Do these T-H log entries indicate a virus legacy? - Mischel Internet Security Forum

Jobs | About | Blog | Contact

Download TrojanHunter Now
Free 30-day trial!

Latest TrojanHunter Version:
TrojanHunter 5.3

Order Now
License file delivered within minutes.

Welcome, Guest. Please Login or Register.

Mar 22^nd, 2010, 7:27am

   Mischel Internet Security Forum
   TrojanHunter
   TrojanHunter Scanner (Moderators: Helena, Gavin_Coe, Magnus)
   Do these T-H log entries indicate a virus legacy?

« Previous topic | Next topic »

Pages: 1

Notify of replies

Send Topic

Author

Topic: Do these T-H log entries indicate a virus legacy? (Read 410 times)

Chris
Newbie

Posts: 2

Do these T-H log entries indicate a virus legacy?
« on: Nov 26^th, 2004, 6:46pm »

Quote

Modify

Hi,

I’m running Windows 98 and I was infected with some variant of the 'About: Blank' virus that was showing in the HKEY_LOCAL_MACHINE directories etc., and which messed with my ‘Trusted Sites’ settings and dropped Trojans & spyware & homepage-redirections every time I opened an IE browser.

I manually removed all the dubious HijackThis entries and then had help on another forum to successfully disinfect the Spy.Briss.H virus (using the ‘a2’ malware scan) and all the symptoms of the hijack appear to have ceased.

However…

When I run Trojan-Hunter version 4.0, and although it reports no Trojans as present, the scan highlights (in Red) two HKEY registry entries which I don’t understand (the first two entries on the log below) – and the guys on the Hijack site suggested I try here for clarification.

So I’d be really grateful if anyone here could tell me whether I should be worried about the following log. Thanks greatly if you can help.

Trojan-Hunter Scan Log:

Registry scan
Registry key exists: HKEY_CLASSES_ROOT\.dl (matches SubSeven.190)
Registry key exists: HKEY_CLASSES_ROOT\.dl (matches Subseven.200)
Inifile scan
No suspicious entries found
Port scan
Error: Unable to perform port check: PortChecker not initialized
Memory scan
No trojans found in memory
File scan
Error: Directory not found: A:\
Error: Directory not found: D:\
No trojan files found

Thanks again and best regards, Chris.

IP Logged

Randy_Bell
Global Moderator

TrojanHunter is the Best!

Gender:

Posts: 2883

Re: Do these T-H log entries indicate a virus lega
« Reply #1 on: Nov 29^th, 2004, 8:27am »

Quote

Modify

Perform a full scan with TH. TH is fully capable of detecting SubSeven and variants, so if a full scan comes up clean, you've nothing to worry about, although you might want to manually remove the flagged keys to get rid of the alerts. Make sure to backup your registry before editing or making changes to it. Good Luck. Wink

IP Logged

Chris
Newbie

Posts: 2

Re: Do these T-H log entries indicate a virus lega
« Reply #2 on: Nov 29^th, 2004, 9:23am »

Quote

Modify

Hi Randy –

Thanks ever so much for getting back to me with the advice.

I downloaded the newest ruleset and ran another full T-H scan. It still shows no Trojans. And I certainly have no other visible symptoms of a problem.

After all the pain and panic of the last week, I’m a bit wary of fixing anything that ‘ain’t broke’. And I have to admit that I really don’t know enough about editing the directory – other than the comforting certainty that I might destroy the entire computer by deleting the wrong entry. (I can’t even find the two entries to which the T-H scan log makes reference!) So I’m more than happy to let sleeping dogs lie, in this instance, if you think the entries are nothing more than a benign alert-nuisance that won’t cause me some future problem.

Consequently, I shan’t take any other action unless you reply to say that I’ve misunderstood you or understated your concern in any way.

And so presuming, hopefully, that you don’t need to reply, can I just say thank-you once more for taking the time to help me. Really much appreciated.

Best regards, Chris.

IP Logged