Spyware, Viruses, & Security forum

General discussion

W32/Waledac.D.gen!Eldorado

by goodswipe / May 19, 2009 2:08 PM PDT

I performed a full scan of my laptop today and this is what came up - W32/Waledac.D.gen!Eldorado. I'm assuming it's some type of Trojan? I looked all over Google and can't find anything relating directly to this virus/spyware. The actual file that is infected or is the Trojan is called install[1].exe

This file is located in the temp internet files folder - Content.IE5. I did some looking around on Google on this folder and apparently most Trojans people get are located in this folder. Is this really an IE folder? I don't use IE by the way, I use FireFox.

I'm running Windows XP Pro. Thanks folks!!

Discussion is locked
You are posting a reply to: W32/Waledac.D.gen!Eldorado
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: W32/Waledac.D.gen!Eldorado
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Give McAfee Avert Stinger a try.........
by Marianna Schmudlach / May 19, 2009 2:48 PM PDT
Collapse -
No dice....
by goodswipe / May 20, 2009 3:23 PM PDT

Thanks for the link, but unfortunately the program didn't work. I scanned the infected directory and nothing came up. I checked the virus/malware list and my particular trojan/malware is not listed. The actual file is a executable called installer. But I never ran the program so maybe I'm not actually infected - unless the program can execute itself?

Collapse -
Maybe you try the following......
by Marianna Schmudlach / May 20, 2009 3:36 PM PDT
In reply to: No dice....

Please download Malwarebytes Anti-Malware (v1.33) and save it to your desktop.
alternate download link 1
alternate download link 2
If you have a previous version of MBAM, remove it via Add/Remove Programs and download a fresh copy.

* Make sure you are connected to the Internet.
* Double-click on mbam-setup.exe to install the application.
* When the installation begins, follow the prompts and do not make any changes to default settings.
* When installation has finished, make sure you leave both of these checked:
o Update Malwarebytes' Anti-Malware
o Launch Malwarebytes' Anti-Malware
* Then click Finish.

MBAM will automatically start and you will be asked to update the program before performing a scan.

* If an update is found, the program will automatically update itself.
* Press the OK button to close that box and continue.
* If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install. Alternatively, you can update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.

On the Scanner tab:

* Make sure the "Perform Quick Scan" option is selected.
* Then click on the Scan button.
* If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
* The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
* When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
* Click OK to close the message box and continue with the removal process.

Back at the main Scanner screen:

* Click on the Show Results button to see a list of any malware that was found.
* Make sure that everything is checked, and click Remove Selected.
* When removal is completed, a log report will open in Notepad.
* The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
* Copy and paste the contents of that report in your next reply and exit MBAM.

Notes: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you after scanning with MBAM. Please temporarily disable such programs or permit them to allow the changes. Click this link to see a list of programs that should be disabled.



I also would suggest to run an on-line scan:

Run the F-Secure Online Scanner

http://support.f-secure.com/enu/home/ols.shtml

Note: This Scanner is for Internet Explorer Only!

*Click on Online Services and then Online Scanner
*Accept the License Agreement.
*Once the ActiveX installs, click Full System Scan
*Once the download completes,the scan will begin automatically.
* The scan will take some time to finish,so please be patient.
*When the scan completes, click the Automatic cleaning (recommended) button.

Collapse -
ok...
by goodswipe / May 24, 2009 10:27 AM PDT

I checked download.com and there is actually a newer version of this program - 1.36. I'll give this a try and see what happens. Quick question, The anti-virus program I'm actually using right now has the file quarantined - F-PROT. Do I need to take it out of quarantine for the program to actually scan the file and access it? Or any other program for that matter? I tried scanning with Spybot yesterday and it came up with a clean scan.

Collapse -
better results
by goodswipe / May 24, 2009 12:01 PM PDT
In reply to: ok...

I downloaded that program and ran the "quick scan" and it found the same infected file. Except this time it had a different virus name - Trojan.Vundo.V. Either way, the program said that it was able to remove it. I'm going to perform a full scan this time and see what else might come up.

Thanks!

Collapse -
Guess it's gone
by goodswipe / May 24, 2009 3:35 PM PDT
In reply to: better results

Well, I scanned the entire system with Malwarebytes and nothing negative came up. I've rebooted my system and everything. Hope all is well. Now I'm going to scan with F-Prot again and see what that comes up with.

Thanks!

Collapse -
What you also could try........
by Marianna Schmudlach / May 25, 2009 12:06 AM PDT
In reply to: Guess it's gone

to see if everything is gone:

Download and scan with SUPERAntiSpyware Free for Home Users

* Double-click SUPERAntiSpyware.exe and use the default settings for installation.
* An icon will be created on your desktop. Double-click that icon to launch the program.
* If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
* Under "Configuration and Preferences", click the Preferences button.
* Click the Scanning Control tab.
* Under Scanner Options make sure the following are checked (leave all others unchecked):

Close browsers before scanning.
Scan for tracking cookies.
Terminate memory threats before quarantining.

* Click the "Close" button to leave the control center screen.
* Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
* On the left, make sure you check C:\Fixed Drive.
* On the right, under "Complete Scan", choose Perform Complete Scan.
* Click "Next" to start the scan. Please be patient while it scans your computer.
* After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
* Make sure everything has a checkmark next to it and click "Next".
* A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
* If asked if you want to reboot, click "Yes".

Does the scan come up clean?

Popular Forums
icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

CNET FORUMS TOP DISCUSSION

Help, my PC with Windows 10 won't shut down properly

Since upgrading to Windows 10 my computer won't shut down properly. I use the menu button shutdown and the screen goes blank, but the system does not fully shut down. The only way to get it to shut down is to hold the physical power button down till it shuts down. Any suggestions?