1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Virus entitled Win32.SillyDl.BC trojan - Help please

Discussion in 'All other topics' started by peeches, Nov 29, 2004.

  1. peeches

    peeches Guest

    Hey. Last week I ran my virus scan because Word was acting really strange. I kept getting macro errors and I didn't know why, so I figured I had a virus. So, I scan my computer and sure enough - there's one. I found out through some research that it is "low" risk and it doesn't seem to be a macro virus, but it's the only one that 4 different virus scans found. I know where it is on my hard drive, but I don't want to just delete it because I am not sure if that is going to rid me of the problem. I have contacted HP's computer help desk, but after 4 hours of 45 minute pauses in between concerns, I got nothing accomplished except for a splitting headache. I think this virus is slowly shutting down files in my computer because this is the log that I received from my virus check which I NEVER got anything like this before:

    Scanning file(s)...
    C:\counter.cab>counter.exe - Win32.SillyDl.BC trojan.
    C:\counter.cab contains infected files.
    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat - unable to open file - not scanned.
    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG - unable to open file - not scanned.
    C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat - unable to open file - not scanned.
    C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat - unable to open file - not scanned.
    C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat - unable to open file - not scanned.
    C:\Documents and Settings\LocalService\NTUSER.DAT - unable to open file - not scanned.
    C:\Documents and Settings\LocalService\ntuser.dat.LOG - unable to open file - not scanned.
    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat - unable to open file - not scanned.
    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG - unable to open file - not scanned.
    C:\Documents and Settings\NetworkService\NTUSER.DAT - unable to open file - not scanned.
    C:\Documents and Settings\NetworkService\ntuser.dat.LOG - unable to open file - not scanned.
    C:\Documents and Settings\Owner\Cookies\index.dat - unable to open file - not scanned.
    C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{619E23A0-5DE1-4694-9030-89E0C4014C5D}\Microsoft\Outlook Express\Folders.dbx - unable to open file - not scanned.
    C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{619E23A0-5DE1-4694-9030-89E0C4014C5D}\Microsoft\Outlook Express\Offline.dbx - unable to open file - not scanned.
    C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat - unable to open file - not scanned.
    C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG - unable to open file - not scanned.
    C:\Documents and Settings\Owner\Local Settings\History\History.IE5\index.dat - unable to open file - not scanned.
    C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\index.dat - unable to open file - not scanned.
    C:\Documents and Settings\Owner\ntuser.dat - unable to open file - not scanned.
    C:\Documents and Settings\Owner\ntuser.dat.LOG - unable to open file - not scanned.
    C:\hiberfil.sys - unable to open file - not scanned.
    C:\pagefile.sys - unable to open file - not scanned.
    C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VIRUSLOG.TXT - unable to open file - not scanned.
    C:\Program Files\Compaq Connections\1940576\Users\Default\Data\chandir.dat - unable to open file - not scanned.
    C:\Program Files\Compaq Connections\1940576\Users\Default\Data\chandir.idx - unable to open file - not scanned.
    C:\Program Files\Compaq Connections\1940576\Users\Default\Data\chn.dat - unable to open file - not scanned.
    C:\Program Files\Compaq Connections\1940576\Users\Default\Data\chn.idx - unable to open file - not scanned.
    C:\Program Files\Compaq Connections\1940576\Users\Default\Data\D0000000.FCS - unable to open file - not scanned.
    C:\Program Files\Compaq Connections\1940576\Users\Default\Data\inuse.txt - unable to open file - not scanned.
    C:\Program Files\Compaq Connections\1940576\Users\Default\Data\L0000004.FCS - unable to open file - not scanned.
    C:\Program Files\Compaq Connections\1940576\Users\Default\Data\main.log - unable to open file - not scanned.
