-
Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.
deaday.exe
- Thread starter casper03
- Start date
- Status
- Joined
- Dec 9, 2000
- Messages
- 45,855
That's the name of the infected file, but not the virus. What virus did Norton say it was?
The file itself doesn't seem to belong to anything.
The file itself doesn't seem to belong to anything.
casper03
Thread Starter
- Joined
- Nov 25, 2001
- Messages
- 272
THANK'S for replying,
it was something like javakiller or words to that effect
i know that probably aint much help.
i have since stopped norton from just scanning program files
and found seven other viruses in there all the same as the first
one in the they were all called javakiller ???
but i have bigger problems now i think i found a trojan called
backdoor trojan. Norton can not seem to do anything with it
it won't repair quarantine or delete it.
it does say that i should delete this file and replace it with a new one nut when i try to locate the file i can't seem to find it the only info i could copy from norton was this:
The file \Device\Harddisk0\Partition1\WINDOWS\system\winload.exe in compressed file C:\UNDO\BACKUP.CAB.
please help as im totaly in a panic now
it was something like javakiller or words to that effect
i know that probably aint much help.
i have since stopped norton from just scanning program files
and found seven other viruses in there all the same as the first
one in the they were all called javakiller ???
but i have bigger problems now i think i found a trojan called
backdoor trojan. Norton can not seem to do anything with it
it won't repair quarantine or delete it.
it does say that i should delete this file and replace it with a new one nut when i try to locate the file i can't seem to find it the only info i could copy from norton was this:
The file \Device\Harddisk0\Partition1\WINDOWS\system\winload.exe in compressed file C:\UNDO\BACKUP.CAB.
please help as im totaly in a panic now
- Joined
- Dec 9, 2000
- Messages
- 45,855
Download and unzip the rx-pack from the site below to a convenient folder.
Run the Startuplog.com file. It will place a Startuplog.txt file on the desktop. Copy the full text and paste it to your next reply. The stubbpaths.txt is not needed.
If as a result of running Norton or any other action you have problems running exe files (which can happen after trojan cleaning), run the exefix08 file which is a part of the rx-pack.
http://home.earthlink.net/~rmbox/Reticulated/Toys.html
http://securityresponse.symantec.com/avcenter/venc/data/w32.javakiller.trojan.html
Also, there are many "backdoor" trojans, if Norton identified it, give the exact name.
I think you probably don't have to worry about this if it was all Norton found of the "backdoor trojan" -- it was not executed but somehow got placed in a backup cab archive.
The file \Device\Harddisk0\Partition1\WINDOWS\system\winloa
d.exe in compressed file C:\UNDO\BACKUP.CAB.
Had you run something like Partition magic, maybe a "cracked" version? I would just delete the backup.cab file which contains winload.exe, the trojan. Or if you feel that cab is something you need to preserve, you can try unzipping it and deleting winload.exe -- just be careful not to run it.
Run the Startuplog.com file. It will place a Startuplog.txt file on the desktop. Copy the full text and paste it to your next reply. The stubbpaths.txt is not needed.
If as a result of running Norton or any other action you have problems running exe files (which can happen after trojan cleaning), run the exefix08 file which is a part of the rx-pack.
http://home.earthlink.net/~rmbox/Reticulated/Toys.html
http://securityresponse.symantec.com/avcenter/venc/data/w32.javakiller.trojan.html
Also, there are many "backdoor" trojans, if Norton identified it, give the exact name.
I think you probably don't have to worry about this if it was all Norton found of the "backdoor trojan" -- it was not executed but somehow got placed in a backup cab archive.
The file \Device\Harddisk0\Partition1\WINDOWS\system\winloa
d.exe in compressed file C:\UNDO\BACKUP.CAB.
Had you run something like Partition magic, maybe a "cracked" version? I would just delete the backup.cab file which contains winload.exe, the trojan. Or if you feel that cab is something you need to preserve, you can try unzipping it and deleting winload.exe -- just be careful not to run it.
casper03
Thread Starter
- Joined
- Nov 25, 2001
- Messages
- 272
in your reply you said:
I would just delete the backup.cab file which contains winload.exe, the trojan. Or if you feel that cab is something you need to preserve, you can try unzipping it and deleting winload.exe -- just be careful not to run it.
Can you tell me how to locate this file as i have tried to do a search for the undo folder and i cant seem to find it. i have
even told windows to show hidden files and folders.
but i still cant find it
I would just delete the backup.cab file which contains winload.exe, the trojan. Or if you feel that cab is something you need to preserve, you can try unzipping it and deleting winload.exe -- just be careful not to run it.
Can you tell me how to locate this file as i have tried to do a search for the undo folder and i cant seem to find it. i have
even told windows to show hidden files and folders.
but i still cant find it
- Joined
- Dec 9, 2000
- Messages
- 45,855
I don't see any evidence of javakiller there. Did you follow the instructions on the symantec link, or did Norton clean it? You might want to check the registry for the mirc keys indicated, they wouldn't come up on the startup log.
