Anon | c:\windows\explorer\explorer.exe anyone know what these first 2 things are?
dlder and adp on right side of registry
screenshot here
»chevys.50megs.com/registry.jpg
the dlder tried connecting to DNS but i said no... its aldo 31KB so i know its not the right explorer.exe... i disabled both and system is fine and i also submitted them to trend micro.
--
Gas Prices Rise and fall but it still burns the same..... |
|
davePremium,MVM
join:2000-05-04
not in ohio
kudos:7 Reviews:
 ·Verizon FiOS
 ·Verizon Online DSL
| The 'explorer' thing looks highly suspicious. Normally, there is no directory called \windows\explorer. Someone's trying hard to hide what they're doing.
The 'adp' entry corresponds to a normal-looking app called 'adp' -- i.e., it's in the usual Program Files directory, etc., so it's not trying hard to hide. I don't know what it is, though.
--
dave |
|
Anon | reply to Anon
the adp thing has a folder but no sub dolder named bin in it (i have show all files checked) and the main adb folder is empty
--
Gas Prices Rise and fall but it still burns the same..... |
|
 tklown
join:2000-09-17
Sayreville, NJ | reply to Anon
That is a trojan or something I'm quite sure, the command for Explorer bootup is in the system.ini
--
"Never fight with idiots.They drag you down to their level and beat you with experience" |
|
Anon | reply to Anon
[boot]
oemfonts.fon=vgaoem.fon
shell=Explorer.exe
system.drv=system.drv
drivers=mmsystem.dll power.drv
user.exe=user.exe
gdi.exe=gdi.exe
sound.drv=mmsound.drv
dibeng.drv=dibeng.dll
comm.drv=comm.drv
mouse.drv=mouse.drv
keyboard.drv=keyboard.drv
*DisplayFallback=0
fonts.fon=vgasys.fon
fixedfon.fon=vgafix.fon
386Grabber=vgafull.3gr
display.drv=pnpdrvr.drv
only spot i find it loading from is the RUN key from the registry
--
Gas Prices Rise and fall but it still burns the same..... |
|
 rawWar EaglePremium
join:2001-01-17
Madison, AL | said by snertbasher:
[boot]
oemfonts.fon=vgaoem.fon
shell=Explorer.exe
That one is normal. The other one is likely a virus or trojan.
--
Go Bengals, even though they can't beat anybody. |
|
|
|
| could be some sort of spyware - run adaware on that sucker and let us know if that removed it.
»www.lavasoft.de
--
let us go forward, not backwards! upwards, not forwards. and twirling, twirling, twirling towards freedom! |
|
| reply to Anon
AVP 3.0 Daily Update
Trojan.Win32.Dlder
Last update: 23.12.2001
It is a new one AVP3.0 already has it as an update |
|
Anon | said by New Years:
AVP 3.0 Daily Update
Trojan.Win32.Dlder
Last update: 23.12.2001
It is a new one AVP3.0 already has it as an update
c:\WINDOWS\EXPLORER\EXPLORER.EXE infected: Trojan.Win32.Dlder
[c:\PROGRA~1\TRENDP~1\QUARAN~1\1244.TMP infected: Trojan.Win32.Dlder
c:\PROGRA~1\TRENDP~1\QUARAN~1\VDOC\PCC6VDOC.ZIP archive: ZIP infected: Trojan.Win32.Dlder] quarantined files
sure is that one.... now where did i get it? and whats it do?
i quarantined the file after i found it in startup then started asking around
--
Gas Prices Rise and fall but it still burns the same..... |
|
| Have you been snertbashing on mIRC ? |
|
Anon | said by New Years:
Have you been snertbashing on mIRC ?
lol yep but dcc is off unless mp3 or zip but usually only go in 1 channel..... looks like a fairly new trojan cause i cant find anything about it...only things i have downloaded in last week or so is limewire 2.02 and netscape 4.79 & outlook has the preview pane shutoff
--
Gas Prices Rise and fall but it still burns the same..... |
|
| May I suggest it is a holiday out there and you are the party. Lots of games being played, you know the real games with a neat tool kit between friend and if you are not one of them, you just happened to be on the wrong channel.
The guys playing the game are trying to attack and knock out each other. What you call a Help Me, they call got ya, and the other players counter attack or protect themselves.
So be careful. they have two killer blows out there that will end you up off the net for a long time.
The main danger of most now are a virus that is "a fashionable" virus in the networks of chat of the IRC,spreading via IRC channels
Some have worm searches in subdirectories of the current disk the file MIRC.INI and overwrites it with a new script that sends this EXE file to each user who joins the infected channel.
Sprend the word, but not by IRC, I figure they will make 1000 new types between now and 1jan 2002. They do not have much else to do this holiday and they are all over the world doing it.
Merry Christmas ex G.R boy here, how do you like that snow...
I have not pulled Dlder apart yet, who care just dump it.
Do you have any of these out there, if so IM me one By muskegon.
»www.lakemichigancam.com/
[text was edited by author 2001-12-24 20:54:38] |
|
Anon
| like i said only files that get accepted are zip and mp3 then it asks for me to download..
PS the snow sucks although they are forecasting another foot
cam is on loan right now
[text was edited by author 2001-12-24 20:57:35] |
|
| Hey I an not the internet police  I am telling you were IT is, maybe they found out how to put it on the toilet seat.
Better get that black ice looking both ways.
[text was edited by author 2001-12-24 21:17:43] |
|
 ExidorPremium
join:2001-05-04
Brampton, ON | reply to Anon
I have read that Grokster and Kazaa now install that same crap.
I would not be surprised if Limewire is the culprit here.
Lavasoft Forum Topic: grokster has spyware, or something |
|
| I think that is a winner, oem2. and not alone by any means.
Who needs all that competition anyway!
[text was edited by author 2001-12-25 02:01:55] |
|
