I'm running NAV and it keeps flagging up this file as possible adware
(specifically Gator).
C:\WINDOWS\Downloaded Program Files\HDPlugin1018.dll
The problem is I can't find this dll anywhere on my PC.
Any ideas?
I'm running NAV and it keeps flagging up this file as possible adware
(specifically Gator).
C:\WINDOWS\Downloaded Program Files\HDPlugin1018.dll
The problem is I can't find this dll anywhere on my PC.
Any ideas?
In <WjV3e.54095$9q3.4247682@phobos.telenet-ops.be>, CWatters wrote:
>I'm running NAV and it keeps flagging up this file as possible adware
>(specifically Gator).
>
>C:\WINDOWS\Downloaded Program Files\HDPlugin1018.dll
>
>The problem is I can't find this dll anywhere on my PC.
>
>Any ideas?
Have you changed the folder properties to display hidden files?
"Sharky" <sharky@hellsgates.cor> wrote in message
news:el8051dl93jqrbboqma0pjf59nubcj1fsp@4ax.com...
> In <WjV3e.54095$9q3.4247682@phobos.telenet-ops.be>, CWatters wrote:
>
> >I'm running NAV and it keeps flagging up this file as possible adware
> >(specifically Gator).
> >
> >C:\WINDOWS\Downloaded Program Files\HDPlugin1018.dll
> >
> >The problem is I can't find this dll anywhere on my PC.
> >
> >Any ideas?
>
> Have you changed the folder properties to display hidden files?
Yes done that and protected system files.
It seems to be repeatable. If I have NAV scan just that folder several times
it flags it every time but I can't see the file in there.
In <tyW3e.54177$OC.4100132@phobos.telenet-ops.be>, CWatters wrote:
>
>"Sharky" <sharky@hellsgates.cor> wrote in message
>news:el8051dl93jqrbboqma0pjf59nubcj1fsp@4ax.com.. .
>> In <WjV3e.54095$9q3.4247682@phobos.telenet-ops.be>, CWatters wrote:
>>
>> >I'm running NAV and it keeps flagging up this file as possible adware
>> >(specifically Gator).
>> >
>> >C:\WINDOWS\Downloaded Program Files\HDPlugin1018.dll
>> >
>> >The problem is I can't find this dll anywhere on my PC.
>> >
>> >Any ideas?
>>
>> Have you changed the folder properties to display hidden files?
>
>
>Yes done that and protected system files.
>
>It seems to be repeatable. If I have NAV scan just that folder several times
>it flags it every time but I can't see the file in there.
It could be a remnant of an infection that left behind a reference in
your registry. You should follow the advice given by David Lipman in
this thread - it's sound advice.
"Sharky" <sharky@hellsgates.cor> wrote in message
news:ckd0519kqbnla3l4ssq2qna4drl35mtmue@4ax.com...
> It could be a remnant of an infection that left behind a reference in
> your registry. You should follow the advice given by David Lipman in
> this thread - it's sound advice.
Thanks Sharky. See my reply to David for more.
From: "CWatters" <colin.watters@pandoraBOX.be>
| I'm running NAV and it keeps flagging up this file as possible adware
| (specifically Gator).
|
| C:\WINDOWS\Downloaded Program Files\HDPlugin1018.dll
|
| The problem is I can't find this dll anywhere on my PC.
|
| Any ideas?
|
It is there, it is a gatr file, and I spent a long time with a poster on this very topic in
alt.comp.anti-virus
Virus Total
Scan results
File: HDPlugin1019.dll
Date: 04/03/2005 01:16:52 (CET)
----
AntiVir 6.30.0.7/20050401 found nothing
AVG 718/20050401 found nothing
BitDefender 7.0/20050403 found nothing
ClamAV devel-20050307/20050402 found nothing
DrWeb 4.32b/20050402 found nothing
eTrust-Iris 7.1.194.0/20050402 found nothing
eTrust-Vet 11.7.0.0/20050401 found nothing
Fortinet 2.51/20050402 found [Adware/Gator]
F-Prot 3.16a/20050331 found nothing
Ikarus 2.32/20050401 found nothing
Kaspersky 4.0.2.24/20050403 found
[not-a-virus:AdWare.Gator.1019]
McAfee 4460/20050401 found nothing
NOD32v2 1.1044/20050402 found [Win32/Adware.DashBar.A]
Norman 5.70.10/20050331 found nothing
Panda 8.02.00/20050402 found [Adware/Gator]
Sybari 7.5.1314/20050403 found nothing
Symantec 8.0/20050402 found nothing
Dump the contents of the IE Temporary Internet Folder cache (TIF)
start --> settings --> control panel --> internet options --> delete files
1) Download the Sysclean Front End utility ( SYSCLEAN_FE ) in "Procedure 1"
at the following URL, SYSCLEAN_FE automates the download and
execution process of the Trend Sysclean Package.