@="exefile" (.dl trojan executable file - RegPath = HKCR\.dl
Also if you run regedit and look at the Hkey Current Root key you should find an entry for
.dl Note the one L; you do not want to delete .dll
This is something that can be exploited by trojans and should be deleted. (right click, delete)
For the mysterious folder, if you enter:
c:\undo
in your address bar, it should come up if it is there.
Does Norton have it in a "quarantine" folder?
Are you scanning clean now, other than that?
@="exefile" (.dl trojan executable file - RegPath = HKCR\.dl
Also if you run regedit and look at the Hkey Current Root key you should find an entry for
.dl Note the one L; you do not want to delete .dll
This is something that can be exploited by trojans and should be deleted. (right click, delete)
For the mysterious folder, if you enter:
c:\undo
in your address bar, it should come up if it is there.
Does Norton have it in a "quarantine" folder?
Are you scanning clean now, other than that?
casper03
Thread Starter
- Joined
- Nov 25, 2001
- Messages
- 272
Thanks again for the response.
i have followed all the instructions on the pages you linked to
for dealing with the javakiller virus. and i think that has been
taken care of.
in relation to the winload .exe i have completely deleted the
C:\undo\backup.cab file, is there any more i need do im checking
with norton again at the moment to see if my c drive comes up clean this time.
i will post again to let you know.
I have one further question do i need to replace the backup file
and if so how?
i have followed all the instructions on the pages you linked to
for dealing with the javakiller virus. and i think that has been
taken care of.
in relation to the winload .exe i have completely deleted the
C:\undo\backup.cab file, is there any more i need do im checking
with norton again at the moment to see if my c drive comes up clean this time.
i will post again to let you know.
I have one further question do i need to replace the backup file
and if so how?
casper03
Thread Starter
- Joined
- Nov 25, 2001
- Messages
- 272
also im sorry but call me thick i did not understand the part of your post that went as follows:
@="exefile" (.dl trojan executable file - RegPath = HKCR\.dl
Also if you run regedit and look at the Hkey Current Root key you should find an entry for
.dl Note the one L; you do not want to delete .dll
i ran regedit but was unable to find that particular location
if possible could you please explain it a little more as you are
dealing with a bit of a idiot when it comes to regedit
@="exefile" (.dl trojan executable file - RegPath = HKCR\.dl
Also if you run regedit and look at the Hkey Current Root key you should find an entry for
.dl Note the one L; you do not want to delete .dll
i ran regedit but was unable to find that particular location
if possible could you please explain it a little more as you are
dealing with a bit of a idiot when it comes to regedit
casper03
Thread Starter
- Joined
- Nov 25, 2001
- Messages
- 272
OOPS!?
still running norton but it now says i have two backdoor viruses
in C:\incinerate c1.cab and C:\ incinerate c2.cab is this because i used system mechanics incinerator to get rid of the back up cab file and will i now have to delete those also through recycle bin ?
still running norton but it now says i have two backdoor viruses
in C:\incinerate c1.cab and C:\ incinerate c2.cab is this because i used system mechanics incinerator to get rid of the back up cab file and will i now have to delete those also through recycle bin ?
- Joined
- Dec 9, 2000
- Messages
- 45,855
About the backup file, It is not a "Windows" component, I don't know what created it, but I don't think there is any way to restore it, and I doub't you will have any call for it.
On the .dl entry
What you need to do is run regedit and click on
+ HKEy_Classes_Root
Then scroll down to the 'd' entries look for
.dl
I can show you an attached picture, but you will not see that entry, just .dll which you do NOT want to delete.
.dl (with one L) should be right next to it. It may look like this:
.dl_
Possibly the underline was not displayed in the attached text copy of the startup log, but that is usually the way it is found
If you can't find it. I wouldn't worry too much about it. Legitimate programs will sometimes place that as a part of the install process for their dlls but not really use it after the install.
On the .dl entry
What you need to do is run regedit and click on
+ HKEy_Classes_Root
Then scroll down to the 'd' entries look for
.dl
I can show you an attached picture, but you will not see that entry, just .dll which you do NOT want to delete.
.dl (with one L) should be right next to it. It may look like this:
.dl_
Possibly the underline was not displayed in the attached text copy of the startup log, but that is usually the way it is found
If you can't find it. I wouldn't worry too much about it. Legitimate programs will sometimes place that as a part of the install process for their dlls but not really use it after the install.
Attachments
- Joined
- Dec 9, 2000
- Messages
- 45,855
LOL, I don't know, but it sure sounds that way. I would just delete them in the normal manner and empty your recycle bin afterwards or they will show up there in the next scan.
- Joined
- Dec 9, 2000
- Messages
- 45,855
Doesn't Norton place these things in a special Quarantine folder when it finds them?
What happens when you enter c:\incinerate in your address bar?
Did you rename your recycle bin "incinerate" ?
What happens when you enter c:\incinerate in your address bar?
Did you rename your recycle bin "incinerate" ?
- Status
Users Who Are Viewing This Thread (Users: 0, Guests: 1)
As Seen On
Welcome to Tech Support Guy!
Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.
If you're not already familiar with forums, watch our Welcome Guide to get started.
Join over 807,865 other people just like you!
