Trojan Worm "Dropper Funweb "A"

Status
Not open for further replies.
M

Maurice

Posts: 646   +0
Does anyone know of this particular worm, & very importantly, what does it do?. Also where can I get a patch for it?, I got it trying to download Smiley Central, which I d/loaded for my previous PC, no trouble that time.

My anti-virus detected it, but couldn't eliminate it.

Maurice.
 
Thanks FeTaLDaMagE, [wow! by the way]

Welcome to Techspot, it's a great site, I 've had a LOT of help since I joined a year ago. Had problems for two months with a dodgy "techie" who mucked up a PC repair, got loads of advice on that, in the end, the repair was done by a third party, & it didn't cost me a penny,............cost the first party over £300 though, I'd like to think that "TS" put me on the right road in that instance.

Maurice.
 
Second time of asking, I really need to know what the Dropper type viruses do, the one I've got is Funweb 'A'
My anti-virus won't get rid, & I'm very anxious to know what the heck it's doing, someone told me that he thinks droppers let other trojan viruses in by "the back door", is he right?
Surely someone out there knows something about this, I do hope so!

Maurice
 
Hello, MYOB, thanks for replying, I'm using AVG; free, downloaded version, how do you mean, "#9 on Google", you're young, I'm old, old, old, well, not THAT old perhaps, [see my profile]
& don't always pick up on modern cryptic statements, sorry!
I've followed up the web address leads TS members have suggested, & it seems this particular one is tricky & not easy to remove, as your suggested WebUser site states, thanks for that.
Do you know how long it stays, & most importantly, what it does?
The others know me, & know tht I've only been using a computer for a couple of years now, & am still "feeling my way" so to speak.

Maurice
 
how do you mean, "#9 on Google", you're young, I'm old, old, old, well, not THAT old perhaps, [see my profile]
Click to expand...

9th response of Google Ireland to "Funweb.A"

Do you know how long it stays, & most importantly, what it does?
Click to expand...

If its a real virus, it'll stay for all eternity usually.

However, based on how few hits I got for it, I'm not sure its actually real. Have you got any suspicious processes in the Task Manager?
 
Thanks, guys.

MYOB; nothing suspicious anywhere, as far as I can tell, didn't realise that it could be "not real", my AV says "virus detected" then does nothing, & won't let me enter the vault, [pointer becomes inactive]....weird, or what??

RBS; I'll try that site, thanks.

Maurice.
 
Well, it seems that I have another trojan, it says that it arrived via a "Mail returned to sender" email.
I remember getting this, but am sure that I deleted it straight away, without opening, i.e., I didn't "open" the envelope symbol.
Again, I ran a full search, on AVG, it completed the search, but again froze one bar from the end of the process of consigning it to the vault.

I suppose that the dropper could be "letting further viruses through the back door" ? or was it the Mail Returned email, I'm PRETTY sure I didn't open it, as the email content is all gobbledegook, & couldn't be a genuine email return.

I have a Mc Afee VirusScan 7.0 2003 edition disk, which I bought on the internet, there were no user install instructions etc., as it came unboxed, [it was only £9, from Dabs.com] so I went to their site & d/loaded the user guide, all 36 pages [there were 48, but I skipped the first 12, they were all about terms & conditions]

On reading through some of the pages, it says there could be some problems installiing on XP, good old XP, [again], has anyone installed this particular McAffee version, 7.0, & is so, was there any problem with XP?

I know, I know, problems don't just stop because you get a new PC.....DOH! I'm not stoopid!

Maurice.
 
Time to get rid of Outlook Express.
Surf over to http://www.pmail.com/
and download/install Pegasus V4.21c.
It is free, no ads and one of the most respected email-programs around.
Been using it for many years now, never a problem.

Stop using Internet Explorer as well and download/instal Mozilla's Firefox.

And while you are at it, see if www.utvinternet.com AKA www.u.tv) is available in your neck of the woods.
They have terrific virus- and antispam-filters on their system. Get your new free email-address there. I have used them since the last century (!) and I have yet to receive my first ever spam email!
 
