• RSS
  • Twitter
  • FaceBook

Security Forums

Log in

FAQ | Search | Usergroups | Profile | Register | RSS | Posting Guidelines | Recent Posts

rocky2[1].exe

Users browsing this topic:0 Security Fans, 0 Stealth Security Fans
Registered Security Fans: None
Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> Viruses // Worms

View previous topic :: View next topic  
Author Message
killercrush
Just Arrived
Just Arrived


Joined: 20 Jul 2004
Posts: 0
Location: earth

Offline

PostPosted: Tue Jul 27, 2004 2:59 am    Post subject: rocky2[1].exe Reply with quote

Is this a virus? When I did a scan on RAV it said that it was a virus/infected file. It's located in
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\6OEYI42A\
and it wont allow me to delete it.

Or should I not be worried about it at all?
Back to top
View user's profile Send private message Send e-mail AIM Address MSN Messenger
fuzed
Just Arrived
Just Arrived


Joined: 13 May 2004
Posts: 0


Offline

PostPosted: Tue Jul 27, 2004 3:48 pm    Post subject: Reply with quote

havent used that flavour of AV, but some av apps tell you what the virii are... I would get to command prompt and delete the file from there, make sure its not running in task manager either.

run AV on all of your HD's as well...

do a search on google for the file found and add virus on as well.
Back to top
View user's profile Send private message
Groovicus
Trusted SF Member
Trusted SF Member


Joined: 19 May 2004
Posts: 9
Location: Centerville, South Dakota

Offline

PostPosted: Tue Jul 27, 2004 6:01 pm    Post subject: Reply with quote

Boot into safe mode, open IE...go to tools, preferences, and flush your temp files.

See if that does it.
Back to top
View user's profile Send private message Visit poster's website
killercrush
Just Arrived
Just Arrived


Joined: 20 Jul 2004
Posts: 0
Location: earth

Offline

PostPosted: Tue Jul 27, 2004 7:36 pm    Post subject: Reply with quote

groovicus wrote:
Boot into safe mode, open IE...go to tools, preferences, and flush your temp files.

See if that does it.


ive already done that and it didn't work. Confused
Back to top
View user's profile Send private message Send e-mail AIM Address MSN Messenger
Groovicus
Trusted SF Member
Trusted SF Member


Joined: 19 May 2004
Posts: 9
Location: Centerville, South Dakota

Offline

PostPosted: Tue Jul 27, 2004 7:47 pm    Post subject: Reply with quote

Your AV should give you the option to rename, delete, etc. Rename it or delete it from there.

It is in your browser cache, so that is where it needs to be deleted from.

Can I get the fill path name? Very Happy

EDIT:

Just had another thought.

Open notepad and paste in the following lines:

del c:\ *.tmp
del %temp%\*.tmp /f
del %windir%\prefetch\*.*
del %windir%\temp\*.* /f

Save to desktop as 'clean.bat' , file type - 'all files'

DoubleClick on the icon, and say yes when prompted.
Back to top
View user's profile Send private message Visit poster's website
killercrush
Just Arrived
Just Arrived


Joined: 20 Jul 2004
Posts: 0
Location: earth

Offline

PostPosted: Tue Jul 27, 2004 8:00 pm    Post subject: Reply with quote

I got rid of the rocky2[1].exe. it had duplicated itself into some other folders but each allowed me to delete it. so that problem is now out of the way.

however

i did end up finding some more problems listed when i ran RAV once more. here is what it came up with. Please let me know if any of these files will be harmful to the computer of if it's something that I shouldn't worry about.

Scan started at 7/27/2004 12:40:39 PM

Scanning memory...
Scanning boot sectors...
Scanning files...
C:\RECYCLER\S-1-5-21-1051151432-1597056692-1010472921-1003\Dc1.exe - PWS:Win32/Briss -> Infected
C:\System Volume Information\_restore{30F71744-7195-4A81-BC43-76AFE6B4AF0F}\RP219\A0164713.EXE - Tool:PornDialer.BP -> Infected
C:\System Volume Information\_restore{30F71744-7195-4A81-BC43-76AFE6B4AF0F}\RP219\A0164749.exe - Tool:PornDialer.BP -> Infected
C:\System Volume Information\_restore{30F71744-7195-4A81-BC43-76AFE6B4AF0F}\RP219\A0164750.dll - Trojan:Win32/StartPage.IX -> Infected
C:\System Volume Information\_restore{30F71744-7195-4A81-BC43-76AFE6B4AF0F}\RP219\A0164751.dll - Trojan:Win32/StartPage.IX -> Infected
C:\System Volume Information\_restore{30F71744-7195-4A81-BC43-76AFE6B4AF0F}\RP219\A0164752.dll - Trojan:Win32/StartPage.IX -> Infected
C:\System Volume Information\_restore{30F71744-7195-4A81-BC43-76AFE6B4AF0F}\RP219\A0164753.dll - Trojan:Win32/StartPage.IX -> Infected
C:\System Volume Information\_restore{30F71744-7195-4A81-BC43-76AFE6B4AF0F}\RP219\A0164754.dll - Trojan:Win32/StartPage.IX -> Infected
C:\System Volume Information\_restore{30F71744-7195-4A81-BC43-76AFE6B4AF0F}\RP219\A0164755.dll - Trojan:Win32/StartPage.IX -> Infected
C:\System Volume Information\_restore{30F71744-7195-4A81-BC43-76AFE6B4AF0F}\RP219\A0164756.dll - Trojan:Win32/StartPage.IX -> Infected
C:\System Volume Information\_restore{30F71744-7195-4A81-BC43-76AFE6B4AF0F}\RP219\A0164757.dll - Trojan:Win32/StartPage.IX -> Infected

Scanned
============================
Objects: 51404
Directories: 3055
Archives: 6077
Size(Kb): 855621
Infected files: 11

Found
============================
Viruses found: 3
Suspicious files: 0
Disinfected files: 0
Mail files: 68



Thanks
Back to top
View user's profile Send private message Send e-mail AIM Address MSN Messenger
Groovicus
Trusted SF Member
Trusted SF Member


Joined: 19 May 2004
Posts: 9
Location: Centerville, South Dakota

Offline

PostPosted: Tue Jul 27, 2004 8:07 pm    Post subject: Reply with quote

Empty your recycle bin, then disable, then re-enable your system restore.

That should solve it. Very Happy
Back to top
View user's profile Send private message Visit poster's website
heh
Just Arrived
Just Arrived


Joined: 27 Jul 2004
Posts: 0


Offline

PostPosted: Tue Jul 27, 2004 10:23 pm    Post subject: Reply with quote

start page is annoying Mad
Back to top
View user's profile Send private message
killercrush
Just Arrived
Just Arrived


Joined: 20 Jul 2004
Posts: 0
Location: earth

Offline

PostPosted: Wed Jul 28, 2004 5:39 am    Post subject: Reply with quote

groovicus wrote:
Empty your recycle bin, then disable, then re-enable your system restore.

That should solve it. Very Happy


See... my recycle bin is empty. That's a file that's inside of a protected items deleted folder and it wont let me completely delete it, only restore it.
Back to top
View user's profile Send private message Send e-mail AIM Address MSN Messenger
Display posts from previous:   

Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> Viruses // Worms All times are GMT + 2 Hours
Page 1 of 1


 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

Community Area

Log in | Register