Welcome to SecurityForumz.com!
FAQFAQ      ProfileProfile    Private MessagesPrivate Messages   Log inLog in

trojan problem

  
   Security Forums (Home) -> General Discussions RSS
Next:  Can't get rid of Trojan horse Backdoor  
Author Message
bumblebee

External


Since: Nov 13, 2004
Posts: 2



(Msg. 1) Posted: Sat Nov 13, 2004 8:05 pm
Post subject: trojan problem
Archived from groups: alt>comp>anti-virus (more info?)
Norton just downloaded the latest refresh with LiveUpdate and
immediately flagged a file called wincvs0.dll as a backdoor trojan,
couldn't quarantine, couldn't repair and couldn't delete. Upon
reboot, it's now detecting a file called wincvs1.dll and wincvs0 has
disappeared. It behaves as above with no delete possible. Norton
"knowledge base" doesn't show anything about that file and a search on
the internet doesn't reveal anything about any file called "wincvs".
a search of the registry finds it in 2 places under userkey. In one
location it is listed along with several other files that were
downloaded off the internet and at the other location it is listed at
HKEY_USERS\S-1-5-21-336809978-847386435-1484400983-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\dll
with the entries:
Name: a
Type REG_SZ
Data: C:\WINDOWS\wincvs1.dll

and
Name: MRUList
Type: REG_SZ
Data: a

Anybody know what is going on and how to delete this beastie? Any
suggestions??
thanks,
bumblebee

 >> Stay informed about: trojan problem 
Back to top
Login to vote
Sir_George

External


Since: Jul 14, 2004
Posts: 22



(Msg. 2) Posted: Sat Nov 13, 2004 8:05 pm
Post subject: Re: trojan problem [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
Bumblebee,

I did a search using www.groups.google.com on the keyword "wincvs" and had
14,300 hits. You might want to give it another try and review the results.

--
Sir_George


"bumblebee" <nospamoldchevy.RemoveThis@rock.com> wrote in message
news:ekpcp0l41k1kou4ik2d3dnho6k5up1sfri@4ax.com...
> Norton just downloaded the latest refresh with LiveUpdate and
> immediately flagged a file called wincvs0.dll as a backdoor trojan,
> couldn't quarantine, couldn't repair and couldn't delete. Upon
> reboot, it's now detecting a file called wincvs1.dll and wincvs0 has
> disappeared. It behaves as above with no delete possible. Norton
> "knowledge base" doesn't show anything about that file and a search on
> the internet doesn't reveal anything about any file called "wincvs".
> a search of the registry finds it in 2 places under userkey. In one
> location it is listed along with several other files that were
> downloaded off the internet and at the other location it is listed at
>
HKEY_USERS\S-1-5-21-336809978-847386435-1484400983-1005\Software\Microsoft\W
indows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\dll
> with the entries:
> Name: a
> Type REG_SZ
> Data: C:\WINDOWS\wincvs1.dll
>
> and
> Name: MRUList
> Type: REG_SZ
> Data: a
>
> Anybody know what is going on and how to delete this beastie? Any
> suggestions??
> thanks,
> bumblebee
>

 >> Stay informed about: trojan problem 
Back to top
Login to vote
bumblebee

External


Since: Nov 13, 2004
Posts: 2



(Msg. 3) Posted: Sun Nov 14, 2004 4:53 am
Post subject: Re: trojan problem [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
OK, well, I guess I actually searched for wincvs1.dll and wincvs2.dll.
and it comes up with 0 hits on the couple of search engines just
tried, including google. WinCvs appears to be some sort of program
that I don't have.
thanks,
bumblebee

On Sat, 13 Nov 2004 15:42:19 -0700, "Sir_George"
<Sir_George RemoveThis @mailinator.com> wrote:

>Bumblebee,
>
>I did a search using www.groups.google.com on the keyword "wincvs" and had
>14,300 hits. You might want to give it another try and review the results.
 >> Stay informed about: trojan problem 
Back to top
Login to vote
Display posts from previous:   
Related Topics:
Spyware/Trojan Problem? - "Privacy Report" icon (looks like eye with do not enter sign) shows intermittently on IE6 task bar during internet session in several web sites (including my yahoo home page). Does it mean my computer/browser is being tracked/hijacked or has a ...

massive problem with Trojan on Broadband - I've just upgraded to Broadband with NTLWorld (the above E-mail address is no longer valid), and have been bombarded with viruses. One is Downloader.VB.3A and the other is Sec.Thought.F. They have infected Internet Explorer files and appear also to have....

Mplayer2.exe and Download.Trojan problem - Esteemed Virus Gurus :-) I have been running NAV on an installation of Win2k, now with SP4, for almost two years. I cannot remember installing WMP and I was not interested in it. Meantime I ran NAV at least every week on the drive. A couple of weeks ag...

Mplayer2.exe and Download.Trojan problem - Esteemed Virus Gurus :-) I have been running NAV on an installation of Win2k, now with SP4, for almost two years. I cannot remember installing WMP and I was not interested in it. Meantime I ran NAV at least every week on the drive. A couple of weeks ag...

Reboot PC problem (spyware), help! - Hi, after AD-Aware has run and after I having deleted some dangerous files: Actalert.exe, Internet Optimizer, manage.exe, etc. when I make the reboot of my PC Start/turn off, manage.exe my PC doesn't reboot correctly anymore but when I go to Start/turn....
   Security Forums (Home) -> General Discussions All times are: Pacific Time (US & Canada) (change)
Page 1 of 1

 
 You can post new topics in this forum
You can reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



[ Contact us | Terms of Service/Privacy Policy ]