[Dshield] OT W2K/ME

Deb Hale haled at pionet.net
Wed Oct 8 20:22:39 GMT 2003

You don't by chance have a file on the hard drives that is malware***.exe
(where *** represents any digits, 0-9), do you?
This is a characteristic of  Backdoor.Coreflood.dr (symantec), which was new
in Sept.  I have seen this on a computer and it was reacting similar to what
you are describing.

I had to boot the computer in safe mode and do a virus scan to finally get
rid of all of the residual junk from it.  One thing that I had to do was
unregister a file (don't remember the name of the file :(- ) in order to
stop an error that the registered program had trouble loading (not exact

Just a thought.

-----Original Message-----
From: list-bounces at dshield.org [mailto:list-bounces at dshield.org] On Behalf
Of Paul Marsh
Sent: Wednesday, October 08, 2003 1:08 PM
To: list at dshield.org
Subject: [Dshield] OT W2K/ME

Sorry for the off topic question but I'm starting to think the problem might
have to do with leftovers from a viri or spyware.

So far I've seen two systems with the same following problem.

Every time the system boots My Documents opens in Explorer. I've checked
HKLM\Software\Microsoft\Windows\CurrentVersion\Run and found nothing and
RunOnce found nothing. Nothing in Startup, ran msconfig and found nothing.
Prior to this problem both systems have had Norton 2003 installed and full
system scans done with up to date Defs. Both systems were found to be
infected with Backdoor.Coreflood I've also run SpyBot and cleaned up a bunch
of stuff.

I did read last night something about (I hope I gets this right) DiDer.exe
more spyware stuff that could have created a second Explorer.exe but can't
seam to find anything on the system that would point to that.

Anyone have any ideas?

Thanx, Paul

list mailing list
list at dshield.org
To change your subscription options (or unsubscribe), see:

More information about the list mailing list