp directory and see if the executables

    "Bridge"
    > >> and "Optimize" have been infected. I had the trojan problem a couple

    of
    > >> weeks ago.
    > >>
    > >>
    > >> "Bill R" <> wrote in message
    > >> news:c5ma8m$58r$...
    > >> > I just accessed this tourist webpage and got notified by Norton AV

    that
    > >it
    > >> > was trying to infect my machine with the Downloader.Trojan virus. It
    > >> seemed
    > >> > to be trying to place two .exe files onto my system (one into

    \Temporary
    > >> > Internet Files\ and the other into \Program Files\Internet Explorer\.

    > >My
    > >> IE
    > >> > Security settings are customised to disable all the unsafe stuff, so

    I
    > >> don't
    > >> > understand how the web-page was even able to make the attempt. But
    > >> Symantec
    > >> > report that this virus has been around for a good two years. So

    clearly
    > >my
    > >> > education is lacking. The web-page source looks innocuous. How can

    this
    > >> > virus lurk in a web-page?
    > >> >
    > >> > wwwDOTtirnanog-kilkennyDOTcom/kilkenny_countyDOThtm
    > >> >
    > >> > Bill
    > >> >
    > >> >
    > >>
    > >>

    > >
    > >
    > >I've got that problem now - everytime (lately) i boot my PC AVG notifies

    me
    > >that i have a virus (Trojan horse Downloader Snall 4.D) then i remove it
    > >(well AVG says repaire - so i make sure i delete it) but it comes back.
    > >
    > >Can someone answer the following Qs for me please:
    > >Is there a way to stop this (the above)?
    > >Can it recreate itself without me going to the website that I downloaded

    the
    > >virus to my PC? Even though i have deleted it.
    > >And how can i stop IE downloading the trojans/viruses in the future - i

    use
    > >Zonealarm and AVG on winXP all fully patched / updated.

    >
    >
    > Are you aware that something is causing your Is to come through as lower

    case?
    > It looks really wierd.
    >
    > >
    > >Thanks.
    > >
    > >Alan.
    > >

    >
    >
    > -Barry
    > ========
    > Web page: http://members.optusnet.com.au/~barry.og
    > Atheist, radio scanner, LIPD information.
     
    fascistwatch, Apr 16, 2004
    #9
  10. Bill R

    pedant Guest

    Are you aware of something that changes your e and i back to front,it looks
    really stupid.
    "Barry OGrady" <> wrote in message
    news:...
    > On Fri, 16 Apr 2004 03:01:56 +0100, "alan jeeves" <> wrote:
    >
    > >
    > >"Speck Tater" <> wrote in message
    > >news:43Bfc.33337$...
    > >> Maybe you can check you temp directory and see if the executables

    "Bridge"
    > >> and "Optimize" have been infected. I had the trojan problem a couple

    of
    > >> weeks ago.
    > >>
    > >>
    > >> "Bill R" <> wrote in message
    > >> news:c5ma8m$58r$...
    > >> > I just accessed this tourist webpage and got notified by Norton AV

    that
    > >it
    > >> > was trying to infect my machine with the Downloader.Trojan virus. It
    > >> seemed
    > >> > to be trying to place two .exe files onto my system (one into

    \Temporary
    > >> > Internet Files\ and the other into \Program Files\Internet Explorer\.

    > >My
    > >> IE
    > >> > Security settings are customised to disable all the unsafe stuff, so

    I
    > >> don't
    > >> > understand how the web-page was even able to make the attempt. But
    > >> Symantec
    > >> > report that this virus has been around for a good two years. So

    clearly
    > >my
    > >> > education is lacking. The web-page source looks innocuous. How can

    this
    > >> > virus lurk in a web-page?
    > >> >
    > >> > wwwDOTtirnanog-kilkennyDOTcom/kilkenny_countyDOThtm
    > >> >
    > >> > Bill
    > >> >
    > >> >
    > >>
    > >>

    > >
    > >
    > >I've got that problem now - everytime (lately) i boot my PC AVG notifies

    me
    > >that i have a virus (Trojan horse Downloader Snall 4.D) then i remove it
    > >(well AVG says repaire - so i make sure i delete it) but it comes back.
    > >
    > >Can someone answer the following Qs for me please:
    > >Is there a way to stop this (the above)?
    > >Can it recreate itself without me going to the website that I downloaded

    the
    > >virus to my PC? Even though i have deleted it.
    > >And how can i stop IE downloading the trojans/viruses in the future - i

    use
    > >Zonealarm and AVG on winXP all fully patched / updated.

