Win32:Vidlo-H [Trj]

system · September 13, 2005, 5:30pm

Hey guys, i’ve got a problem.
I can’t get rid of these:
Win32:Vidlo-H [Trj]
Win32:Adan-094 [Adw]
Win32:Adan-078 [Adw]

All i can do is stop the connection. I scanned my hdd, nothing was found. I use WinXP Pro/SP2 & avast! 4.6 home edition.

avast! log: http://img231.imageshack.us/img231/3342/avastlog3ce.gif
HijackThis log attached.

Thanks in advance for any help.

Lisandro · September 14, 2005, 2:15am

Can you post the name and path of the infected files?

I mean, I can’t see exactly in the log you’ve posted.

system · September 14, 2005, 4:25pm

http://195.95.218.100/users/serg/web/files/images/bndmod.jpg

http://195.95.218.100/users/serg/web/files/images/hlmicro.jpg

http://195.95.218.100/users/serg/web/files/images/logo_small.jpg

Lisandro · September 14, 2005, 5:54pm

Masterofdisaster, I’ve tried to scan these files with Dr. Web… The files isn’t there.
Is this a local file (a file in your computer)?

[i]
Error
Cant fetch file pointed by your url. This may be caused by several reasons:

Remote file not available (not found, requires authentication, permission denied)
Remote site is down or very slow or busy
No network connectivity between Dr.Web online server and remote site
See details below:
Details:

404 Not Found[/i]

system · September 20, 2005, 7:44am

HI at all!

My avast scanner screams every 15 minutes with the message the a virus is on my pc:

http://195.95.218.100/users/serg/web/files/images/bndmod.jpg

Win32:Adan-094 [Adw]

vps version: 0538-2, 19.09.2005

what i must do that i can stop it???

system · September 20, 2005, 8:01am

hi!

i have found a second virus when i shut the avastwindow witch is:

http://195.95.218.100/users/serg/web/files/images/hlmicro.jpg

Win32:Adan-078 [Adw]

vps wersion: 0538-2, 19.09.2005

pleas help me!!! ???

TedNelly · September 20, 2005, 8:41am

The URL that you have supplied produce a
[b]404 Not Found

The requested URL /images/404.html was not found on this server.

Apache/1.3.31 Server at 195.95.218.100 Port 80[/b]

Please check very hard to offer advice without more specific detail

system · September 20, 2005, 10:55am

Guys,

Nobody will be able to see or get in because you have to be an authorized user. This seems to be an images only server. If you back up each path you will be denied entry:

Forbidden
You don’t have permission to access /users/ on this server.
Apache/1.3.31 Server at 195.95.218.100 Port 80

If you go to the main IP for the entire path you get a page loaded response but no web page shows up.
http://195.95.218.100/

polonus · September 20, 2005, 11:29am

Hi masterofdisaster,

This is the line of action to be taken by you,

Disable system restore;
Run a full system scan, and repair all the files detected;
Delete all the values added to the registry.

Do these three steps, and you have overcome these worms.
How were you infected, the video H for instance is a mass-mailing worm?

greets,

polonus

TedNelly · September 20, 2005, 12:33pm

Hi masterofdisaster In addition to polonus good advice it may also pay to to download

Ewido Security Suite Free and run a scan with that as well

Ewido Security

Win32:Vidlo-H [Trj]

Announcements