TROJ_DLOADER.OS

[Joxcenia]

Trend Micro PC-cillin Internet Security Notification

Real-time Scan

Trend Micro PC-cillin Internet Security has detected a virus, spyware application, or other Internet threat, and performed the action specified.

Infected file: C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\QD1QJE5W\pcs_0002[1].exe

Virus name: TROJ_DLOADER.OS

User name: user

Scan action result: The Quarantine action was unsuccessful. Manually delete the file if you are sure that it is not needed.

Note: If Search for and clean Trojans is enabled and is executed after scanning, you can click Next to view final scan result information.

I visited a site just a few minutes ago and got the above Trojan on my computer. I think I got it from a popup that got through my popup zapper.

This is what was in the quarantine:

Name: archive.jar-e0a281d-35d773da.zip

Location: C:\Documents and Settings\user\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\

I went offline and deleted the temp files... then did a scan with my antivirus... and it came up clean. I then deleted the quarantined file.

[Lesa]

 
Weird. Hubby just deleted one of those things from our computer yesterday after AVG detected it during its daily scheduled scan. It was in the same directory as yours, also a .zip, but the numbers after "jar-" in the filename were different - I believe the zip and ids files in that folder change almost daily.

I wonder if we got it from the same site. Do you remember which site it was?
 

[Joxcenia]

It was from a site that Joxerfan posted on Jenn's board. I didn't get it though until I hit the back button to go back to that site from another site.... so I think it was from a popup that got by my zapper. The site was: The Legendary Hero's World Order.

http://www.hostultra.com/~kszonew/hwo/hindex.htm

Again, I'm fairly certain it was from a popup and not this site... but anyone going to check it out should be very careful... and do a scan afterwards.

[Joxcenia]

If I recall, I was checking to see what screengrabs they had... thinking I might link to them for my episode discussion threads. Haven't been back since I got the virus... too chicken.

[Lesa]

Well, I guess we couldn't have gotten it from the same place then, since I've never been to that site or any other hostultra site, to my knowledge. Of course, it could be from the same 'advertiser' that has their popup in rotation on that and other sites. I have been to a couple of sites recently that bypassed my popup blocker as well.

I really don't get why legitimate people use popup advertising in the first place. I usually close them without even giving them a chance to load, much less look at them if they do finish loading.

[Joxcenia]

I've gotten this virus before... I can't remember where from. It was the reason I had to download Java again. I had uninstalled it after I was alerted of the virus being quarantined.

[Lesa]

I guess you won't be doing that again.

I always try to find the least invasive way to fix stuff,
even if the least invasive way takes longer.