If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
Thread Tools | Display Modes |
#1
|
|||
|
|||
Two Bugs within days
hi all,,,,, win98se.
Gekko not feeling sprite at the moment, Oz is being delivered with 'bugs';; some affecting humans, and some affecting comps. I got a 'schnnnnozz' that is red-raw, eyes that are dripping, & blah. Folks, I just found 90% of my icons 'tampered' with, and Spybot tells me I have 'Vcodec.emedia' followed by Avast telling me something similar. (it got recognised as: - eCodec-v4.148.exe) Neither of the two seem married, as Spybot is telling me all of the crap I have is already in the registry.(6 entries) Avast on the other hand is telling me it is from something that is in 'my downloads' folder on the d/top, of which there is an entry as if I d/loaded this 'thang'. (as if) I have been checked it out via google but would rather have one of you assist, especially as it is already in the registry. I am still on dial up and still having problems, but I dont want to disconnect while I have the connection active as I would rather get a response here prior to disconnecting or shutting down before bed. I hope (although, I dont) that one of you guys have had to deal with this and can enlighten me. (i'm really too pooped to deal with this right now, so a helping hand would'nt go astray)(I also dont want to shut down the comp' or disconnect in case this trojan infiltrates further due to a re-boot.) help! Gekko |
#2
|
|||
|
|||
Two Bugs within days
Also, in Avasts Log (xml) it shows my trojan as being:::::
"VirusWin32:Zlob-CP" Gekko sniff........ "Gekko" wrote in message ... hi all,,,,, win98se. Gekko not feeling sprite at the moment, Oz is being delivered with 'bugs';; some affecting humans, and some affecting comps. I got a 'schnnnnozz' that is red-raw, eyes that are dripping, & blah. Folks, I just found 90% of my icons 'tampered' with, and Spybot tells me I have 'Vcodec.emedia' followed by Avast telling me something similar. (it got recognised as: - eCodec-v4.148.exe) Neither of the two seem married, as Spybot is telling me all of the crap I have is already in the registry.(6 entries) Avast on the other hand is telling me it is from something that is in 'my downloads' folder on the d/top, of which there is an entry as if I d/loaded this 'thang'. (as if) I have been checked it out via google but would rather have one of you assist, especially as it is already in the registry. I am still on dial up and still having problems, but I dont want to disconnect while I have the connection active as I would rather get a response here prior to disconnecting or shutting down before bed. I hope (although, I dont) that one of you guys have had to deal with this and can enlighten me. (i'm really too pooped to deal with this right now, so a helping hand would'nt go astray)(I also dont want to shut down the comp' or disconnect in case this trojan infiltrates further due to a re-boot.) help! Gekko |
#3
|
|||
|
|||
Two Bugs within days
Damm, I really am off-peek at the moment.
Just thought I'd also mention that ' it ' is also in add/rem as 'eMedia Codec 4.0'. I dont want to start any deleting or removing til I hear from here first. Sorry for the branching info, i'm just not with it at the moment. Gekko "Gekko" wrote in message ... hi all,,,,, win98se. Gekko not feeling sprite at the moment, Oz is being delivered with 'bugs';; some affecting humans, and some affecting comps. I got a 'schnnnnozz' that is red-raw, eyes that are dripping, & blah. Folks, I just found 90% of my icons 'tampered' with, and Spybot tells me I have 'Vcodec.emedia' followed by Avast telling me something similar. (it got recognised as: - eCodec-v4.148.exe) Neither of the two seem married, as Spybot is telling me all of the crap I have is already in the registry.(6 entries) Avast on the other hand is telling me it is from something that is in 'my downloads' folder on the d/top, of which there is an entry as if I d/loaded this 'thang'. (as if) I have been checked it out via google but would rather have one of you assist, especially as it is already in the registry. I am still on dial up and still having problems, but I dont want to disconnect while I have the connection active as I would rather get a response here prior to disconnecting or shutting down before bed. I hope (although, I dont) that one of you guys have had to deal with this and can enlighten me. (i'm really too pooped to deal with this right now, so a helping hand would'nt go astray)(I also dont want to shut down the comp' or disconnect in case this trojan infiltrates further due to a re-boot.) help! Gekko |
#4
|
|||
|
|||
Two Bugs within days
Trojan.Emcodec
http://securityresponse.symantec.com...n.emcodec.html Trojan.Emcodec is a Trojan horse that drops and executes a copy of Trojan.Zlob.J. The Trojan is an installer for eMediaCodec that is a codec for Windows Media Player. Trojan.Zlob.J http://securityresponse.symantec.com...an.zlob.j.html Trojan.Zlob.J is a back door Trojan that allows the remote attacker to perform various malicious actions on the compromised computer. Troj/Zlob-CP http://www.sophos.com/virusinfo/anal...rojzlobcp.html -- Brian A. Sesko { MS MVP_Shell/User } Conflicts start where information lacks. http://basconotw.mvps.org/ Suggested posting do's/don'ts: http://www.dts-l.org/goodpost.htm How to ask a question: http://support.microsoft.com/kb/555375 "Gekko" wrote in message ... hi all,,,,, win98se. Gekko not feeling sprite at the moment, Oz is being delivered with 'bugs';; some affecting humans, and some affecting comps. I got a 'schnnnnozz' that is red-raw, eyes that are dripping, & blah. Folks, I just found 90% of my icons 'tampered' with, and Spybot tells me I have 'Vcodec.emedia' followed by Avast telling me something similar. (it got recognised as: - eCodec-v4.148.exe) Neither of the two seem married, as Spybot is telling me all of the crap I have is already in the registry.(6 entries) Avast on the other hand is telling me it is from something that is in 'my downloads' folder on the d/top, of which there is an entry as if I d/loaded this 'thang'. (as if) I have been checked it out via google but would rather have one of you assist, especially as it is already in the registry. I am still on dial up and still having problems, but I dont want to disconnect while I have the connection active as I would rather get a response here prior to disconnecting or shutting down before bed. I hope (although, I dont) that one of you guys have had to deal with this and can enlighten me. (i'm really too pooped to deal with this right now, so a helping hand would'nt go astray)(I also dont want to shut down the comp' or disconnect in case this trojan infiltrates further due to a re-boot.) help! Gekko |
#5
|
|||
|
|||
Two Bugs within days
Thanks brian,
I went to all three links; the first two were the same page and the third gave a little bit of info. Thing is, the first two are assuming I have Symantec installed, and they tell what to do regarding using their product, and the third says nothing about removal of the trojan. My antiV is Avast. Any ideas on how to get rid of it brian? Gekko "Brian A." gonefish'n@afarawaylake wrote in message ... Trojan.Emcodec http://securityresponse.symantec.com...n.emcodec.html Trojan.Emcodec is a Trojan horse that drops and executes a copy of Trojan.Zlob.J. The Trojan is an installer for eMediaCodec that is a codec for Windows Media Player. Trojan.Zlob.J http://securityresponse.symantec.com...an.zlob.j.html Trojan.Zlob.J is a back door Trojan that allows the remote attacker to perform various malicious actions on the compromised computer. Troj/Zlob-CP http://www.sophos.com/virusinfo/anal...rojzlobcp.html -- Brian A. Sesko { MS MVP_Shell/User } Conflicts start where information lacks. http://basconotw.mvps.org/ Suggested posting do's/don'ts: http://www.dts-l.org/goodpost.htm How to ask a question: http://support.microsoft.com/kb/555375 "Gekko" wrote in message ... hi all,,,,, win98se. Gekko not feeling sprite at the moment, Oz is being delivered with 'bugs';; some affecting humans, and some affecting comps. I got a 'schnnnnozz' that is red-raw, eyes that are dripping, & blah. Folks, I just found 90% of my icons 'tampered' with, and Spybot tells me I have 'Vcodec.emedia' followed by Avast telling me something similar. (it got recognised as: - eCodec-v4.148.exe) Neither of the two seem married, as Spybot is telling me all of the crap I have is already in the registry.(6 entries) Avast on the other hand is telling me it is from something that is in 'my downloads' folder on the d/top, of which there is an entry as if I d/loaded this 'thang'. (as if) I have been checked it out via google but would rather have one of you assist, especially as it is already in the registry. I am still on dial up and still having problems, but I dont want to disconnect while I have the connection active as I would rather get a response here prior to disconnecting or shutting down before bed. I hope (although, I dont) that one of you guys have had to deal with this and can enlighten me. (i'm really too pooped to deal with this right now, so a helping hand would'nt go astray)(I also dont want to shut down the comp' or disconnect in case this trojan infiltrates further due to a re-boot.) help! Gekko |
#6
|
|||
|
|||
Two Bugs within days
Brian, and any others that pick up on this thread.
I have registered at TomCoyotes forum in order to try and remove the offender, but, as has been stated, it can be a while before someone answers as they are snowed under with people with virii. I am just wondering if it would be safe for me to use add/rem to start the removal process as there is an entry in there;; In fact, here is an updated complete list of where it has been found. There are 4 entries in the registry:-- Hkey_local_machine\software\microsoft\windows\curr entversion\uninstall\eMedi a Codec. Hkey_classes_root\clsid\{6BF52A52-394A-11D3-B153-00C04F79FAA6} Hkey_classes_root\EMediaCodec.Chl Hkey_local_machine\software\microsoft\windows\curr entversion\app paths\ecodec.exe. Next, there is new folder under C:\Programs called eMedia Codec and it has one file in it of which is an Uninstal.exe. I do not mess around in the registry at all, its all 'look but dont touch' to me. Anyone know if I am okay to do a Remove from add\rem? or will this fire up an .exe somewhere else on my comp. (At symantecs site, they tell me that all sorts of other files have placed themselves on my comp', but I'm really not sure.) Gekko |
#7
|
|||
|
|||
Two Bugs within days
Gekko wrote:
Thanks brian, I went to all three links; the first two were the same page and the third gave a little bit of info. Thing is, the first two are assuming I have Symantec installed, and they tell what to do regarding using their product, and the third says nothing about removal of the trojan. My antiV is Avast. Any ideas on how to get rid of it brian? Since your AV program finds it, why not let it remove it? -- dadiOH ____________________________ dadiOH's dandies v3.06... ....a help file of info about MP3s, recording from LP/cassette and tips & tricks on this and that. Get it at http://mysite.verizon.net/xico |
#8
|
|||
|
|||
Two Bugs within days
Since your AV program finds it, why not let it remove it?
dadiOH ____________________________ because it only recognised a small part of it. Gekko |
#9
|
|||
|
|||
Two Bugs within days
On Sat, 10 Jun 2006 21:07:49 +0930, "Gekko" put
finger to keyboard and composed: Since your AV program finds it, why not let it remove it? dadiOH ____________________________ because it only recognised a small part of it. Gekko As long as that small part includes all the executables, then I don't see the problem. At worst you will end up with orphaned registry entries or superfluous folders. I would read the technical discussions for each of the viral entities identified in Brian's post and then remove those things added by them. http://securityresponse.symantec.com...n.emcodec.html Delete these files: %Program files%\eMedia Codec\ecodec.exe %Program files%\eMedia Codec\uninst.exe %System%\dfrgsrv.exe Using regedit.exe. navigate to the subkey: HKEY_CLASSES_ROOT\EMediaCodec.Chl\CLSID In the right pane, delete the value: "" = "{6BF52A52-394A-11D3-B153-00C04F79FAA6}" Navigate to and delete the following subkeys: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall\eMedia Codec HKEY_CLASSES_ROOT\EMediaCodec.Chl http://securityresponse.symantec.com...an.zlob.j.html Delete this file: %System%\dfrgsrv.exe In the registry, navigate to the subkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\policies\explorer\run In the right pane, delete the value: "wininet.dll" = "dfrgsrv.exe" http://www.sophos.com/virusinfo/anal...rojzlobcp.html Delete this file: System\ncompat.tlb In the registry, navigate to the subkey: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\explorer\run In the right pane, delete the value: kernel32.dll pathname of the Trojan executable If the files or registry keys differ between Win9x and other Windows versions, then I would search the registry or hard drive for the respective files and registry data. - Franc Zabkar -- Please remove one 'i' from my address when replying by email. |
#10
|
|||
|
|||
Two Bugs within days
Without repeating what others mention. Although if you are working on it with help
from a nasties forum, continue along with them and: What frank said! -- Brian A. Sesko { MS MVP_Shell/User } Conflicts start where information lacks. http://basconotw.mvps.org/ Suggested posting do's/don'ts: http://www.dts-l.org/goodpost.htm How to ask a question: http://support.microsoft.com/kb/555375 "Gekko" wrote in message ... Since your AV program finds it, why not let it remove it? dadiOH ____________________________ because it only recognised a small part of it. Gekko |
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
WIN98se Defrag taking days? | Robert Feigel | Improving Performance | 7 | May 8th 06 12:22 PM |
Bugs in ME | Kamil Dudek | General | 7 | July 23rd 05 01:11 AM |
The world is really unstable these days...... | [email protected] | General | 1 | May 16th 05 05:02 AM |
The world is really unstable these days...... | [email protected] | General | 0 | May 16th 05 04:25 AM |
!! We have Juvio: Computer Glitches? Rent your own tech. 24 hours a day, 7 days a week | General | 0 | November 3rd 04 06:18 AM |