You could also remove those files from memory through the task manager before or during scanning so the AV program can do it’s work on them. I think you can ???
That one baffled me too. I remember searching both here and Trend’s “encyclopedia”, once I’d learned the name of the beast, and it seemed to be generally agreed that the culprit was a security gap in the MS VM. But the infected files were definitely in the Sun folders. And more importantly, in the applet cache, which the VM never offered.
Well, we need to make sure. I try to do some research tomorrow if I find time at work.
I’ll be curious to see if you find anything interesting.
While you’re doing that, I probably should have mentioned another one HouseCall found at the same time – they might be related, or it might have been sheer conicidence. That was Troj Istbar.I – it didn’t concern me because HouseCall was quite happy to remove it, and a return visit showed that it apparently came out clean, no detectable traces afterwards.
And a couple of times in the last week or two, some website (maybe two different ones) that’s not one of my regular “stops” managed to sneakily install the dialer for DIDI, whatever/wherever that is. Fortunately it seemed to need no more than removal from Internet Options/Connections – no trace of it turned up after I did that, not even in the registry.
I get 30 lashes with a wet noodle for forgetting “minor details”, right? :-[
(Edited to add:) One more precaution, which didn’t occur to me till I’d gotten up today (Monday) – considering where that Java one wound up, I’ve now gone back into the Java Plug-In control panel, double-checked that the applet cache was still empty, and disabled applet caching.
And the cache, while a good idea in theory, doesn’t really make much difference on gaming sites I frequent, with the exception of SimSlots (yes, I’m a comfirmed wanna-be gambler 
). Most of the others regularly upgrade their servers and/or applets once a week or so, so have to be downloaded from scratch again anyway.
istbar is also detected by spybot search and destroy so its no false positive. I HATE SPYWARE!
yes it takes a while to download the updates but not to worry I have cable hehehe ;D
managed to sneakily install the dialer for DIDI
download spyware blaster (its less than 1 MB) and update it to prevent those from being installed. If you have it open it and click check for updates
Thanks again, ML. I went to take a look at it here (from DogPile search) – and when I clicked on the “Spyware Blaster” link there, it sent me to SpyKiller. Are we still talking the same thing, or should I use a different starting point entirely?
I do have and use AdAware, but it’s the basic freeware version (disk scans only, no resident protection), and it sounds like I do need some kind of resident protection for those dialers. I was interested that both times that DIDI thing went in, it immediately started dialing (and I think successfully connected) even though I was already online with my local connection. Ain’t science wonderful? ;D
spyware blaster is here and keep it from being installed (weekly updates) http://www.javacoolsoftware.com/spywareblaster.html
spyware guard is here and is the resident scanner (updates are monthly sometimes bi-monthly) http://www.wilderssecurity.net/spywareguard.html
both made and updates by javacool
i believe these are in technical’s links post too
Got it (the Blaster one) this time, ML, thanks - hope k-cookies don’t cause you a weight problem. Signed up for their forums too while I was at it, although since Blaster’s not even an active process (works by setting “traps” in the registry, if I understand correctly) I doubt if I’ll be there much.
Sounds like the Blaster doesn’t require you to do a thing, other than open it and check for updates periodically.
Hopefully we’ve finally beaten this one to death – although it’ll be interesting to see if Culpeper turned up anything new.
Thanks again, and best,
Mike
i use both. the guard has really good browser hijack protection. And yes the blaster uses a kill switch/trap door like thingy
hope k-cookies don't cause you a weight problem.;D
I have these trojans in a zip file. I scanned them with avast 4.5 (VPS 0443-3) did not detect any trojan.
I think avast added them to the db in VPS 0311-6 dated 16/12/2003. How come avast can’t detect them? Does the virus team drop some viruses/trojans periodically?
these files still undetected :-\ :