(Msg. 1) Posted: Tue Mar 20, 2007 12:46 pm
Post subject: Symantec provided by Yahoo Archived from groups: alt>comp>anti-virus (more info?)
A friend used the "Symantec provided by Yahoo" scanned her laptop
which reported that her computer is infected with at least one known
virus or Trojan horse.
These two virus/trojans were:
D:\RECYCLER\S-1-521...\Dd209\NetCat\nc.exe is infected with NetCat.
C:\WINDOWS\Downloaded Program Files\pinstall.dll is infected with
Adware.Look2Me.
We looked at the D:\ drive and could not find the "RECYCLER" folder.
(We have enabled to show hidden files and folders.) Is this a false
positive?
We also checked the C:\WINDOWS to find the pinstall.dll infected by
Adware.Look2Me, but to no avail. Again, it is a false positive too.
(Msg. 2) Posted: Tue Mar 20, 2007 5:44 pm
Post subject: Re: Symantec provided by Yahoo [Login to view extended thread Info.] Archived from groups: per prev. post (more info?)
On Mar 20, 4:56 pm, "David H. Lipman" <DLipman~nosp...@Verizon.Net>
wrote:
> From: "a_monk" <dfox... RemoveThis @hotmail.com>
>
> | A friend used the "Symantec provided by Yahoo" scanned her laptop
> | which reported that her computer is infected with at least one known
> | virus or Trojan horse.
> |
> | These two virus/trojans were:
> | D:\RECYCLER\S-1-521...\Dd209\NetCat\nc.exe is infected with NetCat.
> | C:\WINDOWS\Downloaded Program Files\pinstall.dll is infected with
> | Adware.Look2Me.
> |
> | We looked at the D:\ drive and could not find the "RECYCLER" folder.
> | (We have enabled to show hidden files and folders.) Is this a false
> | positive?
> |
> | We also checked the C:\WINDOWS to find the pinstall.dll infected by
> | Adware.Look2Me, but to no avail. Again, it is a false positive too.
> |
> | Any comments/suggestions are appreciated.
> |
> | Thanks,
> |
> | A Monk
>
> D:\RECYCLER\. represents the Recycle Bin and is a Hidden & System folder.
> If a file was found in this folder, the infected was deleted but not yet purged.
>
> Look2Me is NOT easy to remove. Here are sevweral approaches.
>
> Ad-aware SE v1.06http://www.lavasoftusa.com/http://download.lavasoft.com/utils/Look2Me_Remover.exe
>
> F-Secure Look2Me Removal Tool:http://www.f-secure.com/tools/f-look2me.zip
>
> VX2/Look2Me Fix:http://www.downloads.subratam.org/VX2Finder.exe
>
> Merijin's Kill2me 1.11http://www.softpedia.com/progDownload/Killme-Download-10653.html
>
> Look2Me Remover 1.1.0http://www.simplytech.it/L2MRemover/L2MRemover.zip
>
> --
> Davehttp://www.claymania.com/removal-trojan-adware.htmlhttp://www.ik-c...om/got-
(Msg. 3) Posted: Tue Mar 20, 2007 5:49 pm
Post subject: Re: Symantec provided by Yahoo [Login to view extended thread Info.] Archived from groups: per prev. post (more info?)
On Mar 20, 4:56 pm, "David H. Lipman" <DLipman~nosp...@Verizon.Net>
wrote:
> From: "a_monk" <dfox....DeleteThis@hotmail.com>
>
> | A friend used the "Symantec provided by Yahoo" scanned her laptop
> | which reported that her computer is infected with at least one known
> | virus or Trojan horse.
> |
> | These two virus/trojans were:
> | D:\RECYCLER\S-1-521...\Dd209\NetCat\nc.exe is infected with NetCat.
> | C:\WINDOWS\Downloaded Program Files\pinstall.dll is infected with
> | Adware.Look2Me.
> |
> | We looked at the D:\ drive and could not find the "RECYCLER" folder.
> | (We have enabled to show hidden files and folders.) Is this a false
> | positive?
> |
> | We also checked the C:\WINDOWS to find the pinstall.dll infected by
> | Adware.Look2Me, but to no avail. Again, it is a false positive too.
> |
> | Any comments/suggestions are appreciated.
> |
> | Thanks,
> |
> | A Monk
>
> D:\RECYCLER\. represents the Recycle Bin and is a Hidden & System folder.
> If a file was found in this folder, the infected was deleted but not yet purged.
>
> Look2Me is NOT easy to remove. Here are sevweral approaches.
>
> Ad-aware SE v1.06http://www.lavasoftusa.com/http://download.lavasoft.com/utils/Look2Me_Remover.exe
>
> F-Secure Look2Me Removal Tool:http://www.f-secure.com/tools/f-look2me.zip
>
> VX2/Look2Me Fix:http://www.downloads.subratam.org/VX2Finder.exe
>
> Merijin's Kill2me 1.11http://www.softpedia.com/progDownload/Killme-Download-10653.html
>
> Look2Me Remover 1.1.0http://www.simplytech.it/L2MRemover/L2MRemover.zip
>
> --
> Davehttp://www.claymania.com/removal-trojan-adware.htmlhttp://www.ik-c...om/got-
Hi Dave;
The property of the "pinstall.dll" shows the file was used by
"Picasa", a Google Photo Organizer. Any idea that Look2Me is tied to
it?
(Msg. 4) Posted: Tue Mar 20, 2007 8:56 pm
Post subject: Re: Symantec provided by Yahoo [Login to view extended thread Info.] Archived from groups: per prev. post (more info?)
From: "a_monk" <dfox138.DeleteThis@hotmail.com>
| A friend used the "Symantec provided by Yahoo" scanned her laptop
| which reported that her computer is infected with at least one known
| virus or Trojan horse.
|
| These two virus/trojans were:
| D:\RECYCLER\S-1-521...\Dd209\NetCat\nc.exe is infected with NetCat.
| C:\WINDOWS\Downloaded Program Files\pinstall.dll is infected with
| Adware.Look2Me.
|
| We looked at the D:\ drive and could not find the "RECYCLER" folder.
| (We have enabled to show hidden files and folders.) Is this a false
| positive?
|
| We also checked the C:\WINDOWS to find the pinstall.dll infected by
| Adware.Look2Me, but to no avail. Again, it is a false positive too.
|
| Any comments/suggestions are appreciated.
|
| Thanks,
|
| A Monk
D:\RECYCLER\. represents the Recycle Bin and is a Hidden & System folder.
If a file was found in this folder, the infected was deleted but not yet purged.
Look2Me is NOT easy to remove. Here are sevweral approaches.
(Msg. 5) Posted: Wed Mar 21, 2007 1:00 am
Post subject: Re: Symantec provided by Yahoo [Login to view extended thread Info.] Archived from groups: per prev. post (more info?)
From: "a_monk" <dfox138 DeleteThis @hotmail.com>
|
| Hi Dave;
|
| The property of the "pinstall.dll" shows the file was used by
| "Picasa", a Google Photo Organizer. Any idea that Look2Me is tied to
| it?
|
| Many thanks again!
|
| A Monk
No but it *may* be a False Positive.
Let's find out...
Please submit a sample of "pinstall.dll" to Virus Total --
http://www.virustotal.com/flash/index_en.html
The submission will then be tested against many different AV vendor's scanners.
That will give you an idea what it is and who recognizes it. In addition, unless told
otherwise, Virus Total will provide the sample to all participating vendors.
You can also submit a suspect, one at a time, via the following email URL...
mailto:scan@virustotal.com?subject=SCAN
When you get the report, please post back the exact results.
All times are: Eastern Time (US & Canada) (change)
Page 1 of 1
You can post new topics in this forum You can reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
Home
Forums
Home
FAQ
Profile
Private Messages
Log in
Security