17 replies to this topic

[krit86lr]

Does anyone know what "Downloader.Wren.k" is? I googled it, and nothing came up.

Thanks

[hazelnut]

You could try this page krit,

http://www.viruslist.com/en/viruses/encycl...a?virusid=89393

[krit86lr]

Thank you Hazelnut!

[hazelnut]

Also look here as they are apparently related

http://www.viruslist.com/en/viruses/encycl...a?virusid=79663

[krit86lr]

So cleaning out the temp files and removing that reg key should get rid of it entirely? That's my logical assumption, but I just wanted to confirm.

Thanks again.

[hazelnut]

Krit, I'm a link finder,
Sorry I don't now about how would be best to remove it.

[krit86lr]

hazelnut, on Jun 22 2006, 02:01 PM, said:

Krit, I'm a link finder,
Sorry I don't now about how would be best to remove it.

LOL, Thanks for the links. They are very helpful.

The question stands for anyone who knows!

[TonyKlein]

Removing only the Registry Run entry won't probably be all that's required.

It would be best to post a Hijack This log in the appropriate section of this board, so that someone could have a look at your configuration.

File names vary wildly among variants, and "yours" may have a totally different name.
If the run entry is there it will show up among the "O4's" in the log and will itself be easy to remove that way.

You may also turn out to have more requiring attention.

[krit86lr]

Thank you.

I will try to post a HJT log, but it isn't my pc. It's my boss's pc and he gets nervous about things that he's never heard of before. He said he'll think about the HJT log...so until then!

I am trying to get information about the type of infections on the pc, hoping that it will make him want to take more steps in cleaning it.

[TonyKlein]

krit86lr, on Jun 22 2006, 10:19 PM, said:

It's my boss's pc and he gets nervous about things that he's never heard of before. He said he'll think about the HJT log...so until then!

Well, it's a very useful diagnostic tool, and if your boss wants us to offer any meaningful advice, the more information the better...

Also, should the log turn up a couple of issues, it's much preferable to have HT 'fix' them, then to have to go and edit the registry manually.

And don't forget that HT backs up everything it removes/fixes.

Hope those arguments will help convince him...

[krit86lr]

TonyKlein, on Jun 22 2006, 03:23 PM, said:

Hope those arguments will help convince him...

Thank you. I have given him that information so far, and he's still be hesitant so now I've moved on to scare tactics. LOL

I've cleaned/protected (with Andy's help) 3 machines on the network which totalled over 500 infections, but none of the main machines have been cleaned.

I wish that people would just do as they're told sometimes!!!! lmao


Later, wish me luck!

[Woody]

Quote

Later, wish me luck!

Good luck, K.

[krit86lr]

Okay, I won the battle. hehe

So I'm running some more scanners before posting a HJT log. I have one question though. There are 3 drives, so do I need to run the scanners on all of the disks and post a HJT log for all 3 drives?

Thanks.

[TonyKlein]

If you have operating systems installed on all three the drives, yes please.

Otherwise, no.

[krit86lr]

Okay. I finished a scan with SpyBot, CWShredder, and Ewido. Ewido couldn't remove 1 worm and I don't know why. I used CCleaner, installed an AV and Spyware Blaster.

I keep trying to scan with Adaware, but it keeps causing a Delayed Write Failure on the Network Disk. What do I do?

Is it possible that if this keeps happening that it can harm the drive? Should I just leave it alone?

Thanks in advance.

[TonyKlein]

krit86lr, on Jun 23 2006, 08:41 PM, said:

I finished a scan with SpyBot, CWShredder, and Ewido. Ewido couldn't remove 1 worm and I don't know why.

Probably because the file is in use or protected in some way. Once again, without a HijackThis log we don't know what we're looking at.

Quote

I keep trying to scan with Adaware, but it keeps causing a Delayed Write Failure on the Network Disk. What do I do?

No idea; it's a new one to me...

Quote

Is it possible that if this keeps happening that it can harm the drive?

Very unlikely.

I think the priority now lies in removing that worm Ewido found. And unless we see a HijackThis log we'll never know if there's any additional malware that Ewido did NOT detect...

[Eldmannen]

Sounds like a "downloader".
A downloader is a small simple program, when runned it downloads a executable (.exe) file from the Internet, usually via HTTP (web) and then executes it. That file it download is usually a malicious file such as an bot (botnet/dosbot) or spyware.

Having an outbound firewall that detects outgoing connections might be a good idea (though, sometimes they can be tricked (leaktest)).

[krit86lr]

Eldmannen, on Jun 23 2006, 06:29 PM, said:

Having an outbound firewall that detects outgoing connections might be a good idea (though, sometimes they can be tricked (leaktest)).

Can't really do that on this PC.