    C:\Program Files\Compaq Connections\1940576\Users\Default\Data\prs.dat - unable to open file - not scanned.
    C:\Program Files\Compaq Connections\1940576\Users\Default\Data\prs.idx - unable to open file - not scanned.
    C:\Program Files\Compaq Connections\1940576\Users\Default\Data\prs_die.dat - unable to open file - not scanned.
    C:\Program Files\Compaq Connections\1940576\Users\Default\Data\prs_die.idx - unable to open file - not scanned.
    C:\Program Files\Compaq Connections\1940576\Users\Default\Data\prs_dnd.dat - unable to open file - not scanned.
    C:\Program Files\Compaq Connections\1940576\Users\Default\Data\prs_dnd.idx - unable to open file - not scanned.
    C:\Program Files\Compaq Connections\1940576\Users\Default\Data\prs_ext.dat - unable to open file - not scanned.
    C:\Program Files\Compaq Connections\1940576\Users\Default\Data\prs_ext.idx - unable to open file - not scanned.
    C:\Program Files\Compaq Connections\1940576\Users\Default\Data\prs_rcv.dat - unable to open file - not scanned.
    C:\Program Files\Compaq Connections\1940576\Users\Default\Data\prs_rcv.idx - unable to open file - not scanned.
    C:\Program Files\Compaq Connections\1940576\Users\Default\Data\storydb.dat - unable to open file - not scanned.
    C:\Program Files\Compaq Connections\1940576\Users\Default\Data\storydb.idx - unable to open file - not scanned.
    C:\Program Files\Nero63115.exe - scan incomplete.
    C:\Program Files\RecordNow!\Tutorial\ENU\TutorialENU.exe - scan incomplete.
    C:\Program Files\RecordNow!\Tutorial\Movies\movies.exe - scan incomplete.
    C:\WINDOWS\Debug\oakley.log - unable to open file - not scanned.
    C:\WINDOWS\Debug\PASSWD.LOG - unable to open file - not scanned.
    C:\WINDOWS\I386\WBCACHE.DE_ - scan incomplete.
    C:\WINDOWS\I386\WBCACHE.EN_ - scan incomplete.
    C:\WINDOWS\I386\WBCACHE.ES_ - scan incomplete.
    C:\WINDOWS\I386\WBCACHE.FR_ - scan incomplete.
    C:\WINDOWS\I386\WBCACHE.IT_ - scan incomplete.
    C:\WINDOWS\I386\WBCACHE.NL_ - scan incomplete.
    C:\WINDOWS\I386\WBCACHE.SV_ - scan incomplete.
    C:\WINDOWS\SchedLgU.Txt - unable to open file - not scanned.
    C:\WINDOWS\SoftwareDistribution\EventCache\{E54EBFAA-539E-477D-AC7A-0B07BCD11E28}.bin - unable to open file - not scanned.
    C:\WINDOWS\SoftwareDistribution\EventCache\{F39F202E-78A8-46A1-9571-39CA30DDBC59}.bin - unable to open file - not scanned.
    C:\WINDOWS\SoftwareDistribution\ReportingEvents.log - unable to open file - not scanned.
    C:\WINDOWS\system32\config\AppEvent.Evt - unable to open file - not scanned.
    C:\WINDOWS\system32\config\default - unable to open file - not scanned.
    C:\WINDOWS\system32\config\default.LOG - unable to open file - not scanned.
    C:\WINDOWS\system32\config\SAM - unable to open file - not scanned.
    C:\WINDOWS\system32\config\SAM.LOG - unable to open file - not scanned.
    C:\WINDOWS\system32\config\SecEvent.Evt - unable to open file - not scanned.
    C:\WINDOWS\system32\config\SECURITY - unable to open file - not scanned.
    C:\WINDOWS\system32\config\SECURITY.LOG - unable to open file - not scanned.
    C:\WINDOWS\system32\config\software - unable to open file - not scanned.
    C:\WINDOWS\system32\config\software.LOG - unable to open file - not scanned.
    C:\WINDOWS\system32\config\SysEvent.Evt - unable to open file - not scanned.
    C:\WINDOWS\system32\config\system - unable to open file - not scanned.
    C:\WINDOWS\system32\config\system.LOG - unable to open file - not scanned.
    C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat - unable to open file - not scanned.
    C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat - unable to open file - not scanned.
    C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat - unable to open file - not scanned.
    C:\WINDOWS\system32\h323log.txt - unable to open file - not scanned.
    C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR - unable to open file - not scanned.
    C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA - unable to open file - not scanned.
    C:\WINDOWS\WindowsUpdate.log - unable to open file - not scanned.

    Can ANYONE help me with this? I'm at a loss and I don't know where else to turn. THANK YOU IN ADVANCE!

    I must say that this site is very informative and helpful. I have been learning a lot from everyone! I have confidence that someone will be able to help me out here! Thank you!

