1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Archive bomb noted by AV program

Discussion in 'Virus & Other Malware Removal' started by agpilot, Feb 19, 2005.

Thread Status:
Not open for further replies.
Advertisement
  1. agpilot

    agpilot Thread Starter

    Joined:
    Dec 25, 2004
    Messages:
    95
    Hi everyone: I think this is my first big Q. While running an AntiVirus program, it listed a file called cakne6t as a possible archive bomb. That's a new one on me and rather than fiddle around with it I thought maybe I better ask first. Last thing I need is a "bomb." I had Win98SE running an updated Fprot antivirus program. So.. What's an archive bomb?? ..and how to SAFELY get rid of it?? Thanks tech guys.. agpilot
     
  2. agpilot

    agpilot Thread Starter

    Joined:
    Dec 25, 2004
    Messages:
    95
    Hello. Anyone know what an "Archive bomb" is? ..and SAFEST way to defuse?

    ..it's Fprot AV term. Thanks. agpilot
     
  3. Trybry

    Trybry

    Joined:
    Sep 27, 2004
    Messages:
    67
    Hi,

    I too have an Archive Bomb infestation!

    I don't think F-Prot isolated the exact file though.
    I do know that Mozilla 1.7.3 has been slowed to a crawl.

    If you recieved or loctated any help on the subject?
    Please let me know, the who, what and why?
    On how to fix the problem or get rid of it!

    Thanks


     
  4. brendandonhu

    brendandonhu

    Joined:
    Jul 8, 2002
    Messages:
    14,681
    Does F-Prot offer to fix it, and what file is it detected in?
     
  5. Trybry

    Trybry

    Joined:
    Sep 27, 2004
    Messages:
    67
    Thanks for the reply Brendan,

    No F-Prot thinks it's not a problem see below:

    "C:\WINDOWS\TEMPOR~1\CONTENT.IE5\Q9SBUDWF\PAL_IN~1.EXE could be an archive bom¦
    ¦Does not require disinfection.
    ¦C:\WINDOWS\TEMPOR~1\CONTENT.IE5\GNUVWFAZ\PAL_IN~1.EXE could be an archive bom
    ¦Does not require disinfection."

    I noticed the slow down and now I want to fix it!
    I can delete the programs and hope for the best.

    Or do you have any experience in preventing it's migration?
    I ask this because I don't use IE. and it is still slowing down Mozilla.
     
  6. brendandonhu

    brendandonhu

    Joined:
    Jul 8, 2002
    Messages:
    14,681
    That file may or may not be a virus, but we'll get rid of it just in case.

    Ok, first thing to do is clear all Temporary Internet Files, and delete all contents of that directory.

    Then, run HijackThis and post the results here (http://www.dknoppix.com/cgi-bin/download.cgi?HijackThis)
     
  7. Trybry

    Trybry

    Joined:
    Sep 27, 2004
    Messages:
    67
    Okay,

    I cleaned out my temp internet files and ran HJT.

    Here's the results:

    Logfile of HijackThis v1.99.1
    Scan saved at 3:02:07 PM, on 8/12/05
    Platform: Windows 98 Gold (Win9x 4.10.1998)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
    C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE
    C:\PROGRAM FILES\GRISOFT\AVG\AVGCC.EXE
    C:\PROGRAM FILES\GRISOFT\AVG\AVGEMC.EXE
    C:\PROGRAM FILES\GRISOFT\AVG\AVGAMSVR.EXE
    C:\WINDOWS\RunDLL.exe
    C:\PROGRAM FILES\SOPHOS\SOPHOS ANTI-VIRUS\ICSUPP95.EXE
    C:\PROGRAM FILES\BLUELIGHT INTERNET\EXEC.EXE
    C:\WINDOWS\SYSTEM\RNAAPP.EXE
    C:\WINDOWS\SYSTEM\TAPISRV.EXE
    C:\PROGRAM FILES\BLUELIGHT INTERNET\EXEC.EXE
    C:\PROGRAM FILES\MOZILLA.ORG\MOZILLA\MOZILLA.EXE
    C:\MY DOWNS\DEFNSE\HIJACKTHIS.EXE

    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
    O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
    O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
    O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
    O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
    O4 - HKLM\..\RunServices: [Sweep95] C:\Program Files\Sophos\Sophos Anti-Virus\ICLOAD95.EXE
    O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
     
  8. brendandonhu

    brendandonhu

    Joined:
    Jul 8, 2002
    Messages:
    14,681
    Log is fine, does F-Prot still find a virus?
     
  9. Trybry

    Trybry

    Joined:
    Sep 27, 2004
    Messages:
    67
    I have noiticed during the scan that this message keeps popping up?

    C:\WINDOWS\WIN386.SWP Not scanned (in use by another application)

    I don't like the sound of that one.
    I've also never seen that one before, either?
     
  10. brendandonhu

    brendandonhu

    Joined:
    Jul 8, 2002
    Messages:
    14,681
    Win386.swp is fine, as long as those TEMP files that are potential viruses are gone, no need to worry.
    Was that your whole hijackthis log? It was pretty short.
     
  11. Trybry

    Trybry

    Joined:
    Sep 27, 2004
    Messages:
    67
    Yes.

    I've been using it for sometime.
    Anything not important, does not run without my final approval.

    Okay

    Thanks
     
  12. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/332414