1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

deaday.exe

Discussion in 'Virus & Other Malware Removal' started by casper03, Nov 28, 2001.

Thread Status:
Not open for further replies.
Advertisement
  1. casper03

    casper03 Thread Starter

    Joined:
    Nov 25, 2001
    Messages:
    272
    I just found this while looking in my windows folder:

    1. does anyone know what kind of virus it is ?

    2. why did my norton anti virus not pick it up sooner ?

    3. i have deleted it now is there anything else i need to do ?
     
  2. Rollin' Rog

    Rollin' Rog

    Joined:
    Dec 9, 2000
    Messages:
    45,855
    That's the name of the infected file, but not the virus. What virus did Norton say it was?

    The file itself doesn't seem to belong to anything.
     
  3. casper03

    casper03 Thread Starter

    Joined:
    Nov 25, 2001
    Messages:
    272
    THANK'S for replying,

    it was something like javakiller or words to that effect
    i know that probably aint much help.

    i have since stopped norton from just scanning program files
    and found seven other viruses in there all the same as the first
    one in the they were all called javakiller ???

    but i have bigger problems now i think i found a trojan called
    backdoor trojan. Norton can not seem to do anything with it
    it won't repair quarantine or delete it.

    it does say that i should delete this file and replace it with a new one nut when i try to locate the file i can't seem to find it the only info i could copy from norton was this:

    The file \Device\Harddisk0\Partition1\WINDOWS\system\winload.exe in compressed file C:\UNDO\BACKUP.CAB.


    please help as im totaly in a panic now
     
  4. Rollin' Rog

    Rollin' Rog

    Joined:
    Dec 9, 2000
    Messages:
    45,855
    Download and unzip the rx-pack from the site below to a convenient folder.

    Run the Startuplog.com file. It will place a Startuplog.txt file on the desktop. Copy the full text and paste it to your next reply. The stubbpaths.txt is not needed.

    If as a result of running Norton or any other action you have problems running exe files (which can happen after trojan cleaning), run the exefix08 file which is a part of the rx-pack.

    http://home.earthlink.net/~rmbox/Reticulated/Toys.html


    http://securityresponse.symantec.com/avcenter/venc/data/w32.javakiller.trojan.html

    Also, there are many "backdoor" trojans, if Norton identified it, give the exact name.

    I think you probably don't have to worry about this if it was all Norton found of the "backdoor trojan" -- it was not executed but somehow got placed in a backup cab archive.

    The file \Device\Harddisk0\Partition1\WINDOWS\system\winloa
    d.exe in compressed file C:\UNDO\BACKUP.CAB.

    Had you run something like Partition magic, maybe a "cracked" version? I would just delete the backup.cab file which contains winload.exe, the trojan. Or if you feel that cab is something you need to preserve, you can try unzipping it and deleting winload.exe -- just be careful not to run it.
     
  5. casper03

    casper03 Thread Starter

    Joined:
    Nov 25, 2001
    Messages:
    272
    in your reply you said:

    I would just delete the backup.cab file which contains winload.exe, the trojan. Or if you feel that cab is something you need to preserve, you can try unzipping it and deleting winload.exe -- just be careful not to run it.

    Can you tell me how to locate this file as i have tried to do a search for the undo folder and i cant seem to find it. i have
    even told windows to show hidden files and folders.

    but i still cant find it
     
  6. casper03

    casper03 Thread Starter

    Joined:
    Nov 25, 2001
    Messages:
    272
    HERE IS THE OTHER INFO YOU ASKED FOR:
     

    Attached Files:

  7. Rollin' Rog

    Rollin' Rog

    Joined:
    Dec 9, 2000
    Messages:
    45,855
    I don't see any evidence of javakiller there. Did you follow the instructions on the symantec link, or did Norton clean it? You might want to check the registry for the mirc keys indicated, they wouldn't come up on the startup log.

