Does anyone know of this particular worm, & very importantly, what does it do?. Also where can I get a patch for it?, I got it trying to download Smiley Central, which I d/loaded for my previous PC, no trouble that time.

My anti-virus detected it, but couldn't eliminate it.

Maurice.

http://securityresponse.symantec.com/avcenter/venc/data/trojan.dropper.html Here is a link that explains that paticular trojan.

Thanks FeTaLDaMagE, [wow! by the way]

Welcome to Techspot, it's a great site, I 've had a LOT of help since I joined a year ago. Had problems for two months with a dodgy "techie" who mucked up a PC repair, got loads of advice on that, in the end, the repair was done by a third party, & it didn't cost me a penny,............cost the first party over £300 though, I'd like to think that "TS" put me on the right road in that instance.

Maurice.

Second time of asking, I really need to know what the Dropper type viruses do, the one I've got is Funweb 'A'
My anti-virus won't get rid, & I'm very anxious to know what the heck it's doing, someone told me that he thinks droppers let other trojan viruses in by "the back door", is he right?
Surely someone out there knows something about this, I do hope so!

Maurice

Firstly, it seems Funweb.A is not the "normal" name of the Virus (the one everyone remembers), as only Microsoft Anti Virus (RAV) has it on their listings.

This topic is #9 on Google for it, so...

What antivirus are you using?

And is it like this: http://www.webuser.co.uk/cgi-bin/fo...r=95247&page=0&view=collapsed&sb=5&o=93&part= where something is telling you to scan (but its not the anti virus tool itself)

Hello, MYOB, thanks for replying, I'm using AVG; free, downloaded version, how do you mean, "#9 on Google", you're young, I'm old, old, old, well, not THAT old perhaps, [see my profile]
& don't always pick up on modern cryptic statements, sorry!
I've followed up the web address leads TS members have suggested, & it seems this particular one is tricky & not easy to remove, as your suggested WebUser site states, thanks for that.
Do you know how long it stays, & most importantly, what it does?
The others know me, & know tht I've only been using a computer for a couple of years now, & am still "feeling my way" so to speak.

Maurice

9th response of Google Ireland to "Funweb.A"

If its a real virus, it'll stay for all eternity usually.

However, based on how few hits I got for it, I'm not sure its actually real. Have you got any suspicious processes in the Task Manager?

Have a look here, it explains quite a lot.
They also reference the Smiley-stuff you mentioned. Further there is a reference to Mywebsearch email plugin. You got that as well?

http://www.dslreports.com/forum/remark,10986302~mode=flat

Thanks, guys.

MYOB; nothing suspicious anywhere, as far as I can tell, didn't realise that it could be "not real", my AV says "virus detected" then does nothing, & won't let me enter the vault, [pointer becomes inactive]....weird, or what??

RBS; I'll try that site, thanks.

Maurice.

Well, it seems that I have another trojan, it says that it arrived via a "Mail returned to sender" email.
I remember getting this, but am sure that I deleted it straight away, without opening, i.e., I didn't "open" the envelope symbol.
Again, I ran a full search, on AVG, it completed the search, but again froze one bar from the end of the process of consigning it to the vault.

I suppose that the dropper could be "letting further viruses through the back door" ? or was it the Mail Returned email, I'm PRETTY sure I didn't open it, as the email content is all gobbledegook, & couldn't be a genuine email return.

I have a Mc Afee VirusScan 7.0 2003 edition disk, which I bought on the internet, there were no user install instructions etc., as it came unboxed, [it was only £9, from Dabs.com] so I went to their site & d/loaded the user guide, all 36 pages [there were 48, but I skipped the first 12, they were all about terms & conditions]

On reading through some of the pages, it says there could be some problems installiing on XP, good old XP, [again], has anyone installed this particular McAffee version, 7.0, & is so, was there any problem with XP?

I know, I know, problems don't just stop because you get a new PC.....DOH! I'm not stoopid!

Maurice.

Time to get rid of Outlook Express.
Surf over to http://www.pmail.com/
and download/install Pegasus V4.21c.
It is free, no ads and one of the most respected email-programs around.
Been using it for many years now, never a problem.

Stop using Internet Explorer as well and download/instal Mozilla's Firefox.

