Results 1 to 5 of 5

Thread: not-a-virus This thing is killing me, HELP!

  1. #1
    spanko Guest

    Default not-a-virus This thing is killing me, HELP!

    Infectionnot-a-virus:AdWare.Win32.Trymedia.b
    PathC:\Documents and Settings\Jay\My Documents\Beachhead 2002 Install\BeachHead2002-dm.exe
    Days in Quarantine1

    So, after many ZA scans in which several different not-a-virus files were detected and deleted only to reappear after a restart I became very frustrated. Has anyone had this problem??As you can see from the above I have one file in quarantine. I'm in desktop recovery mode now. I get a script error when I try to restore my active desktop. In the ZA virus quarantine section I clicked more info and a link popped up saying it (not-a-virus) was powered by Kaspersky, which didn't help. I did a google search on not-a-virus and found this, which I am pasting:



    ==================(This helped)==================not-a-virus:AdWare.Cydoor

    Aliasesnot-a-virus:AdWare.Cydoor
    (Kaspersky Lab) is also known as: Spyware/Cydoor
    (Panda) Detection addedMay 09 2005 13:38 GMTDescription addedMay 12 2005Behaviornot-a-virus:AdWare<a target="_blank">Technical details</a>

    The program normally contains the following files:<pre>cd_clint.dll cd_load.exe cd_htm.dll cd_swf.dll iMesh.ex</pre>

    The cd_clint.dll file provides the main functionality. The program is capable of working with P2P networks such as Kazaa and Imesh.

    The program creates the following registry keys:<pre>[HKEY_LOCAL_MACHINE\Software\Cydoor][HKEY_USERS\.DEFAULT\Software\Cydoor][HKEY_USERS\.DEFAULT\Software\Cydoor Services] [HKEY_CURRENT_USER\Software\CydoorServices] [HKEY_CURRENT_USER\Software\Cydoor]</pre>

    It works with the following Internet servers:<pre>www.cmsN.netwww.bnsN.netwww.rgsN.net</pre>

    (In all of these names, N will be replaced by a value between 1 and 4)

    The list of servers contacted may be added to as the program runs.

    ====================

    I clicked Start, then Search, and searched for and deleted the following files:

    cd_clint.dll
    cd_load.exe
    cd_htm.dll
    cd_swf.dll
    iMesh.ex

    Next, I opened regedit and searched for all entries containing panda, not-a-virus, cydoor, and kaspersky. I deleted any entries that were found.

    Hmmm, well I'll try another restart and see what happens.....

    Operating System:Windows XP Home Edition
    Product Name:ZoneAlarm (Free)
    Software Version:7.0

  2. #2
    spanko Guest

    Default Re: not-a-virus This thing is killing me, HELP!

    After a restart all seems to be running smoothly so far. I may very well have repaired the problem before help could arrive. The &quot;not-a-virus&quot; virus was reeking havoc on my wife's system and I had to
    format C: My ZA settings are much tighter but I mysteriously got the same virus as well. Perhaps through my wireless router? Well, I may have got this bug beaten. These things have a way of reinstalling themselves.
    Has anyone else encountered the &quot;not-a-virus&quot; bug?
    Spanko

  3. #3
    Join Date
    Dec 2005
    Posts
    9,057

    Default Re: not-a-virus This thing is killing me, HELP!

    This would not have entered the router or the firewall by itself. It would have been downloaded and installed probably by the user. The security applications may have even popped up with alerts and they may have been ignored.

    http://www.spywareguide.com/product_show.php?id=7

    http://en.wikipedia.org/wiki/Cydoor

    The malware is involved in shady software installations or P2P application.

    Oldsod
    Best regards.
    oldsod

  4. #4
    spanko Guest

    Default Re: not-a-virus This thing is killing me, HELP!



    I checked out your links, Oldsod. Thanks for them. I still am having a problem though. I'm sure you're right and that I unknowingly allowed this bug in my system (by clicking allow). I can tell you though that there was never a ZA prompt asking about panda, cydoor, kasperski, or not-a-virus. So whatever discreet file name this thing came in under I can't tell you. But I can tell you that this thing has changed and ZA doesn't detect it.

    A search found these panda files. The top
    two being the worst I believe. I delete them and they return.

    http://img227.imageshack.us/img227/3...eenshotnx3.png




    When I start my computer and my tray icons start loading I get a Data Execution Prevention - Microsoft Windows error. It prevents windows explorer from opening. I click close and then my desktop icons disappear for second as well as my tray icons and my tray icons reload.
    Meanwhile a Send Error Report message pops up. After I click send or don't send then ZA blocks Dr Watson Postmortem Debugger.

    I suspect this is related to other problems I have such as intermittent slowness and problems connecting to my LAN/WAN.

    What should I do?

  5. #5
    spanko Guest

    Default Re: not-a-virus This thing is killing me, HELP!

    Panda is in my registry! If I delete panda registry values they just immediately return either with the same file names or different ones. I can't delete panda, grr! Now when I open regedit I get a ZA Suspicious
    Behavior prompt. Not sure what it means.
    Registry Editor is trying to launch C:\WINDOWS\system32\dumprep.exe, or use another program to gain acccess to privileged resources.Application: regedit.exe
    If I click deny then registry editer closes. I haven't and won't click allow. This thing is evil!

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •