Advertisement

There's no such thing as a stupid question, but they're the easiest to answer.
Login
Search

Advertisement

Virus & Other Malware Removal Virus & Other Malware Removal
Search Search
Search for:
Tech Support Guy > > >

Archive bomb noted by AV program

(New)
(!)

agpilot's Avatar
agpilot agpilot is offline
Member with 89 posts.
THREAD STARTER
 
Join Date: Dec 2004
Experience: Almost Intermediate
19-Feb-2005, 01:58 PM #1
Archive bomb noted by AV program
Hi everyone: I think this is my first big Q. While running an AntiVirus program, it listed a file called cakne6t as a possible archive bomb. That's a new one on me and rather than fiddle around with it I thought maybe I better ask first. Last thing I need is a "bomb." I had Win98SE running an updated Fprot antivirus program. So.. What's an archive bomb?? ..and how to SAFELY get rid of it?? Thanks tech guys.. agpilot
agpilot's Avatar
agpilot agpilot is offline
Member with 89 posts.
THREAD STARTER
 
Join Date: Dec 2004
Experience: Almost Intermediate
20-Feb-2005, 11:52 AM #2
Hello. Anyone know what an "Archive bomb" is? ..and SAFEST way to defuse?

..it's Fprot AV term. Thanks. agpilot
Trybry's Avatar
Trybry Trybry is offline
Member with 67 posts.
 
Join Date: Sep 2004
Experience: somewhere in between beginner
11-Aug-2005, 02:51 AM #3
Did you ever get help with that bomb?
Hi,

I too have an Archive Bomb infestation!

I don't think F-Prot isolated the exact file though.
I do know that Mozilla 1.7.3 has been slowed to a crawl.

If you recieved or loctated any help on the subject?
Please let me know, the who, what and why?
On how to fix the problem or get rid of it!

Thanks


Quote:
Originally Posted by agpilot
Hi everyone: I think this is my first big Q. While running an AntiVirus program, it listed a file called cakne6t as a possible archive bomb. That's a new one on me and rather than fiddle around with it I thought maybe I better ask first. Last thing I need is a "bomb." I had Win98SE running an updated Fprot antivirus program. So.. What's an archive bomb?? ..and how to SAFELY get rid of it?? Thanks tech guys.. agpilot
brendandonhu's Avatar
Member with 14,681 posts.
 
Join Date: Jul 2002
Location: Ann Arbor, MI
Experience: Advanced
11-Aug-2005, 02:54 AM #4
Does F-Prot offer to fix it, and what file is it detected in?
Trybry's Avatar
Trybry Trybry is offline
Member with 67 posts.
 
Join Date: Sep 2004
Experience: somewhere in between beginner
11-Aug-2005, 03:07 AM #5
Thanks for the reply Brendan,

No F-Prot thinks it's not a problem see below:

"C:\WINDOWS\TEMPOR~1\CONTENT.IE5\Q9SBUDWF\PAL_IN~1.EXE could be an archive bom¦
¦Does not require disinfection.
¦C:\WINDOWS\TEMPOR~1\CONTENT.IE5\GNUVWFAZ\PAL_IN~1.EXE could be an archive bom
¦Does not require disinfection."

I noticed the slow down and now I want to fix it!
I can delete the programs and hope for the best.

Or do you have any experience in preventing it's migration?
I ask this because I don't use IE. and it is still slowing down Mozilla.
brendandonhu's Avatar
Member with 14,681 posts.
 
Join Date: Jul 2002
Location: Ann Arbor, MI
Experience: Advanced
11-Aug-2005, 10:51 AM #6
That file may or may not be a virus, but we'll get rid of it just in case.

Ok, first thing to do is clear all Temporary Internet Files, and delete all contents of that directory.

Then, run HijackThis and post the results here (http://www.dknoppix.com/cgi-bin/download.cgi?HijackThis)
__________________
-Brendan
Trybry's Avatar
Trybry Trybry is offline
Member with 67 posts.
 
Join Date: Sep 2004
Experience: somewhere in between beginner
12-Aug-2005, 03:12 PM #7
HJT results
Okay,

I cleaned out my temp internet files and ran HJT.

Here's the results:

Logfile of HijackThis v1.99.1
Scan saved at 3:02:07 PM, on 8/12/05
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE
C:\PROGRAM FILES\GRISOFT\AVG\AVGCC.EXE
C:\PROGRAM FILES\GRISOFT\AVG\AVGEMC.EXE
C:\PROGRAM FILES\GRISOFT\AVG\AVGAMSVR.EXE
C:\WINDOWS\RunDLL.exe
C:\PROGRAM FILES\SOPHOS\SOPHOS ANTI-VIRUS\ICSUPP95.EXE
C:\PROGRAM FILES\BLUELIGHT INTERNET\EXEC.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\BLUELIGHT INTERNET\EXEC.EXE
C:\PROGRAM FILES\MOZILLA.ORG\MOZILLA\MOZILLA.EXE
C:\MY DOWNS\DEFNSE\HIJACKTHIS.EXE

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - HKLM\..\RunServices: [Sweep95] C:\Program Files\Sophos\Sophos Anti-Virus\ICLOAD95.EXE
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
brendandonhu's Avatar
Member with 14,681 posts.
 
Join Date: Jul 2002
Location: Ann Arbor, MI
Experience: Advanced
12-Aug-2005, 03:19 PM #8
Log is fine, does F-Prot still find a virus?
Trybry's Avatar
Trybry Trybry is offline
Member with 67 posts.
 
Join Date: Sep 2004
Experience: somewhere in between beginner
12-Aug-2005, 04:07 PM #9
Running scan Now
I have noiticed during the scan that this message keeps popping up?

C:\WINDOWS\WIN386.SWP Not scanned (in use by another application)

I don't like the sound of that one.
I've also never seen that one before, either?
brendandonhu's Avatar
Member with 14,681 posts.
 
Join Date: Jul 2002
Location: Ann Arbor, MI
Experience: Advanced
12-Aug-2005, 04:28 PM #10
Win386.swp is fine, as long as those TEMP files that are potential viruses are gone, no need to worry.
Was that your whole hijackthis log? It was pretty short.
Trybry's Avatar
Trybry Trybry is offline
Member with 67 posts.
 
Join Date: Sep 2004
Experience: somewhere in between beginner
12-Aug-2005, 04:44 PM #11
Hjt
Yes.

I've been using it for sometime.
Anything not important, does not run without my final approval.

Okay

Thanks
As Seen On

BBC, Reader's Digest, PC Magazine, Today Show, Money Magazine
WELCOME TO TECH SUPPORT GUY!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.


(clock)
THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools


WELCOME
You Are Using: Server ID
Trusted Website Back to the Top ↑