And while you are at it, see if www.utvinternet.com AKA www.u.tv) is available in your neck of the woods.
They have terrific virus- and antispam-filters on their system. Get your new free email-address there. I have used them since the last century (!) and I have yet to receive my first ever spam email!

I sstill have the Dropper Funweb 'A', trojan virus, I am told it's in the following file, here it is, in it's entirety;--

C;\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\4UUTHAOW\Smiley Central Initial Setup1.0.0.8 [1] exe

[1] Can anyone identify this file, & tell what sort of virus it is?

[2] If I go to "search", & type all this in, then when it's found, delete it, will this get rid of it?

Something tells me that it won't be that simple, am I correct?, 'spect that by deleting the whole thing, I could eliminate something or things essential to running my PC,

Maurice.

Your best bet is to just use Internet Explorer's Tool->options menu, and then choose "Delete files". That *should* clear it, but Windows has been known to be stupid.

You probably will not be able to access this file through explorer.

I will do a better lookup on the virus type later...

Hi,
I'm not sure whether anyone has suggested this to you or you may have tried it yourself already, but several anti-virus companies will allow you to scan your system remotely from their websites - (I'm not sure what their success rate is like for actually fixing any problems they find). Anyway here's a link to Panda antivirus online scan - it takes a while to execute.
http://www.pandasoftware.com/activescan/com/activescan_principal.htm

Good luck.

Hello Al,
Very strange this, I've just this minute come offline from d/loading Panda Active Scan!!, as you say, it takes quite a while, both to download & to scan, it seemed to do a thorough job, but it said "no virus detected" yet while it was scanning, a notice popped up stating "Funweb virus 'A' found, run AVG" as has happened before.
I'm not knocking Panda, several people, including you have recommended it, it just seems that this one is hard to detect, and hard to eliminate., but thanks anyway.

By the way, welcome to Techspot, it's a great site, Ive been a member for exactly ayear, & in that time the guys have helped me out of many a hole, they literally queue up with solutions.
So this is your first post on your first day!, have you looked round the site much yet? one section is a "must", the gallery, you can see their rigs in their homes, & even themselves at their PC's, "Olfartes" gallery site is good, with him in the picture.

All the best, Maurice. [have a look at my profile, I've just seen yours]

Maurice.. it should be noted that only one AV product should be running on a machine at a time. The programs sometimes detect each other, can cause system instability, can cause false positives... so many issues. You can run more than one scan on a machine- but you should only have one of them in the memory at a time. IE disable AVG before running the online scan.

Based on the information on AVG's site- the file itself may, or may not, be directly infected. It may however attempt to write infected files to your harddrive. How that can be true, I'm not sure- it's either infected or it's not.. *jeesh*

Another thing you can do is boot into safe mode and just delete all of the files in "Temporary internet files" That should get rid of it.

Yeah, I know, Goalie, my frustration is affecting you now! I didn't realise that one could affect the other, it's logical, I guess.
Forgive my ignorance, [again] but how do I boot into safe mode?

Aren't I a pain?
Maurice.

When starting up your PC, press F8 a few times, until a boot-menu shows up.
If you miss it, reboot again and keep pressing F8.
Select the safe-mode and do as Goalie suggested.

Alternatively, right-click on the Internet Explorer icon on your desktop, select Properties and click on "Delete Files", confirm and then click "Delete Cookies".
Confirm and click OK.
Check if that file is still there. If yes, do the afore-mentioned routine by Goalie.

Next time you go to TechSpot, you will have to sign in again, because the Techspot-cookie got deleted.

Hi Maurice,
Thanks for the welcome message, yes I've had a good look round already, thanks. Just thought I'd offer my 5penneth while I was trying to sus the correct forum for my questions . Sorry I ought to have mentioned you would have to disable AVG before running the Panda scan. I hope you've managed to delete your temporary Internet files and solve your problems by now.

Appeciate your getting back to me, technoheckno, no, haven't solved my problems yet, but I'm working on them, my latest pain is that my Outlook Express outgoing mail doesn't always get sent, it stays in my oubox, & might or might not go, the next time I use OE.

But I have turned on my XP firewall, I found out where to go to do it, at last!

Maurice