EdjuMaKateMe
join:2004-01-01
Marathon, ON
| Question on A2 scan results?
Having downloaded and scanned my sister's computer with a2 it showed 87 what it called worms and backdoors.
in the worm category where:
C:\WINDOWS\wTemp32\Ad-aware 6.exe
C:\WINDOWS\wTemp32\Spybot-Search & Destroy.exe
and others that i thought were legitimate.
What gives, why are these being called worms?
I have been online for 6 months now and I really lucked out finding this forum. I read and follow most of the advice given by the experts.
I told my sister her computer is beyond manual repair and had her disconnect from the internet. I explained as best i could that her computer and other computers like hers are a big problem for the internet community and how her computer may be owned by others. After the a2 scan i did not bother with other anti-critter software.
Under my advise she is going to save her data and reformat the hard disk, she is also going to purchase a NAT router. She lives a long distance from me so I will be communicating and giving her advise and links via e-mail.
Her son is 18yrs old and like most teenagers he has many types of instant messengers and plays online games. What would be a good, easy to setup NAT router for his internet life style? Cheap is good. |
|
StraitShoot
Who Loves Ya Baby? - Theo Kojak
Premium
join:2003-02-08
Clinton, MA | I probably would get a second opinion, I really don't know if I can trust A2 much.
--
Walk Softly and Carry a Big Stick, LOL |
|
Name Game
Premium
join:2002-07-07
North Myrtle Beach, SC
| reply to EdjuMaKateMe
Do not understand that path you presented since I have never hear of a wTemp32 folder ??? Nevertheless on each of those programs Spybot and Adaware what you appear to have there is the "INSTALLER" for both of them that were kept in that folder not the programs themselves. If that is correct you can drag them to the trash..and I could see where A2 would alert you they are on your PC...but they could also be worms made up to be those .exe names.
I sugguest you send them in to the developer of A2 and find out.
Glad it helped you find 87 other ones..do you question any of thoses ?? 
--
Gladiator Security Forum »www.gladiator-antivirus.com/ Missing Kidshttp://www.missingkids.com/ |
|
Name Game
Premium
join:2002-07-07
North Myrtle Beach, SC
1 edit | reply to EdjuMaKateMe
It appears to me you have this......;) Among other worms... I would do a deep cleaning of that hard drive....followed by a reformat and reinstall of the OS.
W32/Sddrop-B
Type
Win32 worm
Detection
Detected by Sophos Anti-Virus since April 2003.
Description
W32/Sddrop-B is a worm that spreads via KaZaA and iMesh.
W32/Sddrop-B copies itself to C:\\System as the file ms_32.exe and to C:\\wTemp32 as the following hidden files:
Ad-aware 6.exe
American Flag Screensaver.exe
Anno 1503_crack.exe C&C
AOL_Instant_Messenger.exe
AVIPreview.exe
Battlefield1942_keygen.exe
bf1942 crack (new).exe
Boost XP.exe
C&C G patch (new).exe
C&C Generals Crack 3.0.exe
Cursor XP.exe
Daemon Tools.exe
Diablo 2 Crack.exe
Diet KaZaA.exe
DirectX_9.exe
Divx Bundle +XViD.exe
Divx_Bundle_Package_Crack.exe
Download Accelerator Plus 6.0.exe
DVD RipPlus 2.3.exe
eTrust_EZ_Anti-Virus.exe
GetRight 3.4.exe
Global DiVX Player 3.0.exe
Global DiVx Player.exe
Gothic 2 licence.exe
GotoMyPc.exe
Grokster.exe
GTA3 No CD Crack.exe
ICQ hacks.exe
ICQ Lite.exe
ICQ Pro 2003a beta.exe
iMesh 3.6.exe
iMesh 3.7b (beta).exe
iMesh.exe
IParmor.exe
kazaa 2 ++.exe
KaZaA Hack 2.5.0.exe
Kazaa Hack v2.1.exe
KaZaA Lite (New).exe
KaZaa Lite 1.7.2.exe
Kazaa Lite_Privacy_tool.exe
KaZaA Preview Extractor.exe
KaZooM MP3 Kazaa Accelerator.exe
K-Lite Codec_Pack 5.0.exe
l0pht crack.exe
Microsoft Internet Explorer SP1.exe
Microsoft_Products_Crack.exe
Morpheus.exe
MSN_Messenger 5.0.exe
NAV_2003 Crack.exe
Nero Burning ROM 6.7.8.1.exe
