So there was some virus thing that got caught on my computer called "Downloader" that was summarily executed. Huzzah.

However, now Internet Explorer and Microsoft Office are sort of on the fritz. Whenever they open, they try (twice in IE's case and three times for Excel) to install themselves again. If I hit cancel until they stfu, they work fine. If I don't, they ask for the Microsoft Small Business Office 2003 disk. If I give them said disk, they happily plug away until they decide that would be too easy and demand some other Windows XP disk that I don't have.

When I manually go into the MS Office disk I have and try to install Excel (for instance) fresh, it fails with a general "Error" message.

Hpel?

Step 1) use firefox from now on.

Step 2) stop opening chain mail

step 3) stop viewing pr0n

Step 4) jump off a bridge for bieng stupid

AvG is absolutely superior in spotting the downloader trojan.

That being said, it isn't that harmful (at all.)

Buy a Mac.

Macs don't have any sort of inherent protection from viruses, it's just that nobody gives a fuck about them to waste the effort destroying them.

I think I want a mac.

Macs don't have any sort of inherent protection from viruses, it's just that nobody gives a fuck about them to waste the effort destroying them.

Thats not entirely true. Windows is the dominant operating system, true, but it has security holes that Mac’s now Unix-based OS does not have.

Over ten years of owning a Mac and being on-line, I have not once had a virus, trojan, or anyone using my machine to do other things.

If people don’t want to hack Macs, thats another good reason to have one.

PS. One caveat to all this is I am savvy enough not to download/click/open anything that I don’t know what it is. Even then, I once lost my AOL password to a very clever mock-up site. It was a mere seconds later that I realized the ruse and changed it.

I'd like to also add that this is really my parents' computer, and the technician they have a habit of employing (despite my strenuous objections) has the peculiar quirk of totally destroying any computer he comes in contact with.

HPEL PLZ????

The actual name of the virus you've been infected with might help.

Edited to add, there's nothing on the books spefically called "downloader" that I can find.

Edited to add: I did finally find something referenced as a/the downloader virus.

Here's one suggested method I found on another website, using the TrendMicro cleaner.

http://esupport.trendmicro.com/support/viewxml.do?ContentID=en-125991

IF you can PM me screenshots (alt+prnt screen) so I can see what's going on, chances are it's a simple reg fix. If you cancel it and everything is working fine you might just have an extra key or string that needs removed, not a big deal at all.

Buy a Mac.



It's not that they are superior at not being infected/hacked it's that there is a very low amount of people using them.

IF you can PM me screenshots (alt+prnt screen) so I can see what's going on, chances are it's a simple reg fix. If you cancel it and everything is working fine you might just have an extra key or string that needs removed, not a big deal at all.


To elaborate to the noobs about alt+prnt screen.. it will just copy (prntscreen) the window you have focused (clicked on/selected). So be sure to have focus on the pertinent window before copying and pasting.

Here's the info from the McAfee site regarding the Downloader trojan:

This is a trojan that downloads and executes other program from the internet. At the time of testing, remote files were not available for downloading.

It makes several copies of itself to Windows system directory using following file name:

dllhlp.exe

The following registry key is created so that host32.exe is executed after each RESTART.

HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\
Run "dllhelp"= c:\winnt\dllhlp.exe
The following registry entries were made:

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
"Search Bar" = http://youriskalka.com/sp.htm HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
"Use Search Asst"= no HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl
(Default) = http://youriskalka.com/index.htm HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
"Search Bar" = http://youriskalka.com/sp.htm HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
"Use Search Asst"= no HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl
(Default) = http://youriskalka.com/index.htm HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
"Use Search Asst"= no HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl
(Default) = http://youriskalka.com/index.htm

Indications of Infection
Presence of the file and registry entry mentioned above.
Method of Infection
Trojans do not self-replicate. They are spread manually, often under the premise that the executable is something beneficial. Distribution channels include IRC, peer-to-peer networks, newsgroup postings, etc.


Removal Instructions
Use current engine and DAT files for detection and removal.Removal requires removing the entry in the SYSTEM.INI file and restart to MS-DOS mode to delete the file manually from the Windows and Windows\System folders.


© Copyright 2003-2006 McAfee, Inc. All Rights Reserved.


You should be able to use the above list of changes to ensure that none are left on your system.

What anti virus/adware/spyware programs are running on the machine in question and are they up to date?

I don't know, Skirm. I'll email them about the McAffee thingamajig and hope for the best, but I don't think we have a shutdown to DOS command on that comp.

Thanks @ everyone else too (except for Xyelin, nyah).

To elaborate to the noobs about alt+prnt screen.. it will just copy (prntscreen) the window you have focused (clicked on/selected). So be sure to have focus on the pertinent window before copying and pasting.

The last time I sent a Microsoft technician a printscreen copy (for a technical problem) they suddenly gained a lot of liberties in accessing my compy's information down to binary numerics, old and new (which I think is pretty cool, since I am still completely in the grey about how data-retrieving was excercised to the degree in which it was performed [I think if you e-mail Microsoft, you lose rights to your soul, or something.])