    >
    >
    > Are you aware that something is causing your Is to come through as lower

    case?
    > It looks really wierd.
    >
    > >
    > >Thanks.
    > >
    > >Alan.
    > >

    >
    >
    > -Barry
    > ========
    > Web page: http://members.optusnet.com.au/~barry.og
    > Atheist, radio scanner, LIPD information.
     
    pedant, Apr 16, 2004
    #10
  11. Bill R

    Bill R Guest

    Seems so, Mike. Seemed to be a false positive AND nothing to do with the
    site. Trendmicro could't find anything, but NAV still moaned, so I let a
    NAV full scan delete the temporary-ish files it wasn't happy with (had to
    disable System Restore for this), and thereafter it was happy again. Thanks
    for checking.

    Bill

    "°Mike°" <> wrote in message
    news:...
    > What I am saying is that those files did not come
    > from that web site; they must have come from
    > another source. I have browsed that page with
    > I.E. and checked my cache. There is nothing
    > untoward in it.
    >
    >
    > On Thu, 15 Apr 2004 17:10:42 +0000 (UTC), in
    > <c5mfmi$hdr$>
    > Bill R scrawled:
    >
    > >If it was a false positive, does that mean that the following files were

    all
    > >legitimate (especially the ones in \Program Files\) ? From the Norton log
    > >... .. I've since deleted the quarantined files :( ... Bill
    > >
    > >Date: 15/04/2004, Time: 15:38:54, Bill on DEFAULT
    > >The file C:\WINDOWS\Temporary Internet
    > >Files\Content.IE5\KLU7WX2R\msits[1].exe is infected with the
    > >Downloader.Trojan virus.
    > >Unable to repair this file.
    > >
    > >Date: 15/04/2004, Time: 15:39:06, Bill on DEFAULT
    > >The file C:\WINDOWS\Temporary Internet
    > >Files\Content.IE5\KLU7WX2R\msits[1].exe was infected with the
    > >Downloader.Trojan virus.
    > >The file was deleted.
    > >
    > >Date: 15/04/2004, Time: 15:40:08, Bill on DEFAULT
    > >The file C:\Program Files\Internet Explorer\ksrdtwa.exe is infected with

    the
    > >Downloader.Trojan virus.
    > >Unable to repair this file.
    > >
    > >Date: 15/04/2004, Time: 15:40:12, Bill on DEFAULT
    > >The file C:\Program Files\Internet Explorer\ksrdtwa.exe was infected with
    > >the Downloader.Trojan virus.
    > >The file was quarantined.
    > >
    > >Date: 15/04/2004, Time: 15:41:50, Bill on DEFAULT
    > >The file C:\WINDOWS\Temporary Internet
    > >Files\Content.IE5\CNNN6GTX\msits[1].exe was infected with the
    > >Downloader.Trojan virus.
    > >The file was deleted.
    > >
    > >Date: 15/04/2004, Time: 15:41:58, Bill on DEFAULT
    > >The file C:\Program Files\Internet Explorer\hhwesfwa.exe is infected with
    > >the Downloader.Trojan virus.
    > >Unable to repair this file.
    > >
    > >Date: 15/04/2004, Time: 15:42:00, Bill on DEFAULT
    > >The file C:\Program Files\Internet Explorer\hhwesfwa.exe was infected

