A Digital Age Deserves A Digital Leader

virus ?

virus ?

Postby bobseptic » Mon Jan 27, 2003 10:32 pm

i downloaded a program patch from kazzalite, scanned it for viruses, none detected. i clicked on the downloaded file which was a patch & winjava tryed to access the internet, i clicked NO and shortly after all the icons dissapeared on my desktop. i restarted and seconds after zonealarm shut itself down and so did avg antivirus. i restarted it only to have it shut down again.

i traced the problem to startup in msconfig, i found winjava and wsock32 had been added. they are listed under common startup.

i unticked them and rebooted, all seems fine but HOW DO I REMOVE THESE ITEMS FROM STARTUP?

i looked in there location c:WINDOWS\java\apps\winjava.exe
and c:WINDOWS\java\apps\wsock32.exe but the folder is EMPTY (i have settings set to show hidden files etc in folder options)

Is this a virus/trojan?

any help appreciated folks wtf
PRO Level 5
User avatar
Posts: 160
Joined: Sun Jul 28, 2002 3:08 pm
Location: Belfast, Northern Ireland.

Postby SCgone » Mon Jan 27, 2003 10:47 pm

If it was wsock32.dll then it could be the Happy99 virus. That renames wsock32.dll to wsock32.ska and creates a new wsock32.dll. I would certainly download another virus scanner and run it to make sure. A virus would be capable of turning off ZA and I know one targets Norton Antivirus.
PRO PLATINUM
Posts: 6879
Joined: Thu Mar 14, 2002 11:59 pm
Location: South Carolina, USA

re wsock and winjava

Postby bobseptic » Mon Jan 27, 2003 11:25 pm

the 2 files are called wsock32.exeCommon Startup 36kb, winjava.exeCommon Startup 28kb, i found them in search and they are presently in the rcycle bin. they both had todays date stamp and relevant time.

How do i know if the proper wsock has been renamed?
it is currently in the i386 folder WSOCK32 4.61kb 18/08/2001 13.00 in capital letters whereas the virus is in lower case.

Help Please :no

can a virus rename a file and keep the previous date?

i did full avg search and nothing came up, avg is uptodate

HOW DO I REMOVE THESE ITEMS FROM STARTUP?
:-?
Last edited by bobseptic on Mon Jan 27, 2003 11:27 pm, edited 1 time in total.
PRO Level 5
User avatar
Posts: 160
Joined: Sun Jul 28, 2002 3:08 pm
Location: Belfast, Northern Ireland.

Postby Yappinator » Mon Jan 27, 2003 11:26 pm

housecall

Scan without registering

and also try:

Anti-trojan



yaps
Yappinator

Return to Security & Virus

Who is online

Users browsing this forum: No registered users and 5 guests

cron
cron