Midnight Star
5 Rhenium

Re: Repetitive Virus called: Win32.SillyDI.CS Please Help

MenaceOfMen,

Your welcome! Now let's make sure there nothing else on there that HiJackThis couldn't see, then we'll need to do some final cleanup, to clean-out the recycle bin and reset your system restore points.



Download mwav.exe from MicroWorld, then:
 
1.  Double-click the mwav.exe icon to run it (it'll self extract).
2.  Click "Scan".
3.  When it completes, post back the results.
 

 
Mike.
 
0 Kudos
MenaceOfMen
1 Nickel

Re: Repetitive Virus called: Win32.SillyDI.CS Please Help

I did, there was one virus, and the rest was just adware. I will try to get rid of the adware myself, but the virus... well I got eTrust EZ Antivirus and its not the best I've ever had lol. Could you reccomend me a free virus program? Heres the list of stuff on my computer:

File C:\Documents and Settings\Joshua\Desktop\Menace\My Software\Fraps.exe infected by "TrojanSpy.Win32.Agent.ar" Virus

. Action Taken: No Action Taken.

File C:\Documents and Settings\Joshua\Desktop\Menace\My Software\Halo\Halo 2 Screensaver.exe infected by "not-a-virus:AdWare.ToolBar.Quick.a" Virus. Action Taken: No Action Taken.

File C:\Documents and Settings\Owner\Desktop\blasterball2drm3-drm3.exe infected by "not-a-virus:AdWare.WildTangent.b" Virus. Action Taken: No Action Taken.

File C:\Documents and Settings\Owner\My Documents\Vikki\My Documents\My Videos\GoldMinerSetup-dm.exe infected by "not-a-virus:AdWare.Trymedia.a" Virus. Action Taken: No Action Taken.

File C:\Documents and Settings\Owner\My Documents\Vikki\My Documents\My Videos\slyderdrm3-drm3.exe infected by "not-a-virus:AdWare.WildTangent.b" Virus. Action Taken: No Action Taken.

File C:\Documents and Settings\Owner\My Documents\Vikki\My Documents\My Videos\Yahtzee-dm.exe infected by "not-a-virus:AdWare.Trymedia.a" Virus. Action Taken: No Action Taken.

File C:\Program Files\WildTangent\blasterball2drm3-drm3.exe infected by "not-a-virus:AdWare.WildTangent.b" Virus. Action Taken: No Action Taken.

File C:\Program Files\WildTangent\blasterball2remix-drm3.exe infected by "not-a-virus:AdWare.WildTangent.b" Virus. Action Taken: No Action Taken.

File C:\Program Files\WildTangent\orbital-drm3.exe infected by "not-a-virus:AdWare.WildTangent.b" Virus. Action Taken: No Action Taken.

File C:\RECYCLER\S-1-5-21-484763869-1425521274-725345543-1003\Dc1.exe infected by "not-a-virus:AdWare.WildTangent.b" Virus. Action Taken: No Action Taken.

File C:\RECYCLER\S-1-5-21-484763869-1425521274-725345543-1003\Dc4.exe infected by "not-a-virus:AdWare.WildTangent.b" Virus. Action Taken: No Action Taken.

File C:\System Volume Information\_restore{0F9666E4-A69B-4387-9927-01C3E413C4C6}\RP1\A0000007.dll infected by "not-a-virus:AdWare.BiSpy.t" Virus. Action Taken: No Action Taken.

File C:\System Volume Information\_restore{0F9666E4-A69B-4387-9927-01C3E413C4C6}\RP1\A0000009.exe infected by "not-a-virus:AdWare.BetterInternet" Virus. Action Taken: No Action Taken.

File C:\System Volume Information\_restore{0F9666E4-A69B-4387-9927-01C3E413C4C6}\RP1\A0000012.dll infected by "not-a-virus:AdWare.ToolBar.HotSearchBar.b" Virus. Action Taken: No Action Taken.

File C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\wtvh.dll infected by "not-a-virus:AdWare.WildTangent.b" Virus. Action Taken: No Action Taken.

File C:\WINDOWS\wt\wtvh.dll infected by "not-a-virus:AdWare.WildTangent.b" Virus. Action Taken: No Action Taken.

Message Edited by MenaceOfMen on 02-01-2005 07:37 AM

0 Kudos
Midnight Star
5 Rhenium

Re: Repetitive Virus called: Win32.SillyDI.CS Please Help

MenaceOfMen,

I use Norton's myself, and recommend AVG 7.x since it's free. Many 'Agents of Malware Destruction' do recommend AVG 7.x since it seems to find some of the more prevalent problems that other anti-virus programs don't address. I really haven't had the time to research anti-virus programs yet (hopefully, that'll come later this year when I pick up a testbed system).

I ran the results you posted through a new tool i've just developed. It allows 'picking' out the 'bad' enties and let's you delete them with a single click. It's not released yet since it needs to pass through the beta-test phase to see if it's 'bug' free. But here are the file names, in a more readable fashion:
 
-
 
C:\Documents and Settings\Joshua\Desktop\Menace\My Software\Fraps.exe
C:\Documents and Settings\Joshua\Desktop\Menace\My Software\Halo\Halo 2 Screensaver.exe
C:\Documents and Settings\Owner\Desktop\blasterball2drm3-drm3.exe
 
 
C:\Documents and Settings\Owner\My Documents\Vikki\My Documents\My Videos\GoldMinerSetup-dm.exe
C:\Documents and Settings\Owner\My Documents\Vikki\My Documents\My Videos\slyderdrm3-drm3.exe
C:\Documents and Settings\Owner\My Documents\Vikki\My Documents\My Videos\Yahtzee-dm.exe
 
 
C:\Program Files\WildTangent\blasterball2drm3-drm3.exe
C:\Program Files\WildTangent\blasterball2remix-drm3.exe
C:\Program Files\WildTangent\orbital-drm3.exe
 
C:\RECYCLER\S-1-5-21-484763869-1425521274-725345543-1003\Dc1.exe
C:\RECYCLER\S-1-5-21-484763869-1425521274-725345543-1003\Dc4.exe
 
 
C:\System Volume Information\_restore{0F9666E4-A69B-4387-9927-01C3E413C4C6}\RP1\A0000007.dll
C:\System Volume Information\_restore{0F9666E4-A69B-4387-9927-01C3E413C4C6}\RP1\A0000009.exe
C:\System Volume Information\_restore{0F9666E4-A69B-4387-9927-01C3E413C4C6}\RP1\A0000012.dll
 
 
C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\wtvh.dll
 

 
Mike.
 
0 Kudos
Midnight Star
5 Rhenium

Re: Repetitive Virus called: Win32.SillyDI.CS Please Help

MenaceOfMen,

I believe this was your VX2 transponder: C:\WINDOWS\BTGrab.dll . Here's, some info on VX2:

As far as modes of infection, there can be quite a few; yours may have came in with the CWS. Later on, when I have more research time, i'll delve into the internals of that 'garbageware' more.

-

Mike.

 

0 Kudos
MenaceOfMen
1 Nickel

Re: Repetitive Virus called: Win32.SillyDI.CS Please Help

Thanks for the info about VX2. I'm cleaning the rest out as we speak. Thanks a lot man. You helped me out a lot and even taught me some new tricks for viruses. But there is one problem, I can see all my folders (including hidden) but there is no System Volume Information folder on my hard drive. I even did a search for one and nothing showed up. But what do I do about the files in the recycler that are infected? I can't find that folder either.

Message Edited by MenaceOfMen on 02-01-2005 01:38 PM

0 Kudos