Spyware, Viruses, & Security forum

General discussion

Can someone help me?

F-Secure found a virus this evening on my PC. I am surprised that McAfee did not stop it or find it for that matter.

This is what F-Secure found. It did not remove the virus.
Result: 2 malware found
W32/DLoader.DAJD (virus)
C:\WINDOWS\DOWNLOADED PROGRAM FILES\POPCAPLOADER.DLL (Submitted)
C:\PROGRAM FILES\HIJACKTHIS\BACKUPS\BACKUP-20070516-170641-360.DLL (Submitted)

--------------------------------------------------------------------------------

Statistics
Scanned:
Files: 45061
System: 5803
Not scanned: 17
Actions:
Disinfected: 0
Renamed: 0
Deleted: 0
None: 2
Submitted: 2


Windows XP
Dell Dimension 9150

Please can someone help me? Many strange things happening to my PC.

Thanks

Discussion is locked
You are posting a reply to: Can someone help me?
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: Can someone help me?
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Airmiles

In reply to: Can someone help me?

Collapse -
The PopCap Loader Is an Active-X Control Used...

In reply to: Can someone help me?

to load and play PopCap Games >>ON LINE<<. It also is effectively a piece of Adware and is involved with which company gets the commissions IF you should purchase one of their games.
I have my Spybot disable it while not actually removing (deleting)in case I should want to go their site again(unlikely). In passing even their CDs pop-up ad for other games of theirs.

Personally ... I strongly favor buying the CD rather than the online download. Mine arrived,by mail, in 3 days. I have found their games often need re-loading from CD to correct what seems to accumulating corruption(errors).Usually every 5 or 6 months. Too much trouble to keep downloading and should they ever go off line or change address...or your HD die... you're beat unless you've kept back-up copies of lic. etc separate or on paper.

That it found the file in HJT Backups but not on main service means you've removed something previously and HJT has kept copy in case you run into trouble and have to put it back.

Google search & at Bleeping Computers returned no results for the 360.dll (possibly a typo?). I does call to mind a rather nasty bunch (IMHO) called :"360 Solutions". recognized by many anti- AV/Spy/Adware programs. Have you had them in the past (specifically around/before May 16th/07?).

I don't know about the downloader trojan/virus but if it didn't bring down a host of baddies, it wasn't doing it's job!! I would have expected at least 5 or 6 infections from it unless it was caught & rendered harmless as soon as it landed.

Hope this is of some help. Happy

Collapse -
Thx tobeach

In reply to: The PopCap Loader Is an Active-X Control Used...

I understood some of what you wrote tobeach. So basically you are saying that I got that poploader from playing games online. But it not a virus then as such??

Collapse -
Airmiles

In reply to: Can someone help me?

You are better off keeping questions in the forums this way everyone can benefit.

You don't have to turn off system restore while in safe mode.The reason for disabling SR is to flush it of old points as to rid it of infections.Point being,you have the option.

Tom

Collapse -
the popcapuploader.dll file

In reply to: Can someone help me?

yeah, I also had that file and was detected too. Seems that popcap has a few pieces of adware/viruses up its sleeve

Collapse -
Airmiles.. I would suggest..

In reply to: Can someone help me?

sticking with the forum, where you originally posted your HJT log on August 18th. Having seen your log/s, they would have more insight into your problems. Stick with them. I'm sure you'll eventually get it worked out.

Best of luck..
Carol

Collapse -
Thanks, however...

In reply to: Airmiles.. I would suggest..

Carol they have not helped me since I put that there. I have had to rely on some people here to help me.

Collapse -
F-Secure

In reply to: Thanks, however...

This is what F-Secure found..

F-Secure Malware Information Pages: Trojan-Downloader:W32/VB.AXS

Name : Trojan-Downloader:W32/VB.AXS
Alias: Trojan.Downloader.VB.VCP, W32/DLoader.CWBX, Trojan-Downloader.Win32.VB.axs, TROJ_VB.DQG, Win32/TrojanDownloader.VB.AXS
Type: Trojan-Downloader
Category: Malware
Platform: W32




Summary
This is a Visual Basic trojan-downloader that downloads and executes a Renos variant.

Renos shows fake security warnings that can be quite annoying.

Collapse -
OK

In reply to: F-Secure

Collapse -
Sorry

In reply to: OK

I am new to this website and I am sorry I am not sure how it all works just yet.

Collapse -
Re: OK

In reply to: OK

P.S. When you send someone an e-mail and don't have your e-mail button in your profile how can one respond?

Tom,

As stated in CNET forums & TalkBack usage policies:

...... All queries are answered in the forums and not answered by email, so that everyone can benefit from the replies and its content.

More here: http://forums.cnet.com/4520-6035-6656401.html?tag=dir.forum
Collapse -
No kidding

In reply to: Re: OK

Collapse -
Re: No kidding

In reply to: No kidding

I don't want to know IF and how many times you point this out. Point is:

Your: P.S. When you send someone an e-mail and don't have your e-mail button in your profile how can one respond? Written here: http://forums.cnet.com/5208-6132_102-0.html?forumID=32&threadID=260985&messageID=2567555#2567555

let me to BELIEVE you received an e-mail from Airmiles and you wanted to respond but he\she didn't give you an e-mail addy.

Why would you otherwise put THAT sentence in a reply?

The CNet policies are CLEAR.

Collapse -
OK

In reply to: Re: No kidding

"an e-mail from Airmiles and you wanted to respond but he\she didn't give you an e-mail addy."

I did want to respond in order to explain the policy and benefit of discussions in the forums like I always do.I was pointing out to the member without a e-mail button how than can one respond.

Members are allowed to respond via e-mail to eath other about non-forum issues,But my reasoning was as stated above.

You read the other posts I made,but not the one that would have explained this.

You are talking to me as if I'm new here and don't know the e-mail policy.

Collapse -
geez......

In reply to: OK

You are talking to me as if I'm new here and don't know the e-mail policy.

I can NOT prove what you intended to write in a private e-mail and once again the CNet policy is clear. We are ALL here to help at the forum as best as we can.
Collapse -
It can be proven ...

In reply to: geez......

Collapse -
It is getting "way off"......

In reply to: It can be proven ...

How about the benefit of doubt with my years of good standing in these forums helping,or at least trying to help.

Well, I would agree with the latter part of that sentence: "at least trying to help"

It is getting "way off" why I replied to your "o.k." reply.
Collapse -
OK

In reply to: It is getting "way off"......

So now it reverts to insults

Collapse -
Re: OK by tomron - 8/22/07 9:01 AM

In reply to: Re: OK

So now it reverts to insults

Is telling the TRUTH an "insult" ?

As I already mentioned - this thread is WAY OFF topic !
Pls. stop "turning and twisting" it does not make sense to me.
Collapse -
Popcaploader.dll For Yahoo Games...

In reply to: Can someone help me?

I found this reply:

t is a legal adware called PopCap Loader from PopCap Games company. It is a Web plug-in that provides Web update features. You should be able to easily remove it by eliminating the file from the location where it's been detected and by cleaning out the registry files as indicated in the link below. It is "adware" but is required to run various games on Yahoo and a few other sites. It will be reinstalled the next time you run the games.

http://www.trendmicro.com/vinfo/grayware/ve_graywareDetails.asp?GNAME=ADW%5FPOP%2EA

Hope this helps.

Grif


here:

http://forums.cnet.com/5208-6121_102-0.html?forumID=45&threadID=177509&messageID=1947889

Popular Forums

icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

SMART HOME

This one tip will help you sleep better tonight

A few seconds are all you need to get a better night's rest.