auggybendoggy March 30, 2005 Share auggybendoggy Member March 30, 2005 Guys, I was checking my norton spam email to make sure there were no good emails and i clicked on one cause it looked legit and as soon as I did Norton popped up and said "Virus detected: cannot delete". The window would not go away so I clicked back on outlook and selected all and delted and then the norton alert said a diff file name by a series of numbers... what I mean is it said the first time wqr(12).ani then i licked ok then the window came back immediatley saying wqr(13).ani and it did this for about 5-6 times then it stopped. I went to symantecs sight and it said if 2005 cannot delete the moo file it's probably because windows was using it. Makes sesne since I was using the email and the location of the file was C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\Y9HA3ULW\wqr[12].ani Click for more information about this threat : Trojan.Moo its in the temp internet folder so it may have come from the spam. but i never told it to quarantine or delete anything so I'm afraid it's still present. I did a system scan and NOTHIN! I searched the foler listed above y98... and the wqr files are not there. Am I safe or should I WIPE!!!! help Auggy Link to comment Share on other sites More sharing options...
Acid-Flux March 30, 2005 Share Acid-Flux Member March 30, 2005 dont threat. first if you cant just manualy delete the file, hit up http://housecall.trendmicro.com/ try their scan, sometimes they can delete / quarintine what norton cant. Link to comment Share on other sites More sharing options...
Acid-Flux March 30, 2005 Share Acid-Flux Member March 30, 2005 PS. http://esd.element5.com/publisher/50364/pr...trojan.moo.html ^^ read that and included in it is the removal instructions. let us know how it goes Link to comment Share on other sites More sharing options...
auggybendoggy March 30, 2005 Author Share auggybendoggy Member March 30, 2005 ok guys i got nothign from either NAV or the link to techworld or what ever it was called. So no trace of it is found. I feel a bit uneasy having a web store and stuff like that. I think I outta wipe and reinstall. The good news is I have a 20g partition that with an image of this main partition to just rebuild MOST of it in about 10 minutes. No installing cause it's already done. But I'll lose some stuff and I'll have to reinstall a few things What do you guys think? Aug Link to comment Share on other sites More sharing options...
Acid-Flux March 30, 2005 Share Acid-Flux Member March 30, 2005 dont wipe.. did you try that housecall? i use that one all the time. it always finds the problmes. and did you also check out the page i posted? that is the removal instructions. Link to comment Share on other sites More sharing options...
Guest zerodamage March 30, 2005 Share Guest zerodamage Guests March 30, 2005 do the housecall and use the second link. It is beta but more up to date. Link to comment Share on other sites More sharing options...
auggybendoggy March 30, 2005 Author Share auggybendoggy Member March 30, 2005 the housecall is scanning now but my fatherinlaw stopped it so i had to restart it. as for the removal page from symantec i tried it all but it cant detect the infected files wqr(xx).ani so removal is imposs i cant locate this file either. some forums suggest it's already piggy backed on other exe's. Aug ill let you knwo what housecalls does. Link to comment Share on other sites More sharing options...
Guest zerodamage March 30, 2005 Share Guest zerodamage Guests March 30, 2005 If you have a backup image on another partition. I just say go with that (back up my documents first of course) and save yourself the headache over all. You will never have peace of mind and will always wonder what is going on that you do not know about. Link to comment Share on other sites More sharing options...
Acid-Flux March 30, 2005 Share Acid-Flux Member March 30, 2005 this is why i keep all my docs on one partition and winblows on another Link to comment Share on other sites More sharing options...
auggybendoggy March 30, 2005 Author Share auggybendoggy Member March 30, 2005 flux, i do too. I've got a 200gb ide for my docs and a 80gb c split into 2 parts. the second part has the virtual backup I'm favoring the idea to reinstall the virtual partition Aug Link to comment Share on other sites More sharing options...