    Peeches

     
  2. ddp

    ddp Moderator Staff Member

    Joined:
    Oct 15, 2004
    Messages:
    39,153
    Likes Received:
    134
    Trophy Points:
    143
    i presume your antivirus program did not remove virus. try avg7(free version) from www.grisoft.com & also do an online scan with www.antivirus.com. download a copy of ad-aware se from lavasoft.com for any spywares
     
  3. CJC

    CJC Regular member

    Joined:
    Aug 23, 2004
    Messages:
    585
    Likes Received:
    1
    Trophy Points:
    26
  4. peeches

    peeches Guest

    Thanks. I did look over the posts and researched to make sure that I wasn't going to be doubling up on the question prior to making my post. I read that post in detail, but I wasn't sure if the directions would be the same for different types of viruses. I am going to try those steps today and see if I can get rid of this nasty little thing! Thanks for the replies.

    Who and WHY would someone want to put out viruses to harm people's computers they don't even know? What is the point? I'll never get it...
     
  5. CJC

    CJC Regular member

    Joined:
    Aug 23, 2004
    Messages:
    585
    Likes Received:
    1
    Trophy Points:
    26
    For personally enjoyment or satisfaction, knowing that they can do stuff to other peoples computers pretty easy.

    Some are just to show up M$ security, and dont do any harm.

    CJC
     
  6. pulsar

    pulsar Active member

    Joined:
    Dec 31, 2003
    Messages:
    2,081
    Likes Received:
    1
    Trophy Points:
    68
    Found this, may be interesting;
    Win32.SillyDl
    Description Published: July 13, 2004
    Description Modified: November 21, 2004










    Category: Win32
    Also known as: Download.Trojan (Symantec), Downloader-BI (McAfee), Downloader-IF (McAfee), Downloader-JU (McAfee), Downloader-KP (McAfee), Win32/Gloogle.Downloader.52626.T, Win32/Gloogle.Downloader.Trojan, Win32/Jeem.C.Downloader.Trojan, Win32/PWS.Xuxx.Downloader.Trojan, Win32/Rslocal.Downloader.Trojan, Win32.SillyDl.A, Win32.SillyDl.AB, Win32.SillyDl.AC, Win32.SillyDl.AE, W32/Sillydl.AE (F-Secure), Win32.SillyDl.AK, Win32.SillyDl.AQ, Win32.SillyDl.AS, Win32.SillyDl.AY, Win32.SillyDl.B, Win32.SillyDl.BC, Win32.SillyDl.BC, Win32.SillyDl.BG, Win32.SillyDl.BH, Win32.SillyDl.C, Win32.SillyDl.D, Win32.SillyDl.E, Win32/SillyDl.E.Trojan, Win32.SillyDl.F, Win32/SillyDl.F.Trojan, Win32.SillyDl.G, Win32.SillyDl.H, Win32.SillyDl.L, Win32.SillyDl.R, Win32.SillyDl.U, Win32.SillyDl.W, TrojanDownloader.Win32.Agent.am (Kaspersky), TrojanDownloader.Win32.Small.cb (Kaspersky), TrojanDownloader.Win32.Small.ij (Kaspersky), TrojanDownloader.Win32.Small.mj (Kaspersky), TrojanDownloader.Win32.Small.mz (Kaspersky), TrojanDownloader.Win32.Small.ng (Kaspersky), TrojanDownloader.Win32.Small.ox (Kaspersky)





    This threat is detected by the latest signature updates.











    Win32.SillyDl is a family of trojans that act as downloaders.

    A downloader is a program that automatically downloads and runs and/or installs other software without the user's knowledge or permission.

    In addition to downloading and installing other software, it may download updated versions of itself.

    A downloader may install itself in a manner that allows it to constantly check for updated files. For example, it may add an entry to the following registry key:

    HKLM\Software\Microsoft\Windows\CurrentVersion\Run

    A Win32.SillyDl variant may download other trojans, or non-malicious programs such as adware. At any given moment in time, the program(s) it attempts to download may be changed or updated, or may be unavailable altogether. They usually download using HTTP.

    Win32.SillyDl variants are usually quite small, due to their limited functionality. They may be compressed with any of a variety of executable packers, such as UPX, ASPack or FSG.

    Return to top




     
  7. pulsar

    pulsar Active member

    Joined:
    Dec 31, 2003
    Messages:
    2,081
    Likes Received:
    1
    Trophy Points:
    68

Share This Page