Mobile/PDA About Us Advertise here
User User name Password  
  Not registered yet? Register here.
Lost your password? Click here. 		 
  Home   News   Guides   Downloads   Glossary   Hardware   Profiles   Forums   v4  
 Advertise at AfterDawn.com     Link to us!     Private messages     Compose a private message     List of all updated threads     Threads without replies     Search messages
Sunday 9.3.2025 / 15:53
Search AfterDawn Forums:        In English   Suomeksi   På svenska
afterdawn.com > forums > software, operating systems and more > windows - virus and spyware problems > winzip_8.x_(including_sr).rar_virus_trojan
Show topics
 
Forums
Forums
WinZip_8.x_(including_SR).rar_virus_trojan
  Jump to:
 
Posted Message
tegas
Newbie
_ 		16. February 2008 @ 18:23 _ Link to this message    Send private message to this user   
WinZip_8.x_(including_SR).rar_virus_trojan

symptoms
----------
slow computer;
hijacked web-browser start page with "...jack..." in the url;
creation of extra temp files in root;
creation of folder called WinZip 8.x (including SR) which is
undeletable, unremovable, unrenamable.

process of infection
---------------------
on internet,
57946.html --> (there is also a popup window);
download link --> leads to WinZip 8.x (including SR).rar
unpacking the rar gives:
code57496.txt
crack.exe
keygen.exe
click on crack.exe
click on keygen.exe

unknown which of these steps is responsible for the infection.

full scan with a current "Microsoft® Windows® Malicious Software Removal Tool"
revealed no positive infections.

for the source code of html, see 57946.html.jpg

[img]57946.html.jpg[/img]
[ + quote]
Advertisement
_ 		__
QuikDraw
Senior Member
_ 		16. February 2008 @ 20:39 _ Link to this message    Send private message to this user   
Here is the link you copied and pasted here. Are you just trying to pass infomation or are you in need of assistance?

http://www.dellcommunity.com/supportforu...essage.id=66250
[ + quote]
tegas
Newbie
_ 		26. February 2008 @ 20:26 _ Link to this message    Send private message to this user   
hi again,
i guess i'm trying to inform people. it's too late for my computer.
but i did further research & it looks like the files contain 2 trojans.
the vundo and a dialer.
here is an addition to my first post: http://tegasvegas.orgfree.com/
[ + quote]
LTDevil
Suspended due to non-functional email address
_ 		26. February 2008 @ 21:01 _ Link to this message    Send private message to this user   
Why is it too late for your computer, did you already reformat?
[ + quote]
tegas
Newbie
_ 		28. February 2008 @ 15:15 _ Link to this message    Send private message to this user   
yes i have reformatted computer with a fresh install using the included discs.
but more to the point: the two anti-vundo cleaners i found were -
vundofix.exe by Atribune (version 6.7.9 built late2007/early2008)
fixvundo.exe by Symantec (version 1.5 built 2005? 2006?)

i think vundoFix would be the better choice as it is more current.

(p.s. a subsequent virus-scan says the trojan is called vundo-1137)

thanks to all concerned.
sincerely, tegas.

p.p.s. i am going to download hjt for use in the future if needed. (another newbie question though, ... does hjt become dated? ie, do you need a current hjt to look for infections)
[ + quote]
Advertisement
_ 		__
 
_
QuikDraw
Senior Member
_ 		28. February 2008 @ 16:08 _ Link to this message    Send private message to this user   
Here's some of the information you asked about.
Download the newest version of HijackThis here.
Here's the online analyzer. http://www.hijackthis.de/
And here's some instructions for using the analyzer. http://www.bleepingcomputer.com/tutorials/tutorial42.html
The rest will come with experience. Google the entries you don't understand. Ask questions.

Take care...

Quikdraw
[ + quote]

This message has been edited since posting. Last time this message was edited on 28. February 2008 @ 19:53
afterdawn.com > forums > software, operating systems and more > windows - virus and spyware problems > winzip_8.x_(including_sr).rar_virus_trojan
 

Digital video: AfterDawn.com | AfterDawn Forums
Music: MP3Lizard.com
Gaming: Blasteroids.com | Blasteroids Forums | Compare game prices
Software: Software downloads
Blogs: User profile pages
RSS feeds: AfterDawn.com News | Software updates | AfterDawn Forums
International: AfterDawn in Finnish | AfterDawn in Swedish | AfterDawn in Norwegian | download.fi
Navigate: Search | Site map
About us: About AfterDawn Ltd | Advertise on our sites | Rules, Restrictions, Legal disclaimer & Privacy policy
Contact us: Send feedback | Contact our media sales team
 
  © 1999-2025 by AfterDawn Ltd.

  IDG TechNetwork