    @="exefile" (.dl trojan executable file - RegPath = HKCR\.dl

    Also if you run regedit and look at the Hkey Current Root key you should find an entry for

    .dl Note the one L; you do not want to delete .dll

    This is something that can be exploited by trojans and should be deleted. (right click, delete)

    For the mysterious folder, if you enter:

    c:\undo

    in your address bar, it should come up if it is there.

    Does Norton have it in a "quarantine" folder?

    Are you scanning clean now, other than that?
     
  8. casper03

    casper03 Thread Starter

    Joined:
    Nov 25, 2001
    Messages:
    272
    Thanks again for the response.

    i have followed all the instructions on the pages you linked to
    for dealing with the javakiller virus. and i think that has been
    taken care of.

    in relation to the winload .exe i have completely deleted the
    C:\undo\backup.cab file, is there any more i need do im checking
    with norton again at the moment to see if my c drive comes up clean this time.

    i will post again to let you know.

    I have one further question do i need to replace the backup file
    and if so how?
     
  9. casper03

    casper03 Thread Starter

    Joined:
    Nov 25, 2001
    Messages:
    272
    also im sorry but call me thick i did not understand the part of your post that went as follows:

    @="exefile" (.dl trojan executable file - RegPath = HKCR\.dl

    Also if you run regedit and look at the Hkey Current Root key you should find an entry for

    .dl Note the one L; you do not want to delete .dll


    i ran regedit but was unable to find that particular location
    if possible could you please explain it a little more as you are
    dealing with a bit of a idiot when it comes to regedit
     
  10. casper03

    casper03 Thread Starter

    Joined:
    Nov 25, 2001
    Messages:
    272
    OOPS!?

    still running norton but it now says i have two backdoor viruses
    in C:\incinerate c1.cab and C:\ incinerate c2.cab is this because i used system mechanics incinerator to get rid of the back up cab file and will i now have to delete those also through recycle bin ?
     
  11. Rollin' Rog

    Rollin' Rog

    Joined:
    Dec 9, 2000
    Messages:
    45,855
    About the backup file, It is not a "Windows" component, I don't know what created it, but I don't think there is any way to restore it, and I doub't you will have any call for it.

    On the .dl entry

    What you need to do is run regedit and click on

    + HKEy_Classes_Root

    Then scroll down to the 'd' entries look for

    .dl

    I can show you an attached picture, but you will not see that entry, just .dll which you do NOT want to delete.

    .dl (with one L) should be right next to it. It may look like this:

    .dl_

    Possibly the underline was not displayed in the attached text copy of the startup log, but that is usually the way it is found

    If you can't find it. I wouldn't worry too much about it. Legitimate programs will sometimes place that as a part of the install process for their dlls but not really use it after the install.
     

    Attached Files:

    • ,dl.jpg
      ,dl.jpg
      File size:
      30.7 KB
      Views:
      33
  12. Rollin' Rog

    Rollin' Rog

    Joined:
    Dec 9, 2000
    Messages:
    45,855
    LOL, I don't know, but it sure sounds that way. I would just delete them in the normal manner and empty your recycle bin afterwards or they will show up there in the next scan.
     
  13. casper03

    casper03 Thread Starter

    Joined:
    Nov 25, 2001
    Messages:
    272
    hey guess what ?

    now i cant find the incinerate file either.

    it says in norton reports:
    C:\INCINERATE\C2.CAB is infected with backdoor.trojan this cannot be deleted.

    it also says the same for C:\INCINERATE\C1.CAB
     
  14. Rollin' Rog

    Rollin' Rog

    Joined:
    Dec 9, 2000
    Messages:
    45,855
    Doesn't Norton place these things in a special Quarantine folder when it finds them?

    What happens when you enter c:\incinerate in your address bar?

    Did you rename your recycle bin "incinerate" ?
     
  15. casper03

    casper03 Thread Starter

    Joined:
    Nov 25, 2001
    Messages:
    272
    Norton can't repair quarantine or delete these files :

    my comp takes me to the system mechanic incinerator bin:

    NO !
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/59973

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice