Trojan installed by downloading from Uniden

Status
Not open for further replies.

rescue161

KE4FHH
Database Admin
Joined
Jun 5, 2002
Messages
3,633
Location
Hubert, NC
Just thought I'd have a look at Unidens new BCD996T software. Well, I just clicked the "download" button and bam, I got this:

Scan type: Realtime Protection Scan
Event: Virus Found!
Virus name: Trojan.Galapoper.A
File: C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\S5OPIR8X\BCD996T_UASD_v1[1].0.10.4.exe
Location: C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\S5OPIR8X
Computer: MUFFIN
User: Scott
Action taken: Clean failed : Quarantine failed : Access denied
Date found: Sunday, May 21, 2006 2:43:43 PM


I still haven't even started the download process, because the Open/Save/Cancel window is still present. Anyone else have any problems like this?
 
Last edited:

jimyleg

Member
Joined
Jul 22, 2005
Messages
773
Location
Milyway
There exists a tool called hijackthis which is a tool created to remove trojans. It's availeble every where and is easy to get on google.
 

MacombMonitor

Member
Joined
May 18, 2005
Messages
3,551
It may be a "False Positive", meaning that your anti-virus software thinks it's infected. I'm not saying this is what's happening, but it's possible.

What anti-virus software are you running?
 

Bill2k

Member
Joined
Jan 1, 2006
Messages
278
Location
New Hampshire
MUFFIN!!! You named your computer MUFFIN! Muffin is the name little old ladies give their little tiny chiwawas.

Just kidding, I named my computer fluffy ;)
 

maalox

Member
Joined
Jan 21, 2006
Messages
765
Location
n y c
rescue161 said:
Just thought I'd have a look at Unidens new BCD996T software. Well, I just clicked the "download" button and bam, I got this:

Scan type: Realtime Protection Scan
Event: Virus Found!
Virus name: Trojan.Galapoper.A
File: C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\S5OPIR8X\BCD996T_UASD_v1[1].0.10.4.exe
Location: C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\S5OPIR8X
Computer: MUFFIN
User: Scott
Action taken: Clean failed : Quarantine failed : Access denied
Date found: Sunday, May 21, 2006 2:43:43 PM

l
I still haven't even started the download process, because the Open/Save/Cancel window is still present. Anyone else have any problems like this?
hi you installed a condom for down loading. just kidding lol
 

rescue161

KE4FHH
Database Admin
Joined
Jun 5, 2002
Messages
3,633
Location
Hubert, NC
I just said "the hell with it" and finished the download.

I read through their user agreement and it said something about them making sure that the software wasn't being used for other than private use, so maybe that's it.

OR, it could be that fact that I got a false positive, but who knows...

If the sh!+ hits the fan, I'll just load up a saved ghost image.

Upman, any thoughts?
 

hotdjdave

K9DJW - Senior Member
Database Admin
Joined
May 10, 2005
Messages
1,720
Location
The Valley (SFV), Los Angeles, CA
Latent Programs

Some viruses and trojans are latent. You may still have the trojan and it most probably had nothing to do with the Uniden software.

A latent virus or trojan is a program that is already on your computer, downloaded or put there at some other time. At no particular time or a predetermined time, the latent program will self install or it could be triggered by another installation to throw you off the course, making you think it is the program you are installing.

See this Microsoft article.

Use your anitvirus program and also try an online virus scanner like Trend Micro's Housecall (the makers of PC-Cillin, one of the top three consumer antivirus program makers). Also, download their free CWShredder (there is a link on the same page as Housecall). The CW problem is so prevalent that they made a special scanner and removal tool just for it. Trend Micro's statement about CWShredder:
Trend Micro CWShredder is the premier tool to find and remove traces of CoolWebSearch – the name for a wide range of insidious browser hijackers– from your PC.

CWShredder removes these browser hijackers. CoolWebSearch installs dozens of bookmarks–mostly to porn Web sites–on your desktop, changes your home page without asking, and continually changes it back if you attempt to correct it. Furthermore, it significantly slows down the performance of your PC, and introduces modifications which cause Microsoft Windows™ to freeze, crash or randomly reboot.

 
Last edited:

Andruw

Member
Joined
Apr 8, 2006
Messages
74
Location
Marlow, OK
I would get hijackthis if I were you, it is a very good program, it helped me a lot when I had Windows
 

rescue161

KE4FHH
Database Admin
Joined
Jun 5, 2002
Messages
3,633
Location
Hubert, NC
Hijackthis and housecall showed nothing out of whack.

I just re-ghosted this machine, so I know everything is fine. Just wondering why my anti-virus software showed warnings.
 

hiegtx

Mentor
Premium Subscriber
Joined
May 8, 2004
Messages
11,169
Location
Dallas, TX
rescue161 said:
Hijackthis and housecall showed nothing out of whack.

I just re-ghosted this machine, so I know everything is fine. Just wondering why my anti-virus software showed warnings.
Several possibilities.

The fact that neither Hijack This or House Call found a problem could mean either it was, indeed, a false positive, or perhaps your antivirus prevented the infrection.

Since others have tried a download, with no problem, from Uniden, there is one other scenario. Your signature shows you to be in Rota, Spain, so the download would go through several servers along the way from Uniden to you. It may have picked up a hitchhiker along the way.
 

UPMan

In Memoriam
Premium Subscriber
Joined
Apr 19, 2004
Messages
13,296
Location
Arlington, TX
I've rechecked the file with Symantec and MS One Care. Neither of them report this (and our internal threat scanners aren't seeing anything, either).
 

rescue161

KE4FHH
Database Admin
Joined
Jun 5, 2002
Messages
3,633
Location
Hubert, NC
UPMan said:
I've rechecked the file with Symantec and MS One Care. Neither of them report this (and our internal threat scanners aren't seeing anything, either). What software reported this?

Symantec Antivirus Corporate Edition.
 

rescue161

KE4FHH
Database Admin
Joined
Jun 5, 2002
Messages
3,633
Location
Hubert, NC
hiegtx said:
Your signature shows you to be in Rota, Spain, so the download would go through several servers along the way from Uniden to you. It may have picked up a hitchhiker along the way.

Could be right on target!
 

MarkWestin

Member
Joined
Apr 21, 2005
Messages
659
Location
Caribou, Maine
Hello,

One of us could E-Mail the file to you. Then you could compare it with what you have (Virus Check). I downloaded a copy and checked it with Norton AntiVirus 2006 and found no problems. If you want me to E-Mail it to you, send me a PM.

Mark
 

hotdjdave

K9DJW - Senior Member
Database Admin
Joined
May 10, 2005
Messages
1,720
Location
The Valley (SFV), Los Angeles, CA
Antispyware Program

Try running any antispyware programs you might have.

Then download SpyBot Search & Destroy. It is probably one of the best you can get, free or paid. It finds more than just spyware (including trojans), too.

Go here: http://www.spybot.com/

They probably have it in the language of your choice, too.


The other antispyware program I recommend is Weebroot's SpySweeper. You have to pay for this program, but they have a 30-day free trial.

Go here: http://www.webroot.com/


I also recommend Microsoft's antispyware program Windows Defernder, too (that is if you your are using MS Windows).

Go here: http://www.microsoft.com/athome/security/spyware/software/default.mspx


There are more good ones. I have several antispyware programs. Another good one is Lava Soft's Adaware.

The thing about antispyware programs is that most of them get most of the malware, but each one also gets maleware that the other doesn't, no you have to use more than one (or many).
 
Last edited:

hotdjdave

K9DJW - Senior Member
Database Admin
Joined
May 10, 2005
Messages
1,720
Location
The Valley (SFV), Los Angeles, CA
Last edited:
Status
Not open for further replies.
Top