http://www.ik-cs.com/got-a-virus.htm
Direct URL:
http://www.ik-cs.com/programs/virtools/Sysclean_FE.exe
Execute; SYSCLEAN_FE.EXE
Choose; Unzip
Choose; Close
Execute; c:\sysclean\SYSCLEAN_FE.BAT
{ or Double-click on 'SYSCLEAN_FE Link' in c:\sysclean }
When you get to the Sysclean Front End menu, hit 'e' or '3' to exit.
2) Download and install Ad-aware SE (free personal version v1.05)
http://www.lavasoftusa.com/
3) Update Adaware with the latest definitions then exit the software.
4) If you are using WinME or WinXP, disable System Restore
http://vil.nai.com/vil/SystemHelpDoc...SysRestore.htm
5) Reboot your PC into Safe Mode and shutdown as many applications as possible
6) Using the Trend Sysclean and Ad-aware SE utilities, perform a Full Scan of your
platform and clean/delete any infectors found
7) Restart your PC and perform a "final" Full Scan of your platform using both Trend
Sysclean and Ad-aware SE
8) If you are using WinME or WinXP, re-enable System Restore and re-apply any
System Restore preferences, (e.g. HD space to use suggested 400 ~ 600MB),
9) Reboot your PC.
10) If you are using WinME or WinXP, create a new Restore point
* * * Please report back your results * * *
--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm
"David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message
news:jSV3e.3447$Tm5.2744@trnddc07...
> It is there, it is a gatr file, and I spent a long time with a poster on
this very topic in
> alt.comp.anti-virus
Thanks I will have a go at your suggestion for removal.
I did manage to find the file eventually by exploring from the command line
(eg Run -> cmd). Not sure why explorer can't see it though.
There are some other files (about 10) in that folder that explorer doesn't
list - I guess I had better run some web searches to see if those are also
suspect.
For info the following programs had also been updated and tried::
NAV - found gator in that file only
Spybot S&D - clean
PestPatrol - clean
Microsoft Antispyware Beta - clean
She's also been running SpywareBlaster and SpywareGuard for some time.
How may of these programs does it take to keep a PC clean?
In <tgX3e.54225$ve2.3938425@phobos.telenet-ops.be>, CWatters wrote:
>
>I did manage to find the file eventually by exploring from the command line
>(eg Run -> cmd). Not sure why explorer can't see it though.
>
>There are some other files (about 10) in that folder that explorer doesn't
>list - I guess I had better run some web searches to see if those are also
>suspect.
This is usually a result of what is known as a "rootkit". Rootkits
can hide files from the Windows API and quite often from anti-virus
and anti-scumware removers. If you're interested in finding out more
about rootkits you can got to the Sysinternals site and read up on
their Rootkit Revealer - which is also a free downloadable program
that works well.
http://www.sysinternals.com/ntw2k/fr...itreveal.shtml
Microsoft also has procedures for revealing files hidden by rootkits,
but they are much more involved than using the Sysinternal utility.
There are, however, kernal rootkits that may not allow you to reveal
the files without using the Microsoft method.
>For info the following programs had also been updated and tried::
>
>NAV - found gator in that file only
>Spybot S&D - clean
>PestPatrol - clean
>Microsoft Antispyware Beta - clean
>
>She's also been running SpywareBlaster and SpywareGuard for some time.
>
>How may of these programs does it take to keep a PC clean?
All of them. Your best defense against being infected is to use a
"layered" approach, which involves using many programs from different
vendors - what one doesn't find another hopefully will.
"Sharky" <sharky@hellsgates.cor> wrote in message
news:adh051hi45n5cm47vdkuao073v3kna1168@4ax.com...
> All of them. Your best defense against being infected is to use a
> "layered" approach, which involves using many programs from different
> vendors - what one doesn't find another hopefully will.
Yes I know, problem is the stuff is still getting in!
"David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message
news:jSV3e.3447$Tm5.2744@trnddc07...
> From: "CWatters" <colin.watters@pandoraBOX.be>
> 1) Download the Sysclean Front End utility ( SYSCLEAN_FE ) in
"Procedure 1"
> at the following URL, SYSCLEAN_FE automates the download and
> execution process of the Trend Sysclean Package.
> http://www.ik-cs.com/got-a-virus.htm
Humm. Any idea why Trend would modify my hosts file with....
213.222.11.11 auto.search.msn.com
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
Reply With Quote