Spyware, Viruses, & Security forum

General discussion

Win32/SillyD1AGC Virus

by dino71sr / May 5, 2006 11:26 AM PDT

For the last month I have had Rogers-Yahoo On-Line
Protection installed on my computer. (Prior to that I had Norton Anti-Virus). Now for the last few days every hour or so a "Rogers-Yahoo Online Protection Infection Alert" pops up to tell me that my computer is infected with the Win32/SillyD1AGC virus and that typically two of three files have been \"deleted\" and one is \"infected\". The file names are always
"C:\WINDOWS\Temp\winxxx.tmp where xxx represents varying numbers. I cannot find any reference to this virus on Symantic or McAfee and Rogers-Yahoo tech service have not been able to help me eliminate this problem. Has anyone experienced this before and what must I do to rid my computer of this virus?

Discussion is locked
You are posting a reply to: Win32/SillyD1AGC Virus
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: Win32/SillyD1AGC Virus
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Why not try...
by tomron / May 5, 2006 11:50 AM PDT
In reply to: Win32/SillyD1AGC Virus

scanning with some other antivirus programs.Heres a LINK for some free programs and free online scans.

If you use these other AV,don't forget to diable your AV

Tom

Collapse -
You Can Scan w/ Another AV, But Since the Remains Are Always
by tobeach / May 5, 2006 4:22 PM PDT
In reply to: Win32/SillyD1AGC Virus

in *Temp* files why not empty them using this?:
(FOR 1st pass since you're infected, BEFORE running scan, click on "Options">"Advanced" and UNCHECK: Only remove ..files older than 48 hours" good safety thing but needs to be disabled 'til clear of infection, then return & re-check.)
Get CCleaner (Freeware). It's not an AV but an extensive temp/cache/application cleaner.
Download (& print out for reference) the Help file (descriptions of items to be cleaned), then download, save & install either the "Slim"(suggested) or "Basic"(if you need additional language files) version.These versions are 100% adware/spyware free.
Additionally, add the download page below to your IE Favorites or Bookmarks list and use it to check for updates about once per month.
In "Options", click on "Settings" and uncheck:
"automatically check for updates" to prevent getting an undesirable (adware toolbar) version from built in updater link.
I run CCleaner immediately before & after each net visit as it only takes under 5 seconds to clean.I also have it set to auto-run at boot up.
Help file to print out:
http://www.ccleaner.com/help/fileclean.asp

Download Free Program Link:
http://www.ccleaner.com/downloadbuilds.asp

You'll wonder how you survived without it. You're gonna Love it!!
Enjoy! Grin

Collapse -
You Can Scan w/ Another AV, But Since the Remains Are Always
by michhala / May 16, 2006 5:59 PM PDT

Re: Get CCleaner (Freeware). It's not an AV but an extensive temp/cache/application cleaner.

Hi Tobeach -- I delete all History, cookies (except for Cnet and Google, and everything else from my Temp Internet folder after every Internet session. I recall you mentioned in a post you practiced this habit, too, using CCleaner.

At the end of the day, I go into Explorer and also delete in docs & settings\applications data\microsoft\office\recent and Miki\recent.

This has always been part of my housekeeping.

Everyone here seems to give rave reviews for CCcleaner. Does CCleaner do more than what I have been doing all these years?

Miki

Collapse -
About SillyDl Family...
by Carol~ Moderator / May 5, 2006 5:11 PM PDT
In reply to: Win32/SillyD1AGC Virus

This virus information from Zonelabs should give you an idea about the SillyD 1 family. I doubt it's this simple, but you could try removing it from your Temp folder by doing the following. Go to ''Start''. In the ''Run'' box type ''%temp%'' (without the quotation marks) Then press ''OK''. Delete what's in the folder. As was previously mentioned, CCleaner will do it for you - and then some. I'm only providing the ''path of least resistance''. As I stated, it may not be this easy. But.. what if it is? It might be worth a shot.

Fingers crossed for you..
Carol

Collapse -
As noted by Computer Associates..
by Carol~ Moderator / May 5, 2006 6:03 PM PDT

this is what I meant about ''not so simple'':

'Many SillyDl variants are installed on an affected machine by another component. In this scenario, a component downloads SillyDl, which then in turn downloads other files and installs them on an affected machine. In the vast majority of cases, these files are adware.