Acid-Flux March 30, 2005 Share Acid-Flux Member March 30, 2005 (edited) well if you feel that the virus scanner isnt doing it's job. reinstall everything. only takes like a hr, then another hr for CS if you dont have the cd, and if you dont, make a backup of it (there is a option in steam) that is what I did and burt it on dvd. as ZD said, it's just peace of mind. ps. seeing as you use norton, have you ever thought about using ghost? Edited March 30, 2005 by Acid-Flux Link to comment Share on other sites More sharing options...
appalachian_fox March 30, 2005 Share appalachian_fox Member March 30, 2005 Images are great. IF you're really uncomfortable, I'd say the time spent backing up the data that aren't imaged and reinstalling the few programs you need to are well invested for peace of mind, especially since images restore soooo fast...just my two cents. If there's no evidence, it's most likely not necessary...but definitely worth the peace of mind. Imagined stress can be worse than actual stress. Link to comment Share on other sites More sharing options...
dwEEziL March 30, 2005 Share dwEEziL Member March 30, 2005 If your Norton detected it (as you said it did), then you should be fine. Norton would not detect a file as a virus and still let you execute it unless you disabled Norton first. Secondly, the reason it was in your "Temporary Internet Files" directory is because the e-mail was formated in HTML, thus it uses the Internet cache to store the files as it generates the HTML document. No surprise there. Third, whatever e-mail client you use, set it to ALWAYS read mail in plain text. This will help prevent this happening again in the future. Link to comment Share on other sites More sharing options...
auggybendoggy March 31, 2005 Author Share auggybendoggy Member March 31, 2005 dweez, i figured on point 2 but thanks for the tip on 3 that is very helpful and I will do that immediatley. aug Link to comment Share on other sites More sharing options...
auggybendoggy March 31, 2005 Author Share auggybendoggy Member March 31, 2005 i cant seem to turn off the html view for incoming mail in outlook Link to comment Share on other sites More sharing options...
Preacher March 31, 2005 Share Preacher Member March 31, 2005 OUTLOOK? Are you insane lol. Every Virus author out there targets outlook as a mode of transferance. Use a third party one like mozilla. Also if Norton detected it, it was probably deleted on your reboot so I would rerun Norton and if it doesn't come up againg just breath a sigh of relief. If it does scrub the system and reimage. Disclaimer: Following my advice may result in your head blowing clean off! Link to comment Share on other sites More sharing options...
dwEEziL March 31, 2005 Share dwEEziL Member March 31, 2005 Auggy, what version of Outlook? Outlook XP, Outlook 2003, Outlook Express? I use Outlook as well and I should be able to tell you how to set it. Link to comment Share on other sites More sharing options...
auggybendoggy April 1, 2005 Author Share auggybendoggy Member April 1, 2005 outlook 2000 dweez Link to comment Share on other sites More sharing options...
Wolfsblood April 3, 2005 Share Wolfsblood Member April 3, 2005 Better yet, use Eudora. Been using it for 10 years, and had no problems with it. Link to comment Share on other sites More sharing options...
Acid-Flux April 4, 2005 Share Acid-Flux Member April 4, 2005 Doesnt anyone use Thunderbird? Link to comment Share on other sites More sharing options...
Wolfsblood April 5, 2005 Share Wolfsblood Member April 5, 2005 I used it briefly, but disliked it. Way too much like OE. I didn't like the interface, and since I'm forced to use Outlook at work (boss doesn't know enough about computers to know there are better alternatives, and I get pulled away from my regular work enough as it is to take the time to train him how to use a different program) I don't even want Outlook, or OE installed here at home. My personal take on TB was that it was ugly, and clunky to use. Maybe that's due to me having used Eudora for the last 10 years or so. Link to comment Share on other sites More sharing options...
dwEEziL April 5, 2005 Share dwEEziL Member April 5, 2005 Auggy, ok, there is no default built-in functionality for Outlook 2000 to automatically read mail in plain text but Russ Cooper, moderator for the NTBugtraq listserv created a COM add-in that does it. It can be a bit quirky at times but it is better than nothing. Now, this add-in does not just display the mail in plain text, it actually converts it to plain text as it displays it. This means, any special formatting is lost forever. For me, I didn't care. I'd rather lose a little bit now and then (mostly, I lost the ability to click on a link...it displayed it as just text and not a hyperlink so I had to copy and paste into a browser) to have more piece of mind with my Outlook Security. http://www.ntbugtraq.com/default.aspx?pid=...F=N&H=0&O=D&T=0 You might also want to read some of the links here for other quirks regarding the NoHTML COM add-in. http://www.ntbugtraq.com/default.aspx?pid=...tml&s=&f=&a=&b= Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now