I sstill have the Dropper Funweb 'A', trojan virus, I am told it's in the following file, here it is, in it's entirety;--

C;\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\4UUTHAOW\Smiley Central Initial Setup1.0.0.8 [1] exe

[1] Can anyone identify this file, & tell what sort of virus it is?

[2] If I go to "search", & type all this in, then when it's found, delete it, will this get rid of it?

Something tells me that it won't be that simple, am I correct?, 'spect that by deleting the whole thing, I could eliminate something or things essential to running my PC,

Maurice.
 
Your best bet is to just use Internet Explorer's Tool->options menu, and then choose "Delete files". That *should* clear it, but Windows has been known to be stupid.

You probably will not be able to access this file through explorer.

I will do a better lookup on the virus type later...
 
Hi,
I'm not sure whether anyone has suggested this to you or you may have tried it yourself already, but several anti-virus companies will allow you to scan your system remotely from their websites - (I'm not sure what their success rate is like for actually fixing any problems they find). Anyway here's a link to Panda antivirus online scan - it takes a while to execute.
http://www.pandasoftware.com/activescan/com/activescan_principal.htm

Good luck.
 
Hello Al,
Very strange this, I've just this minute come offline from d/loading Panda Active Scan!!, as you say, it takes quite a while, both to download & to scan, it seemed to do a thorough job, but it said "no virus detected" yet while it was scanning, a notice popped up stating "Funweb virus 'A' found, run AVG" as has happened before.
I'm not knocking Panda, several people, including you have recommended it, it just seems that this one is hard to detect, and hard to eliminate., but thanks anyway.

By the way, welcome to Techspot, it's a great site, Ive been a member for exactly ayear, & in that time the guys have helped me out of many a hole, they literally queue up with solutions.
So this is your first post on your first day!, have you looked round the site much yet? one section is a "must", the gallery, you can see their rigs in their homes, & even themselves at their PC's, "Olfartes" gallery site is good, with him in the picture.

All the best, Maurice. [have a look at my profile, I've just seen yours]
 
Maurice.. it should be noted that only one AV product should be running on a machine at a time. The programs sometimes detect each other, can cause system instability, can cause false positives... so many issues. You can run more than one scan on a machine- but you should only have one of them in the memory at a time. IE disable AVG before running the online scan.

Based on the information on AVG's site- the file itself may, or may not, be directly infected. It may however attempt to write infected files to your harddrive. How that can be true, I'm not sure- it's either infected or it's not.. *jeesh*

Another thing you can do is boot into safe mode and just delete all of the files in "Temporary internet files" That should get rid of it.
 
Yeah, I know, Goalie, my frustration is affecting you now! I didn't realise that one could affect the other, it's logical, I guess.
Forgive my ignorance, [again] but how do I boot into safe mode?

Aren't I a pain?
Maurice.
 
When starting up your PC, press F8 a few times, until a boot-menu shows up.
If you miss it, reboot again and keep pressing F8.
Select the safe-mode and do as Goalie suggested.

Alternatively, right-click on the Internet Explorer icon on your desktop, select Properties and click on "Delete Files", confirm and then click "Delete Cookies".
Confirm and click OK.
Check if that file is still there. If yes, do the afore-mentioned routine by Goalie.

Next time you go to TechSpot, you will have to sign in again, because the Techspot-cookie got deleted.
 
Hi Maurice,
Thanks for the welcome message, yes I've had a good look round already, thanks. Just thought I'd offer my 5penneth while I was trying to sus the correct forum for my questions :). Sorry I ought to have mentioned you would have to disable AVG before running the Panda scan. I hope you've managed to delete your temporary Internet files and solve your problems by now.
 
Appeciate your getting back to me, technoheckno, no, haven't solved my problems yet, but I'm working on them, my latest pain is that my Outlook Express outgoing mail doesn't always get sent, it stays in my oubox, & might or might not go, the next time I use OE.

But I have turned on my XP firewall, I found out where to go to do it, at last!

