sntooth
2008-02-01, 07:21
Spybot identifies Win32.tiny.abk on my system but cannot remove it.
I am running Spybot S & D 1.5.1.15 update 1/31/08. Windows XP SP2, all updates.
I have tried with earlier versions and I have tried in safe mode.The files which are identified are removed by S&D, but then return after a restart, and ONLY after I enable my network connection.
The files identified by the latest version are
C:\Windows\Temp\7CF28762C38CA0D4.tmp
C:\Windows\Temp\AE8AB41F91F72503.tmp
Previous versions of S&D (1.4) also identified the following:
C:\Windows\Temp\3D6627311AA2FDBD.tmp
C:\Windows\Temp\8AF12AB59DCE7145.tmp
but these files are no longer identified by S & D as part of the Win32.tiny.abk threat, even though they appear with the other tmp files on a restart.
I was originally infected by clicking on a link sent to me in a 'spoofed' instant message in Pidgin from one of my contacts. S&D picked up on Win32.BHO.je and fixed that problem. Also, I found and deleted the following files:
C:\windlsvc.exe
C:\ducvb.exe
C:\Program Files\Helper\superfindout.dll
One other thing I have noticed is that there is constant activity on my network connection; sending & receiving, approx 5kb/s.
I received a warning from my ISP for 'unwanted activity', so I tried the 'netstat'
command in DOS, and it spit out a list of hundreds of connections/sites in different HTTP states.
No other anti-virus can find anything, except for AVG which tells me that shell32.dll has been changed.
Please help! Thanks for any suggestions.
I am running Spybot S & D 1.5.1.15 update 1/31/08. Windows XP SP2, all updates.
I have tried with earlier versions and I have tried in safe mode.The files which are identified are removed by S&D, but then return after a restart, and ONLY after I enable my network connection.
The files identified by the latest version are
C:\Windows\Temp\7CF28762C38CA0D4.tmp
C:\Windows\Temp\AE8AB41F91F72503.tmp
Previous versions of S&D (1.4) also identified the following:
C:\Windows\Temp\3D6627311AA2FDBD.tmp
C:\Windows\Temp\8AF12AB59DCE7145.tmp
but these files are no longer identified by S & D as part of the Win32.tiny.abk threat, even though they appear with the other tmp files on a restart.
I was originally infected by clicking on a link sent to me in a 'spoofed' instant message in Pidgin from one of my contacts. S&D picked up on Win32.BHO.je and fixed that problem. Also, I found and deleted the following files:
C:\windlsvc.exe
C:\ducvb.exe
C:\Program Files\Helper\superfindout.dll
One other thing I have noticed is that there is constant activity on my network connection; sending & receiving, approx 5kb/s.
I received a warning from my ISP for 'unwanted activity', so I tried the 'netstat'
command in DOS, and it spit out a list of hundreds of connections/sites in different HTTP states.
No other anti-virus can find anything, except for AVG which tells me that shell32.dll has been changed.
Please help! Thanks for any suggestions.