deaday.exe

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

casper03

Thread Starter
Joined
Nov 25, 2001
Messages
272
I just found this while looking in my windows folder:

1. does anyone know what kind of virus it is ?

2. why did my norton anti virus not pick it up sooner ?

3. i have deleted it now is there anything else i need to do ?
 
Joined
Dec 9, 2000
Messages
45,855
That's the name of the infected file, but not the virus. What virus did Norton say it was?

The file itself doesn't seem to belong to anything.
 

casper03

Thread Starter
Joined
Nov 25, 2001
Messages
272
THANK'S for replying,

it was something like javakiller or words to that effect
i know that probably aint much help.

i have since stopped norton from just scanning program files
and found seven other viruses in there all the same as the first
one in the they were all called javakiller ???

but i have bigger problems now i think i found a trojan called
backdoor trojan. Norton can not seem to do anything with it
it won't repair quarantine or delete it.

it does say that i should delete this file and replace it with a new one nut when i try to locate the file i can't seem to find it the only info i could copy from norton was this:

The file \Device\Harddisk0\Partition1\WINDOWS\system\winload.exe in compressed file C:\UNDO\BACKUP.CAB.


please help as im totaly in a panic now
 
Joined
Dec 9, 2000
Messages
45,855
Download and unzip the rx-pack from the site below to a convenient folder.

Run the Startuplog.com file. It will place a Startuplog.txt file on the desktop. Copy the full text and paste it to your next reply. The stubbpaths.txt is not needed.

If as a result of running Norton or any other action you have problems running exe files (which can happen after trojan cleaning), run the exefix08 file which is a part of the rx-pack.

http://home.earthlink.net/~rmbox/Reticulated/Toys.html


http://securityresponse.symantec.com/avcenter/venc/data/w32.javakiller.trojan.html

Also, there are many "backdoor" trojans, if Norton identified it, give the exact name.

I think you probably don't have to worry about this if it was all Norton found of the "backdoor trojan" -- it was not executed but somehow got placed in a backup cab archive.

The file \Device\Harddisk0\Partition1\WINDOWS\system\winloa
d.exe in compressed file C:\UNDO\BACKUP.CAB.

Had you run something like Partition magic, maybe a "cracked" version? I would just delete the backup.cab file which contains winload.exe, the trojan. Or if you feel that cab is something you need to preserve, you can try unzipping it and deleting winload.exe -- just be careful not to run it.
 

casper03

Thread Starter
Joined
Nov 25, 2001
Messages
272
in your reply you said:

I would just delete the backup.cab file which contains winload.exe, the trojan. Or if you feel that cab is something you need to preserve, you can try unzipping it and deleting winload.exe -- just be careful not to run it.

Can you tell me how to locate this file as i have tried to do a search for the undo folder and i cant seem to find it. i have
even told windows to show hidden files and folders.

but i still cant find it
 
Joined
Dec 9, 2000
Messages
45,855
I don't see any evidence of javakiller there. Did you follow the instructions on the symantec link, or did Norton clean it? You might want to check the registry for the mirc keys indicated, they wouldn't come up on the startup log.

@="exefile" (.dl trojan executable file - RegPath = HKCR\.dl

Also if you run regedit and look at the Hkey Current Root key you should find an entry for

.dl Note the one L; you do not want to delete .dll

This is something that can be exploited by trojans and should be deleted. (right click, delete)

For the mysterious folder, if you enter:

c:\undo

in your address bar, it should come up if it is there.

Does Norton have it in a "quarantine" folder?

Are you scanning clean now, other than that?
 

casper03

Thread Starter
Joined
Nov 25, 2001
Messages
272
Thanks again for the response.

i have followed all the instructions on the pages you linked to
for dealing with the javakiller virus. and i think that has been
taken care of.

in relation to the winload .exe i have completely deleted the
C:\undo\backup.cab file, is there any more i need do im checking
with norton again at the moment to see if my c drive comes up clean this time.

i will post again to let you know.

I have one further question do i need to replace the backup file
and if so how?
 

casper03

Thread Starter
Joined
Nov 25, 2001
Messages
272
also im sorry but call me thick i did not understand the part of your post that went as follows:

@="exefile" (.dl trojan executable file - RegPath = HKCR\.dl

Also if you run regedit and look at the Hkey Current Root key you should find an entry for

.dl Note the one L; you do not want to delete .dll


i ran regedit but was unable to find that particular location
if possible could you please explain it a little more as you are
dealing with a bit of a idiot when it comes to regedit
 

casper03

Thread Starter
Joined
Nov 25, 2001
Messages
272
OOPS!?

still running norton but it now says i have two backdoor viruses
in C:\incinerate c1.cab and C:\ incinerate c2.cab is this because i used system mechanics incinerator to get rid of the back up cab file and will i now have to delete those also through recycle bin ?
 
Joined
Dec 9, 2000
Messages
45,855
About the backup file, It is not a "Windows" component, I don't know what created it, but I don't think there is any way to restore it, and I doub't you will have any call for it.

On the .dl entry

What you need to do is run regedit and click on

+ HKEy_Classes_Root

Then scroll down to the 'd' entries look for

.dl

I can show you an attached picture, but you will not see that entry, just .dll which you do NOT want to delete.

.dl (with one L) should be right next to it. It may look like this:

.dl_

Possibly the underline was not displayed in the attached text copy of the startup log, but that is usually the way it is found

If you can't find it. I wouldn't worry too much about it. Legitimate programs will sometimes place that as a part of the install process for their dlls but not really use it after the install.
 

Attachments

Joined
Dec 9, 2000
Messages
45,855
LOL, I don't know, but it sure sounds that way. I would just delete them in the normal manner and empty your recycle bin afterwards or they will show up there in the next scan.
 

casper03

Thread Starter
Joined
Nov 25, 2001
Messages
272
hey guess what ?

now i cant find the incinerate file either.

it says in norton reports:
C:\INCINERATE\C2.CAB is infected with backdoor.trojan this cannot be deleted.

it also says the same for C:\INCINERATE\C1.CAB
 
Joined
Dec 9, 2000
Messages
45,855
Doesn't Norton place these things in a special Quarantine folder when it finds them?

What happens when you enter c:\incinerate in your address bar?

Did you rename your recycle bin "incinerate" ?
 

casper03

Thread Starter
Joined
Nov 25, 2001
Messages
272
Norton can't repair quarantine or delete these files :

my comp takes me to the system mechanic incinerator bin:

NO !
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Members online

Top