While CA Antivirus solutions detect and remove many variants of SillyDl, an issue may occur where the file that is installing the SillyDl variant is not detected. In these cases, CA Antivirus will detect and remove the SillyDl variant, however, detections will continue to be reported, as SillyDl is continuously being installed by the other component that we do not detect as yet' Because CA say's they have not detected it as of yet, does not exclude the fact, that it can be detected by other methods. (IMO)

And that's the ''downside''..
Carol

(Still hoping for the ''simple fix'' though. ;))

Collapse -
(NT) (NT) Interesting Post Note! Thanks for the Extra Info,Carol!
by tobeach / May 6, 2006 4:10 PM PDT
Collapse -
You said you couldn't find any reference to it..
by Carol~ Moderator / May 16, 2006 1:47 PM PDT

that could be because it's got different names/aliases, by different companies. (I know nothing about Yahoo Rogers-Online Protection) Here is another link to another Zone Labs page, which lists the different aliases.

http://vic.zonelabs.com/tmpl/body/CA/virusDetails.jsp?VId=43002

And another one here''
http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?ID=42022

Did you say you used ''CA eTrust Online Scanner''? <--Please note, this is a direct hyperlink to the scanner. You can read more about it here. See ''CME-746'' ..Not a direct link, but it will get you there. If you had already scanned with it, were you in Safe Mode?

A couple of question for you. When you tried to remove from the Temp files, did you do so in Safe Mode?. A good idea to do so. Did you Show Hidden Files and Folder's first? To be perfectly honest, I really don't know much about this, nor do I claim to. I'm only looking to supply you with additional aliases and different possibilities. It may very well be easiest to d/l HJT and have another forum anaylze your log. I hesitate suggesting this, as there may be a specific tool, which will get rid of it. A tool with which, someone with more knowledge, would be aware of. (i.e. A moderator and not someone who ''claims'' to know)

Sulpanato, I'm sorry I can't be of more help. Good luck to you anyway..
Carol

PS: All hyperlinks within this post have been given the ''green light'' from SiteAdvisor.

Collapse -
Hi Carol
by tomron / May 16, 2006 1:49 PM PDT

this is new to me,i have no idea what this means.I never saw this before.

PS: All hyperlinks within this post have been given the ''green light'' from SiteAdvisor.

Tom

Collapse -
Tom..
by Carol~ Moderator / May 16, 2006 2:09 PM PDT
In reply to: Hi Carol

I've put it in a couple of my posts, when I've had a few hyperlinks in it. I don't know if it will make a difference, but I think some people are fearful of going to sites they don't know of. Granted, the can hover over the link and see for themselves. I've come to trust SA and sometimes, when I don't see a recognizable site, I'm skeptical about going there. Whether or not, it makes a difference to ANYONE, I don't know. Just letting people know, SA has tested it and deems it ''ok''. Again, it may not make a difference to anyone. I'm trying to project what some members might think. I may be wrong! (Another thing.. I'd hate to have to do "the work", only to find out someone was fearful of taking advantage of it) Just.. "my way".

Unless.. you were asking me what SiteAdvisor is? I took for granted you did. If not.. ask away.

HTH..
Carol

Collapse -
CAROL
by tomron / May 16, 2006 2:33 PM PDT
In reply to: Tom..

Well i am curious what site advisor is and you say "SA has tested it and deems it ok''

Tom

Collapse -
Tom.. SiteAdvisor and ''all you ever wanted to know''..
by Carol~ Moderator / May 16, 2006 3:17 PM PDT
In reply to: CAROL

Tom..

I think it's great. When you go to Google, it will highlight each site. If it's been tested and proved to be ''ok'', the site will be highlighted in ''green''. ''Red''..something to stay away from. You can read about it from the links I'm providing. (It takes some of the guesswork out of which sites, you might be hesitant to go to, when googling something) I'm still cautious, but it is reliable and certainly worth it. It's also not ''complicated''. Additionally, I included an article Ben Edelman wrote. He was involved with it's inception. You can also search CNET and you'll see more. Lastly, it was recently taken over by McAfee. That shouldn't make a differene at this point.

