steve1368 Posted June 29, 2005 Share Posted June 29, 2005 Did my regular scanning with online trend micro virus scan, then with avast. Nothing surfaced, all OK. Then scanned with a squared. Got 2 items as malware. Filename: C:\WINDOWS\system32\AS-Exp2.ocx C:\WINDOWS\system32\AS-IFce1.ocx Diagnosis: Backdoor.MSWord.Nutshell Backdoor.MSWord.Nutshell This time I didn't delete anything [ if you remember,I had a bad experience b4, http://forum.CCleaner.com/index.php?showtopic=1426&hl= ] Wondering if those are false positives. Cheers Link to comment Share on other sites More sharing options...
Moderators rridgely Posted June 29, 2005 Moderators Share Posted June 29, 2005 I believe that those are trojans. Try a scan with ewido to see if it finds them as well. http://www.ewido.net/en/ Wait to see what Tarun or DjLizard say but I personally would remove those. If ewido finds them than I would deffinately remove them. Also remember to update ewido before you scan with it. Link to comment Share on other sites More sharing options...
Tarun Posted June 29, 2005 Share Posted June 29, 2005 Upload them to here: http://virusscan.jotti.org/ Link to comment Share on other sites More sharing options...
steve1368 Posted June 30, 2005 Author Share Posted June 30, 2005 Upload them to here: http://virusscan.jotti.org/ <{POST_SNAPBACK}> Did that last night, no virus indicated. Steve Link to comment Share on other sites More sharing options...
steve1368 Posted June 30, 2005 Author Share Posted June 30, 2005 I believe that those are trojans. Try a scan with ewido to see if it finds them as well. http://www.ewido.net/en/ Wait to see what Tarun or DjLizard say but I personally would remove those. If ewido finds them than I would deffinately remove them. Also remember to update ewido before you scan with it. <{POST_SNAPBACK}> Will try that tonite.Thanks Link to comment Share on other sites More sharing options...
Moderators rridgely Posted June 30, 2005 Moderators Share Posted June 30, 2005 Did you see This that trojan is the most popular detection of a2 for the past three days. It's been known for a while that their were vulnerabilities in word. Let us know if ewido finds the infections as well. If not I bet it's a new infection that will be added to the rest of the scanners soon. Though you never know it could be a false positive. I dought that it is I'm sure we will probably here more about that trojan soon. Good luck . Link to comment Share on other sites More sharing options...
steve1368 Posted June 30, 2005 Author Share Posted June 30, 2005 I believe that those are trojans. Try a scan with ewido to see if it finds them as well. http://www.ewido.net/en/ Wait to see what Tarun or DjLizard say but I personally would remove those. If ewido finds them than I would deffinately remove them. Also remember to update ewido before you scan with it. <{POST_SNAPBACK}> Did that, nothing found Upload them to here: http://virusscan.jotti.org/ <{POST_SNAPBACK}> Did it again for the 2nd time , nothing found. I scanned again with a squared this evening. Guess...this time nothing found. I'm truly puzzled. The only thing I did last nite was to run my regular Tarun's anti-malware package, that's it, nothing else. Now, nothing found with a squared. I'm delighted but also very puzzled, how "backdoor" can just disappear ? Anybody has any clue ? Steve Link to comment Share on other sites More sharing options...
Moderators rridgely Posted June 30, 2005 Moderators Share Posted June 30, 2005 Since you know where the infected files are look for them manually maybe they were deleated by the malware scanners you ran. Do you have an AV with an active scanner maybe that deleated it. Link to comment Share on other sites More sharing options...
DjLizard Posted June 30, 2005 Share Posted June 30, 2005 deleted, not deleated. Click here if CCleaner Issues are re-appearing DjLizard.net DjLizard.net wiki Dial-a-fix Dial-a-fix tips DjLizard.net software support forum Do you live in Bradenton, Sarasota, Tampa, or St. Petersburg, Florida? Visit Digital Doctors where I work Link to comment Share on other sites More sharing options...
Moderators Andavari Posted June 30, 2005 Moderators Share Posted June 30, 2005 I'm delighted but also very puzzled, how "backdoor" can just disappear ? <{POST_SNAPBACK}> Suppose if it's at all sophisticated enough to know it's being scanned it may "deactivate or hide" itself. Or your antivirus/antimalware may have already taken care of it since trojans, worms, etc., are usually automatically deleted since they aren't necessary executibles. Link to comment Share on other sites More sharing options...
steve1368 Posted July 1, 2005 Author Share Posted July 1, 2005 Since you know where the infected files are look for them manually maybe they were deleated by the malware scanners you ran. Do you have an AV with an active scanner maybe that deleated it. <{POST_SNAPBACK}> Suppose if it's at all sophisticated enough to know it's being scanned it may "deactivate or hide" itself. Or your antivirus/antimalware may have already taken care of it since trojans, worms, etc., are usually automatically deleted since they aren't necessary executibles. <{POST_SNAPBACK}> Did a manual check , both files still there. I have avast home resident scanner, msas & outpost pro running all the time. Is there anyway to check further to be really sure, or should I just post here my current HJT log for analysis. Link to comment Share on other sites More sharing options...
Moderators rridgely Posted July 1, 2005 Moderators Share Posted July 1, 2005 It couldnt hurt to post a HJT log. Try this: refind the infected files then right click on them and choose to scan them with Avast see if it detects them as malware. Link to comment Share on other sites More sharing options...
steve1368 Posted July 1, 2005 Author Share Posted July 1, 2005 It couldnt hurt to post a HJT log. Try this: refind the infected files then right click on them and choose to scan them with Avast see if it detects them as malware. <{POST_SNAPBACK}> Did that with avast & ewido.....nothing I'll post my new hijack this log in a new topic. Hopefully nothing nasty. Thanks Link to comment Share on other sites More sharing options...
milutzu_k Posted July 12, 2005 Share Posted July 12, 2005 Hi all. About AS-IFce1.ocx I have nothing to say, but I know that AS-Exp2.ocx is an ActiveX control I have used in my VB6 projects. Unfortunately I lost it so I've no GUID to compare. If I'll find anything I'll be back. In my opinion u don't have to be worried about them. Link to comment Share on other sites More sharing options...
milutzu_k Posted July 12, 2005 Share Posted July 12, 2005 So... as-exp2.ocx - Ariad Explorer Controls as-ifce1.ocx - Ariad Interface Components Ariad components was made by Cyotek which was taken by Innovasys. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now