Trojan Worm "Dropper Funweb "A"

By Maurice
Aug 7, 2004
Topic Status:
Not open for further replies.
  1. Does anyone know of this particular worm, & very importantly, what does it do?. Also where can I get a patch for it?, I got it trying to download Smiley Central, which I d/loaded for my previous PC, no trouble that time.

    My anti-virus detected it, but couldn't eliminate it.

    Maurice.
  2. FeTaLDaMagE

    FeTaLDaMagE Newcomer, in training Posts: 53

  3. Maurice

    Maurice Banned Topic Starter Posts: 653

    Thanks FeTaLDaMagE, [wow! by the way]

    Welcome to Techspot, it's a great site, I 've had a LOT of help since I joined a year ago. Had problems for two months with a dodgy "techie" who mucked up a PC repair, got loads of advice on that, in the end, the repair was done by a third party, & it didn't cost me a penny,............cost the first party over £300 though, I'd like to think that "TS" put me on the right road in that instance.

    Maurice.
  4. Maurice

    Maurice Banned Topic Starter Posts: 653

    Second time of asking, I really need to know what the Dropper type viruses do, the one I've got is Funweb 'A'
    My anti-virus won't get rid, & I'm very anxious to know what the heck it's doing, someone told me that he thinks droppers let other trojan viruses in by "the back door", is he right?
    Surely someone out there knows something about this, I do hope so!

    Maurice
  5. MYOB

    MYOB Newcomer, in training Posts: 527

  6. Maurice

    Maurice Banned Topic Starter Posts: 653

    Hello, MYOB, thanks for replying, I'm using AVG; free, downloaded version, how do you mean, "#9 on Google", you're young, I'm old, old, old, well, not THAT old perhaps, [see my profile]
    & don't always pick up on modern cryptic statements, sorry!
    I've followed up the web address leads TS members have suggested, & it seems this particular one is tricky & not easy to remove, as your suggested WebUser site states, thanks for that.
    Do you know how long it stays, & most importantly, what it does?
    The others know me, & know tht I've only been using a computer for a couple of years now, & am still "feeling my way" so to speak.

    Maurice
  7. MYOB

    MYOB Newcomer, in training Posts: 527

    9th response of Google Ireland to "Funweb.A"

    If its a real virus, it'll stay for all eternity usually.

    However, based on how few hits I got for it, I'm not sure its actually real. Have you got any suspicious processes in the Task Manager?
  8. RealBlackStuff

    RealBlackStuff Newcomer, in training Posts: 8,165

  9. Maurice

    Maurice Banned Topic Starter Posts: 653

    Thanks, guys.

    MYOB; nothing suspicious anywhere, as far as I can tell, didn't realise that it could be "not real", my AV says "virus detected" then does nothing, & won't let me enter the vault, [pointer becomes inactive]....weird, or what??

    RBS; I'll try that site, thanks.

    Maurice.
  10. Maurice

    Maurice Banned Topic Starter Posts: 653

    Well, it seems that I have another trojan, it says that it arrived via a "Mail returned to sender" email.
    I remember getting this, but am sure that I deleted it straight away, without opening, i.e., I didn't "open" the envelope symbol.
    Again, I ran a full search, on AVG, it completed the search, but again froze one bar from the end of the process of consigning it to the vault.

    I suppose that the dropper could be "letting further viruses through the back door" ? or was it the Mail Returned email, I'm PRETTY sure I didn't open it, as the email content is all gobbledegook, & couldn't be a genuine email return.

    I have a Mc Afee VirusScan 7.0 2003 edition disk, which I bought on the internet, there were no user install instructions etc., as it came unboxed, [it was only £9, from Dabs.com] so I went to their site & d/loaded the user guide, all 36 pages [there were 48, but I skipped the first 12, they were all about terms & conditions]

    On reading through some of the pages, it says there could be some problems installiing on XP, good old XP, [again], has anyone installed this particular McAffee version, 7.0, & is so, was there any problem with XP?

    I know, I know, problems don't just stop because you get a new PC.....DOH! I'm not stoopid!

    Maurice.
  11. RealBlackStuff

    RealBlackStuff Newcomer, in training Posts: 8,165

    Time to get rid of Outlook Express.
    Surf over to http://www.pmail.com/
    and download/install Pegasus V4.21c.
    It is free, no ads and one of the most respected email-programs around.
    Been using it for many years now, never a problem.

    Stop using Internet Explorer as well and download/instal Mozilla's Firefox.

    And while you are at it, see if www.utvinternet.com AKA www.u.tv) is available in your neck of the woods.
    They have terrific virus- and antispam-filters on their system. Get your new free email-address there. I have used them since the last century (!) and I have yet to receive my first ever spam email!
  12. Maurice

    Maurice Banned Topic Starter Posts: 653

    I sstill have the Dropper Funweb 'A', trojan virus, I am told it's in the following file, here it is, in it's entirety;--

    C;\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\4UUTHAOW\Smiley Central Initial Setup1.0.0.8 [1] exe

    [1] Can anyone identify this file, & tell what sort of virus it is?

    [2] If I go to "search", & type all this in, then when it's found, delete it, will this get rid of it?

    Something tells me that it won't be that simple, am I correct?, 'spect that by deleting the whole thing, I could eliminate something or things essential to running my PC,

    Maurice.
  13. Goalie

    Goalie Newcomer, in training Posts: 703

    Your best bet is to just use Internet Explorer's Tool->options menu, and then choose "Delete files". That *should* clear it, but Windows has been known to be stupid.

    You probably will not be able to access this file through explorer.

    I will do a better lookup on the virus type later...
     
  14. technoheckno

    technoheckno Newcomer, in training Posts: 24

    Hi,
    I'm not sure whether anyone has suggested this to you or you may have tried it yourself already, but several anti-virus companies will allow you to scan your system remotely from their websites - (I'm not sure what their success rate is like for actually fixing any problems they find). Anyway here's a link to Panda antivirus online scan - it takes a while to execute.
    http://www.pandasoftware.com/activescan/com/activescan_principal.htm

    Good luck.
  15. Maurice

    Maurice Banned Topic Starter Posts: 653

    Hello Al,
    Very strange this, I've just this minute come offline from d/loading Panda Active Scan!!, as you say, it takes quite a while, both to download & to scan, it seemed to do a thorough job, but it said "no virus detected" yet while it was scanning, a notice popped up stating "Funweb virus 'A' found, run AVG" as has happened before.
    I'm not knocking Panda, several people, including you have recommended it, it just seems that this one is hard to detect, and hard to eliminate., but thanks anyway.

    By the way, welcome to Techspot, it's a great site, Ive been a member for exactly ayear, & in that time the guys have helped me out of many a hole, they literally queue up with solutions.
    So this is your first post on your first day!, have you looked round the site much yet? one section is a "must", the gallery, you can see their rigs in their homes, & even themselves at their PC's, "Olfartes" gallery site is good, with him in the picture.

    All the best, Maurice. [have a look at my profile, I've just seen yours]
  16. Goalie

    Goalie Newcomer, in training Posts: 703

    Maurice.. it should be noted that only one AV product should be running on a machine at a time. The programs sometimes detect each other, can cause system instability, can cause false positives... so many issues. You can run more than one scan on a machine- but you should only have one of them in the memory at a time. IE disable AVG before running the online scan.

    Based on the information on AVG's site- the file itself may, or may not, be directly infected. It may however attempt to write infected files to your harddrive. How that can be true, I'm not sure- it's either infected or it's not.. *jeesh*

    Another thing you can do is boot into safe mode and just delete all of the files in "Temporary internet files" That should get rid of it.
  17. Maurice

    Maurice Banned Topic Starter Posts: 653

    Yeah, I know, Goalie, my frustration is affecting you now! I didn't realise that one could affect the other, it's logical, I guess.
    Forgive my ignorance, [again] but how do I boot into safe mode?

    Aren't I a pain?
    Maurice.
  18. RealBlackStuff

    RealBlackStuff Newcomer, in training Posts: 8,165

    When starting up your PC, press F8 a few times, until a boot-menu shows up.
    If you miss it, reboot again and keep pressing F8.
    Select the safe-mode and do as Goalie suggested.

    Alternatively, right-click on the Internet Explorer icon on your desktop, select Properties and click on "Delete Files", confirm and then click "Delete Cookies".
    Confirm and click OK.
    Check if that file is still there. If yes, do the afore-mentioned routine by Goalie.

    Next time you go to TechSpot, you will have to sign in again, because the Techspot-cookie got deleted.
  19. technoheckno

    technoheckno Newcomer, in training Posts: 24

    Hi Maurice,
    Thanks for the welcome message, yes I've had a good look round already, thanks. Just thought I'd offer my 5penneth while I was trying to sus the correct forum for my questions :). Sorry I ought to have mentioned you would have to disable AVG before running the Panda scan. I hope you've managed to delete your temporary Internet files and solve your problems by now.
  20. Maurice

    Maurice Banned Topic Starter Posts: 653

    Appeciate your getting back to me, technoheckno, no, haven't solved my problems yet, but I'm working on them, my latest pain is that my Outlook Express outgoing mail doesn't always get sent, it stays in my oubox, & might or might not go, the next time I use OE.

    But I have turned on my XP firewall, I found out where to go to do it, at last!

    Maurice
  21. RealBlackStuff

    RealBlackStuff Newcomer, in training Posts: 8,165

    You need to uninstall that SmileyCentral junk.
    You can also have a look at this (overwhelming) page:
    http://www.cengines.com/3/central-smiley-uninstall.html
  22. Maurice

    Maurice Banned Topic Starter Posts: 653

    RBS,...Good morning, & have a relaxing weekend, my friend.

    Smilies never got installed, so I didn't GET the toolbar, when the dropper virus was announced, I ran AVG, which I told you, I believe, the progress bar froze one bar from the end.
    With a little difficulty, I managed to get rid of the "frozen" progress bar, & the AVG banner, then when I brought it up again, & looked in the vault, "Smiley central Setup" was there, I r/clicked on it & deleted it, thhen went to Add/Delete, & deleted it from there too.
    The next day or so, the same virus announced itself, so I went thhrough the whole procedure again, I've just this minute looked in the vault again, it is clear.
    I've also just looked in programmes, just to make sure, no Smiley Central, but I've got the feeling that the virus will announce itself again, & the same things will have to be looked at again.

    On a separate issue, the emails not going sometimes, how do I stay on line all the time, I've looked on Connection Manager, [I've got XP] & the only related thing I can do, it seems, is to disable notification of disconnection, would this do it, as I think it might be a factor in the emails out problem. [I pay a monthly sub to my ISP, so I am VERY rarely cut off]

    Maurice. [get up that pub before the Saturday rush starts!]
  23. RealBlackStuff

    RealBlackStuff Newcomer, in training Posts: 8,165

    Try this:

    Boot into safe mode and clean out your temporary folders:

    C:\Documents and Settings\[yourname]\Local Settings\Temp
    C:\Documents and Settings\[yourname]\Local Settings\Temporary internet files
    c:\Windows\Downloaded Program Files
    c:\Windows\Temp

    That should get rid of any dropper-related files.
    Run AVG again.
    Keep arms/legs/fingers/toes crossed...
  24. Maurice

    Maurice Banned Topic Starter Posts: 653

    RBS, sorry to be a pain, especially at the weekend, but please remind me how to boot into safe mode, 'spect someone there told me how at some time, but I can't find it.

    Thanks, Maurice., [then I'll shut up for the rest of the day,honest!]
  25. young&wild

    young&wild TechSpot Chancellor Posts: 1,268

    Maurice, its a couple of post above your latest one. :)

Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.