DivoCodec Still lingers [Archive] - Safer-Networking Forums

View Full Version : DivoCodec Still lingers

thewird

2007-10-13, 11:10

In your latest update it says it detects the Trojan DivoCodec which I installed stupidly trying to watch a video.

Anyway I ran Spybot and it founds some things and i told it to remove everything. I then rebooted in case that was necessary but I'm still getting the IE pops even though I use Firefox. So the DivoCodec isn't fully detectable/removable by Spybot.

thewird

tashi

2007-10-15, 04:38

Hello.

Thank you for letting us know, did you try running Spybot-S&D in safe mode and are you using version 1.5?

Regards.

thewird

2007-10-15, 10:17

I have 1.5 fully updates yes. I tried scanning in safe mode for both administrator and my account and it didn't find anything new (except for some cookies). The popups still continue.

thewird

tashi

2007-10-15, 16:40

Hello.

Please produce a complete Spybot scan report:

Open Spybot-S&D and start a scan ("check for problems"). After the scan, right-click in the results field and choose either "Save full report to file..." or "Copy full report to clipboard".

Attach the file (or copy the report) to an email and send it to: detections(at)spybot.info (Replace AT with @)

Then follow the procedure in this link:
"BEFORE you POST"(READ this Procedure BEFORE Requesting Assistance) (http://forums.spybot.info/showthread.php?t=288)

Start your own thread in the Malware Removal Forum (http://forums.spybot.info/forumdisplay.php?f=22)

A helper will advise you when available. Cheers.

DavidWILLARD

2007-12-22, 21:59

I managed to remove the Divocodec that was errantly installed by my daughter. I cleaned the registry of its Run values, but now I cannot play .avi files. If I rename the files to .wmv , they will play. I attempted reloading of Windows Media player 11 on my copy of XP Pro, but to no avail.
The .mpg format works just fine.

There has to be a decent way to re-register the .avi handler or registry information that points to the original again.
Suggestions?

bryanviper

2008-02-28, 07:33

Hello,

I have the same issue, Spybot S&D found the divo codec in the registry and other places & said it removed it & after a restart I still get pop ups in IE.

I have scanned in safe mode & made sure to update the program to the latest version but its still somewhere on my system.

Thanks

tashi

2008-02-28, 16:33

Hi bryanviper,

The exploit uses code that mutates, it would be best if you followed the procedure in this link:
"BEFORE you POST"(READ this Procedure BEFORE Requesting Assistance) (http://forums.spybot.info/showthread.php?t=288) and start a thread in the Malware Removal Forum (http://forums.spybot.info/forumdisplay.php?f=22)

A helper will analyze the log/s and advise you when available.

Best regards.