| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 48037 | 2004-08-12 08:48:00 | virus | reads (5269) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 260868 | 2004-08-12 08:48:00 | I've contracted a virus on my computer which calls itself Downloader.Briss.A. I have AVG free edition, but it won't let me send it to the virus vault and cannot heal it. It seems to be contained in a file in windows/downloaded program files. The file is called Bridge.dll but does not show up in the folder even when hidden objects are shown. Please help. mgreads. |
reads (5269) | ||
| 260869 | 2004-08-12 09:02:00 | Try this page for removal info here (www.2-spyware.com) hth |
johnboy (217) | ||
| 260870 | 2004-08-12 09:21:00 | It could also be this Troj/Briss-A is a JavaScript downloader Trojan which attempts to exploit vulnerabilities associated with Microsoft Internet Explorer and Netscape Navigator to download adware software from a remote server to the local computer and install/run it . Troj/Briss-A can arrive on the computer by browsing websites whose HTML pages contain the script or by loading a HTML page that contains a SRC= link to an infected page . When the browser is Microsoft Internet Explorer the Trojan exploits the CODEBASE vulnerability to download and install a CAB archive named bridge . cab from a remote location . Under Windows 2000, XP or 2003 the adware files bridge . dll, bridge . inf and jao . dll are installed to the Windows system folder . Under Windows 95, 98 and ME the files a . exe and atl . dll are additionally installed to the system folder (atl . dll is a clean library DLL) . Under Netscape Navigator (version 5 or greater) the Trojan attempts to exploit the Install method of the InstallTrigger object or the location . replace method to download and install the installer module sbc_netscape . xpi . sbc_netscape . xpi is a ZIP file containing an executable named sbc_netscape . exe and an installation script named install . js which is executed automatically . install . js uses methods of the Netscape XPInstall API to run sbc_netscape . exe from the Temporary folder . sbc_netscape . exe is an installation executable that creates the files a . exe, atl . dll, bridge . dll and jao . dll in the Windows system folder and creates the following registry entry to run a . exe on startup: HKLM\Software\Microsoft\Windows\CurrentVersion\Run \ systray = %SYSTEM%\A . EXE The following registry entry may also be created so that the Load function of bridge . dll is called each time Windows is started: HKLM\Software\Microsoft\Windows\CurrentVersion\Run \ RunDLL = rundll32 . exe \"%SYSTEM%\bridge . dll\",Load The adware software installed by Troj/Briss-A changes browser settings for Microsoft Internet Explorer, displays advertisement pop-ups when the browser is active and may periodically download and install updated versions of its software or other 3rd party software without any notification that it is doing so . DLLs may be installed and registered as COM objects and Browser Helper Objects for Internet Explorer, creating new registry entries under: HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\ Browser Helper Objects\ Bookmarks may also be created leading to web pages containing material of an adult or sexual nature . The adware software installed by Troj/Briss-A normally provides an uninstallation option which can be accessed via the Add or Remove Programs dialog in the Windows Control Panel . Check the list for entries containing the string 'Bridge' . Uninstallation may not completely remove the adware, therefore it should also be removed manually . Make sure all of the adware processes are inactive and then de-register all of the DLLs mentioned above using regsvr32 /U, for example: regsvr32 /U jao . dll regsvr32 /U bridge . dll |
Spacemannz (808) | ||
| 260871 | 2004-08-12 10:42:00 | I have once had this prob too i hope this doesn't scar ya or anything but when it happened to me i could never pin point the location of the virus and when i found it, i also couldn't heal it so i had to reset my whole operating system once i did the virus was no more!! this is just a suggestion on what to do if u can never heal it... (reset operating system) and get a new firewall the one ur using is usless it never worked for me(AVG free edition) ok... -thanks :) |
UknownNewbie (6017) | ||
| 260872 | 2004-08-12 13:13:00 | man - there is plenty of dumb 'o's around. | zqwerty (97) | ||
| 260873 | 2004-08-12 13:20:00 | >>>man - there is plenty of dumb 'o's around. Don't call yourself names lad. |
Old Tom (5871) | ||
| 260874 | 2004-08-12 19:57:00 | > I've contracted a virus on my computer which calls > itself Downloader.Briss.A. I have AVG free edition, > but it won't let me send it to the virus vault and > cannot heal it. It seems to be contained in a file in > windows/downloaded program files. The file is called > Bridge.dll but does not show up in the folder even > when hidden objects are shown. Check the path that AVG gives you, sometimes these virus's hide in zip files and although AVG can scan a zip archive, it cannot clean files within. The cure is to find the zip archive its hiding in, high light and use the delete key, then of course rescan with the UP TO DATE virus checker. |
beama (111) | ||
| 1 | |||||