    with
    > >the Downloader.Trojan virus.
    > >The file was quarantined.
    > >
    > >Date: 15/04/2004, Time: 15:46:44, Bill on DEFAULT
    > >The file C:\WINDOWS\Temporary Internet
    > >Files\Content.IE5\2XTENYTK\msits[1].exe is infected with the
    > >Downloader.Trojan virus.
    > >Unable to repair this file.
    > >
    > >Date: 15/04/2004, Time: 15:46:50, Bill on DEFAULT
    > >The file C:\WINDOWS\Temporary Internet
    > >Files\Content.IE5\2XTENYTK\msits[1].exe was infected with the
    > >Downloader.Trojan virus.
    > >The file was deleted.
    > >
    > >Date: 15/04/2004, Time: 15:46:56, Bill on DEFAULT
    > >The file C:\Program Files\Internet Explorer\gwjpfnpm.exe is infected with
    > >the Downloader.Trojan virus.
    > >Unable to repair this file.
    > >
    > >Date: 15/04/2004, Time: 15:47:02, Bill on DEFAULT
    > >The file C:\Program Files\Internet Explorer\gwjpfnpm.exe was infected

    with
    > >the Downloader.Trojan virus.
    > >The file was quarantined.
    > >
    > >"°Mike°" <> wrote in message
    > >news:...
    > >> Norton is throwing up a false positive. There is nothing
    > >> on that page, except javascript; KAV & eZ give it a clean
    > >> bill of health.
    > >>
    > >>
    > >> On Thu, 15 Apr 2004 15:37:59 +0000 (UTC), in
    > >> <c5ma8m$58r$>
    > >> Bill R scrawled:
    > >>
    > >> >I just accessed this tourist webpage and got notified by Norton AV

    that
    > >it
    > >> >was trying to infect my machine with the Downloader.Trojan virus. It

    > >seemed
    > >> >to be trying to place two .exe files onto my system (one into

    \Temporary
    > >> >Internet Files\ and the other into \Program Files\Internet Explorer\.

    My
    > >IE
    > >> >Security settings are customised to disable all the unsafe stuff, so I

    > >don't
    > >> >understand how the web-page was even able to make the attempt. But

    > >Symantec
    > >> >report that this virus has been around for a good two years. So

    clearly
    > >my
    > >> >education is lacking. The web-page source looks innocuous. How can

    this
    > >> >virus lurk in a web-page?
    > >> >
    > >> > wwwDOTtirnanog-kilkennyDOTcom/kilkenny_countyDOThtm
    > >> >
    > >> >Bill
    > >> >
    > >>
    > >> --
    > >> Basic computer maintenance
    > >> http://uk.geocities.com/personel44/maintenance.html

    > >

    >
    > --
    > Basic computer maintenance
    > http://uk.geocities.com/personel44/maintenance.html
     
    Bill R, Apr 17, 2004
    #11
  12. Bill R

    °Mike° Guest

    You're welcome.


    On Sat, 17 Apr 2004 09:18:32 +0000 (UTC), in
    <c5qsp8$a13$>
    Bill R scrawled:

    >Seems so, Mike. Seemed to be a false positive AND nothing to do with the
    >site. Trendmicro could't find anything, but NAV still moaned, so I let a
    >NAV full scan delete the temporary-ish files it wasn't happy with (had to
    >disable System Restore for this), and thereafter it was happy again. Thanks
    >for checking.
    >
    >Bill
    >
    >"°Mike°" <> wrote in message
    >news:...
    >> What I am saying is that those files did not come
    >> from that web site; they must have come from
    >> another source. I have browsed that page with
    >> I.E. and checked my cache. There is nothing
    >> untoward in it.

    >

    <snip>

    --
    Basic computer maintenance
    http://uk.geocities.com/personel44/maintenance.html
     
    °Mike°, Apr 17, 2004
    #12
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Smiley

    Can Viruses infect .AVI files???

    Smiley, Jun 26, 2003, in forum: Computer Support
    Replies:
    109
    Views:
    38,105
    akshaypaygude
    May 17, 2011
  2. Trent

    Sobig, can it infect WITHOUT opening

    Trent, Aug 21, 2003, in forum: Computer Support
    Replies:
    0
    Views:
    515
    Trent
    Aug 21, 2003
  3. °Mike°

    Trojan virus downloader!!

    °Mike°, Aug 5, 2004, in forum: Computer Support
    Replies:
    6
    Views:
    1,492
    PuppyKatt
    Aug 6, 2004
  4. fjwilson

    Cannot remove downloader trojan virus

    fjwilson, Nov 7, 2003, in forum: Computer Information
    Replies:
    3
    Views:
    3,840
  5. James
    Replies:
    0
    Views:
    517
    James
    Dec 6, 2008
Loading...

Share This Page