Maurice
 
You need to uninstall that SmileyCentral junk.
(From the Smiley website)
How do I get Smiley Central off my machine?

While it is unclear why you experienced difficulty uninstalling Smiley Central and the toolbar (you may have deleted the toolbar uninstall files, so that the normal uninstall program is no longer available on your computer), we have created an uninstall application to help you remove the toolbar from your system. To do so:

1) Please click here to download the uninstall application.
http://help.myway.com/uninstall/mwsUnins.exe

2) You should be prompted to either open or save the file.

If you choose to open the file: An uninstall procedure will follow. Please select the appropriate options from the presented screen to remove this.

If you choose to save the file to your local drive: Double-click on the saved file after the download is complete. You will then be presented with the uninstall procedure. Please select the appropriate options from the presented screen to remove this.

Please note that you will continue to see the toolbar until you close and reopen all instances of your Web browser or Explorer.
Click to expand...

You can also have a look at this (overwhelming) page:
http://www.cengines.com/3/central-smiley-uninstall.html
 
RBS,...Good morning, & have a relaxing weekend, my friend.

Smilies never got installed, so I didn't GET the toolbar, when the dropper virus was announced, I ran AVG, which I told you, I believe, the progress bar froze one bar from the end.
With a little difficulty, I managed to get rid of the "frozen" progress bar, & the AVG banner, then when I brought it up again, & looked in the vault, "Smiley central Setup" was there, I r/clicked on it & deleted it, thhen went to Add/Delete, & deleted it from there too.
The next day or so, the same virus announced itself, so I went thhrough the whole procedure again, I've just this minute looked in the vault again, it is clear.
I've also just looked in programmes, just to make sure, no Smiley Central, but I've got the feeling that the virus will announce itself again, & the same things will have to be looked at again.

On a separate issue, the emails not going sometimes, how do I stay on line all the time, I've looked on Connection Manager, [I've got XP] & the only related thing I can do, it seems, is to disable notification of disconnection, would this do it, as I think it might be a factor in the emails out problem. [I pay a monthly sub to my ISP, so I am VERY rarely cut off]

Maurice. [get up that pub before the Saturday rush starts!]
 
Try this:

Boot into safe mode and clean out your temporary folders:

C:\Documents and Settings\[yourname]\Local Settings\Temp
C:\Documents and Settings\[yourname]\Local Settings\Temporary internet files
c:\Windows\Downloaded Program Files
c:\Windows\Temp

That should get rid of any dropper-related files.
Run AVG again.
Keep arms/legs/fingers/toes crossed...
 
RBS, sorry to be a pain, especially at the weekend, but please remind me how to boot into safe mode, 'spect someone there told me how at some time, but I can't find it.

Thanks, Maurice., [then I'll shut up for the rest of the day,honest!]
 
Maurice, its a couple of post above your latest one. :)

Originally posted by realblackstuff
When starting up your PC, press F8 a few times, until a boot-menu shows up.
If you miss it, reboot again and keep pressing F8.
Select the safe-mode and do as Goalie suggested.

Alternatively, right-click on the Internet Explorer icon on your desktop, select Properties and click on "Delete Files", confirm and then click "Delete Cookies".
Confirm and click OK.
Check if that file is still there. If yes, do the afore-mentioned routine by Goalie.

Next time you go to TechSpot, you will have to sign in again, because the Techspot-cookie got deleted.
Click to expand...
 
Status
Not open for further replies.

Similar threads

A
  • Locked
Developer delves into Denuvo DRM to run Hogwarts Legacy on a secondary PC
2 3
Replies
51
Views
522
GodisanAtheist
GodisanAtheist
Cal Jeffrey
Tesla owners now have a way to remotely issue voice commands to their vehicles
Replies
1
Views
300
scavengerspc
scavengerspc
Scorpus
  • Locked
Is AMD finally targeting Nvidia? Radeon RX 7800 XT & RX 7700 XT launch details, FSR 3,...
2 3 4
Replies
87
Views
3K
Puiu
Puiu

Latest posts

Back