Downloader.VB.EC

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance

From: Trafton (traftonofjj2SPAM_at_yahoo.com)
Date: 04/12/04

  • Next message: Trafton: "bridge.exe virus" 
    Date: Mon, 12 Apr 2004 10:32:57 -0700

    Here is a post that probably will help. I have edited out
    some rambling and obsceneties:

    "I had to remove them myself. I found the following
    files, which were not
    detected by the most recent updates for Spybot S&D, and
    were also not
    immunized against by the most recent updates for
    SpywareBlaster.

    pup.exe
    over.exe
    7vgav.exe
    indstrf.exe

    All of them list in the properties as being registered to
    Tmax corp,
    which is an ad-firm in England. [...]

    Here's what I had to do. I found pup.exe and over.exe in
    my program
    files. I deleted them. I found 7vgav.exe and indstrf.exe
    in my
    c:\windows\system32 folder. I deleted them as well. NOTE:
    In order to
    delete those two files, you have to do ctrl/alt/del and
    go to the
    processes tab. You will see both processes running,
    7vgave.exe and
    indstrf.exe, so right-click on them and click "end
    process." If you
    don't do that, you'll get an error about them being in
    use when you try
    to delete them. After ending the process, you can delete
    them no
    problem.

    I also went into my registry to the following location:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersi
    on\Run

    The registry keys located there show you what programs
    are being run
    when you boot your system. You will see keys for both
    7vgav and
    indstrf, so right-click them and delete them.

    After that, I rebooted my pc and rechecked everything.
    Nothing had come
    back, so I think I got it all. My browser isn't giving me
    pop-up ads
    anymore either. I searched the registry for both pup.exe
    and over.exe
    but didn't find any of them. I think I'm clean now.

    [...]"

    If that does not solve your problem, feel free to repost.

    Sincerely,
    Benjamin Johnstone-Anderson
    Microsoft "MVP" - Windows Security
    Remove "SPAM" from email address to reply!
    Security Manifest: www.msmvps.com/trafton/

    >-----Original Message-----
    >Even though I have AVG running and a firewall I have
    >managed to contract the Trojan horse: Downloader.VB.EC
    >Can anyone help me get rid of it. It is residing in
    >C:windows.pup.exe it gets detected then removed but
    >pops back up as soon as I try to use windows media
    >player. I have also tried A2 (squared) but alas to no
    >avail.
    >
    >Regards
    >
    >K
    >.
    >

  • Next message: Trafton: "bridge.exe virus"

    Relevant Pages

    • Solutions to Office Update Error Messages!
      ... enabling me to download updates manually but that is no help if you cannot ... the registry but this did resolve the issue. ... To resolve the issue, we need to manually delete all the ... Delete the following registry keys if they exist: ...
      (microsoft.public.officeupdate)
    • Re: Help with slow computer
      ... I changed the registry and checked and it is now set to DMA mode. ... started after I downloaded a Windows or HP update. ... HP updates you are talking about. ... make sure you only install critical updates. ...
      (microsoft.public.windowsxp.help_and_support)
    • Re: Continuous hard disk activity - Please help...getting crazy!
      ... I use AVG and ZoneAlarm too..;>)) ... I don't think I have Google desktop pre-installed. ... Do I have to clean the registry after that? ... I have actually 68 processes running but my knowledge doesn't allow me ...
      (alt.sys.pc-clone.dell)
    • Re: Sharing folders in Windows CE 5.0
      ... First you do not need the Remote Registry Editor or the RemoteAdmin ... see the LICENSE.RTF on your install media or the root of your ... work unless all previous Platform Builder updates have been ...
      (microsoft.public.windowsce.embedded)
    • Re: Updates are downloaded but fail to install
      ... At the command prompt, type the following command, and then press ENTER: ... Note For a computer that is running Windows XP Professional x64 Edition, ... Start the Automatic Updates service. ... This issue most likely occurs when the following registry key or its sub key ...
      (microsoft.public.windowsupdate)