Welcome to SecurityForumz.com!
FAQFAQ   SearchSearch      ProfileProfile    Private MessagesPrivate Messages   Log inLog in

W32/Spybot.FS

  
   Security Forums (Home) -> Spybot S&D RSS
Related Topics:
HELP Worm: Spybot p2p gen with XP - Hello, my Anti - Virus found the Worm I deleted it three times in different files. It also attacked the restore system of XP. i deleted the restore files as described by symantec! But if I boot windows XP now, it says the last time I..

spybot.worm..help - I ran McAfee VirusScan today for the first time because I keep getting booted offline and I have I need help. McAfee doesn't seem to have a fix for it. Anybody else have any with this one. Any help will be great. ..

Spybot virus not detected - I ran across a post of a Lopez some type of malware). Nod32 and McAfee detected nothing. Kaspersky hit on as did Vet and a number of others. File submitted for analysis to all major AV..

Spybot-B - My AV software (Sophos) has detected Spybot-B on my machine. I've read that this is a virus that's spread by Kazzaa which I have running in the I'm I liable to get infected by it just because Kazaa was up and running?

Spybot S&D - I've just noticed an update is available for SpyBot S&D Just wondered if anyone has had problems this update? The program is seeing a download when I ask to download update though it is producing a HTTP/1.1 504 Gateway..
Next:  w32.spybot.worm  
Author Message
John Gawe

External


Since: Jan 23, 2006
Posts: 9



(Msg. 1) Posted: Mon Jan 23, 2006 1:30 pm
Post subject: W32/Spybot.FS
Archived from groups: alt>comp>virus (more info?)
Hi there,

anybody help with this one?

John

 >> Stay informed about: W32/Spybot.FS 
Back to top
Login to vote
John Gawe

External


Since: Jan 23, 2006
Posts: 9



(Msg. 2) Posted: Thu Jan 26, 2006 7:41 am
Post subject: Re: W32/Spybot.FS [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
"David H. Lipman" <DLipman~nospam~@Verizon.Net> schrieb im Newsbeitrag news:h0aBf.8388$Fb3.4256@trnddc08...
> From: "John Gawe" <wegasoft.RemoveThis@bigfoot.com>
>
> | Hi there,
> |
> | anybody help with this one?
> |
> | John
>
> Why didn't you return to the other post on the subject matter befor posting here ? I gave
> you a set of instructions and a tool to remove the SpyBot worm.
>
> Have you tried it yet ?

Well David, I did.
But it doesnīt work.
This s* is still here..

John

 >> Stay informed about: W32/Spybot.FS 
Back to top
Login to vote
John Gawe

External


Since: Jan 23, 2006
Posts: 9



(Msg. 3) Posted: Thu Jan 26, 2006 7:41 am
Post subject: Re: W32/Spybot.FS [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
"Art" <null.TakeThisOut@zilch.com> schrieb im Newsbeitrag news:g1t9t1pv5ds9oinhl012bqu5qobnfe3c4l@4ax.com...
> On Mon, 23 Jan 2006 13:30:07 +0100, "John Gawe" <wegasoft.TakeThisOut@bigfoot.com>
> wrote:
>
> >Hi there,
> >
> >anybody help with this one?
>
> There are detailed descriptions available, though I found I had to use
> a language translation service to translate from spanish to english.
> It looks pretty easy to remove manually. It's a rather old (2004)
> Trojan that is very likely to be handled by a number of antivirus
> products. Try the KASFX download from my web site. Let us know
> how its Kaspersky scan engine handles the infection, and what malware
> name(s) it finds.

KAV couldnīt help

John
 >> Stay informed about: W32/Spybot.FS 
Back to top
Login to vote
John Gawe

External


Since: Jan 23, 2006
Posts: 9



(Msg. 4) Posted: Fri Feb 03, 2006 9:51 am
Post subject: Re: W32/Spybot.FS [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
"David H. Lipman" <DLipman~nospam~@Verizon.Net> schrieb
> From: "John Gawe" <wegasoft.TakeThisOut@bigfoot.com>
>
>
> |
> | Well David, I did.
> | But it doesnīt work.
> | This s* is still here..

> What is the fully qualified name and path to the infected executable ?

I couldnīt find it jet.

> What software identified "W32/Spybot.FS" ?

There was no software.
I did a google search for "yyy.htm" - this is shown on every popup.
Google found a spanish-site.

See Arts answer above

Then I tried Xoftspy.
It found a trojan entry in the registry. Something like "TR/Drop.Parado.a.1"
I deleted the entry and the file.

But then I found 3 suspect dll files in "Win2000/System32":
Wierd filenames, like: 045785B145.dll size of 229 KB
But Hijackthis says: these are Systemfiles and put them in O20 =

O19 - User stylesheet hijack
O20 - AppInit_DLLs autorun Registry value, Winlogon Notify Registry keys
O21 - ShellServiceObjectDelayLoad (SSODL) autorun Registry key

When I try to delete one of these suspect dlls, they will be immediatly
back.

Still donīt know what to do.

John

John
 >> Stay informed about: W32/Spybot.FS 
Back to top
Login to vote
Display posts from previous:   
   Security Forums (Home) -> Spybot S&D All times are: Pacific Time (US & Canada) (change)
Page 1 of 1

 
 You can post new topics in this forum
You can reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



[ Contact us | Terms of Service/Privacy Policy ]