I've included ''all you ever wanted to know about SA'' below. I've also included the download links. It updated recently. See Roddy's post today for IE. And Brents for FF. If you have any questions, feel free to ask.

http://www.benedelman.org/news/121905-1.html

http://www.siteadvisor.com/

FAQ: http://www.siteadvisor.com/press/faqs.html

http://www.siteadvisor.com/studies/search_safety_may2006.html

http://www.mcafee.com/us/about/press/corporate/2006/20060426_190200_m.html


Download for IE:

http://www.siteadvisor.com/download/ie.html

Download for FF:

http://www.siteadvisor.com/download/ff_preinstall.html

Again.. if you have any questions.. just ask.
Carol

(Tom.. this isn't just a "nifty" little program I found somewhere. A good deal of the people here have it. Did I mention it was free?)

Collapse -
Carol
by tomron / May 16, 2006 3:32 PM PDT

Oh yea,i beleive there was some discussion on this in V&S.I forgot about it.

Thanx Carol,much appreciated


(Carol...Did I mention that free is my favorite word)

Collapse -
You're welcome. Sometimes your favorite word.. ...
by Carol~ Moderator / May 16, 2006 3:46 PM PDT
In reply to: Carol

comes with a price tag though!! SadGrin (One way or another.. ''they getcha'')

Collapse -
Win32/SillyD1AGC
by dino71sr / May 16, 2006 12:15 PM PDT
In reply to: Win32/SillyD1AGC Virus

many thanks to everyone who replied with their suggestions. I have tried every one of them without success and tried many anti-spyware programs without detecting the offending file that keeps installing the Win32/SillyD1AGC virus on my computer. The CA anti-virus program still pops up a window several times a day to say that files infected with the Win32/SillyD1AGC virus have been deleted, so at least that part of it works OK. Any more suggestions gladly accepted

Collapse -
Win32/SillyD1AGC
by tomron / May 16, 2006 1:34 PM PDT
In reply to: Win32/SillyD1AGC

"I have tried every one of them without success and tried many anti-spyware programs without detecting the offending file"

"files infected with the Win32/SillyD1AGC virus have been deleted, so at least that part of it works OK"


I'm confussed,first you say it did,nt work,then you say the virus has been deleted.


The way I'm reading it is the only issue left is the annoying alert?

Tom

Collapse -
One more question
by tomron / May 16, 2006 1:47 PM PDT
In reply to: Win32/SillyD1AGC

I'm not familar with Rogers-Yahoo On-Line or CA anti-virus,Is rogers-yahoo-online a antivirus?

If so you should only run one AV at a time.You may also be getting false positives.

Tom

Collapse -
Win32/SillyD1AGC virus
by dino71sr / May 20, 2006 12:33 PM PDT
In reply to: Win32/SillyD1AGC

Hello Tom - I can understand how confused you are! I'm not sure that I understand it myself. Every two or three hours a window appears on my computer telling me that certain files that have been infected with the Win32/SillyD1AGC virus have been deleted. When I run my anti-virus program and four anti-spyware programs they all tell me my computer is free of all virus/spyware. Still the windows keep popping up. One person suggested there may be a unidentified file somewhere in the computer that keeps on trying to instal the Win32/SillyD1AGC virus which the anti-virus program immediately finds and deletes. If this is so how can we identify this unidentified program?
Sulphanato

Collapse -
Reply to: Win32/SillyD1AGC virus
by tomron / May 20, 2006 1:15 PM PDT
In reply to: Win32/SillyD1AGC virus

Have you tried the link that Carol provided?

I don't know if this was mentioned yet,but try safe mode.

Tom

Collapse -
Also
by tomron / May 20, 2006 1:56 PM PDT

You didn't mention if you checked here

C:\WINDOWS\Temp\winxxx.tmp where xxx represents varying numbers.

Collapse -
You said you couldn't find any reference to it..
by Carol~ Moderator / May 16, 2006 1:56 PM PDT
In reply to: Win32/SillyD1AGC Virus

Sulphanato.. Kindly see my post with the above title, dated 5/16/06 @ 8:47PM. I hadn't meant to put it there, and didn't want it to get buried.

Thanks Happy
Carol

Collapse -
(NT) (NT) tobeach -- did you miss my post re CCleaner?
by michhala / May 18, 2006 4:07 AM PDT
In reply to: Win32/SillyD1AGC Virus
Popular Forums
icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

CNET FORUMS TOP DISCUSSION

Help, my PC with Windows 10 won't shut down properly

Since upgrading to Windows 10 my computer won't shut down properly. I use the menu button shutdown and the screen goes blank, but the system does not fully shut down. The only way to get it to shut down is to hold the physical power button down till it shuts down. Any suggestions?