Nero Burning ROM_Keygen.exe
Net Pumper.exe
Never Winter Nights 4.3 crack.exe
Nimo Codec Pack.exe
Pop-Up Stopper.exe
Pornpasswords.exe
Privacy Defender.exe
pTrack FastTrack Manager 4.5.exe
QuickTime.exe
QuickTime_Pro_Crack.exe
RAM Booster.exe Free
RAM XP PRO.exe
Reg Scrub_XP.exe
Renegade_crack.exe
Serials_2003.exe
sof2 Crack.exe
Spam Alarm.exe
Spybot-Search & Destroy.exe
SWiSH.exe
Trillian Pro With Crack.exe
Virtua Girls.exe
Winamp 3.8.exe
Windows Media player 9.5b.exe
Windows_2000_Keygen.exe
Windows_XP_Activation_Crack.exe
Windows_XP_Keygen.exe
WinMX.exe
WinRAR 3.5b.exe
Winrar_Crack.exe
Winzip_Crack.exe
WS_FTP_LE.exe
XBox Emulator.exe
Yahoo Messenger.exe
ZoneAlarmPro_Crack.exe
W32/Sddrop-B can create the following KaZaA and iMesh registry entries in order to share the files it has dropped:
HKCU\Software\iMesh\Client\LocalContent\Dir\ HKCU\Software\KaZaA\LocalContent\Dir\
Both of these keys are set to point to "012345:C:\\wTemp32"
»www.sophos.com/virusinfo/analyse···opb.html
--
Gladiator Security Forum »www.gladiator-antivirus.com/
Missing Kids
»www.missingkids.com/ |
|
Name Game
Premium
join:2002-07-07
North Myrtle Beach, SC
| reply to EdjuMaKateMe
You told her to save her data ??? I would not save it on that PC. i would save it some place else and scan each file or folder before I put it back...if she does not she will just reinfect that PC.:(
--
Gladiator Security Forum »www.gladiator-antivirus.com/ Missing Kidshttp://www.missingkids.com/ |
|
John2g
Qui Tacet Consentit
Premium
join:2001-08-10
England
| reply to EdjuMaKateMe
This might help you remove it.
»nl.trendmicro-europe.com/enterpr···SDDROP.A
--
Better to remain silent and be thought a fool, than to speak and remove all doubt. |
|
Name Game
Premium
join:2002-07-07
North Myrtle Beach, SC
| said by John2g  :
This might help you remove it.
»nl.trendmicro-europe.com/enterpr···SDDROP.A
A2 will also remove it 
but isince that PC has sddrop.A because of how it spreads..it has other versions and not even worth cleaning..but he should find her a way to get the Microsoft updated for that OS safely as soon as she gets back on the Internet.
--
Gladiator Security Forum »www.gladiator-antivirus.com/ Missing Kidshttp://www.missingkids.com/ |
|
John2g
Qui Tacet Consentit
Premium
join:2001-08-10
England
| reply to EdjuMaKateMe
Please ask your Sister to take note of this.
This worm propagates via the Kazaa and the iMesh peer-to-peer file sharing networks. This worm cannot propagate on systems that do not have these file sharing applications installed.
--
Better to remain silent and be thought a fool, than to speak and remove all doubt. |
|
EdjuMaKateMe
join:2004-01-01
Marathon, ON
| reply to EdjuMaKateMe
Thanks for the replies
I sent the report to a2
I do not understand the deep cleaning of hard drive? I thought once the disk is reformated that would destroy everything? Should I have her fix the problems before reformating?
Her son uses Kazaa and I told him not use it anymore, now i will tell them not reinstall it period. Most of the worms a2 discovered are on the list for w32/Sddrop.
There is not much on the computer she has to save, a little bit of business data, pictures, and other odds and ends. She is going to save it on cd, but i will tell her to scan everything she saves (she will have to go back online as I did not load other antivirus software) and then reformat, reinstall OS, MS patches, programs, and a long list of security software. I have convinced them to use the firefox browser because neither are interesting in tweaking IE.
She has been internet for 3yrs now with very little in the way of protection, I hope this reformating will open their eyes. I have been nagging them for six months now and the a2 scan was the proof needed for her to to get her computer act together. |
|
