SILLYDL DIC

"David H. Lipman" wrote:

> From: "sephiroth"
>
> | im running XP Pro SP2 and when i get online i run yahoo toolbar with antispy
> | CA to be precise and detected this trojan SillyDl DiC i tried to remove it
> | but it keeps coming back..i searched for it online on ways to remove it and
> | windows live search tells that it can be removed by onecare scanner so i went
> | to the website run the scanner but it did not detect this spyware..i ran my
> | windows defender too yet still the detection of this spyware is
> | unavailable..i have adaware, and some antispy but they cannot detect the
> | presence of this spyware..HELP!!!
> | for info of this spyware type SILLYDL DiC on windows live search
>
> Start with the Sophos module of the below utility...
>
> Download MULTI_AV.EXE from the URL --
> http://www.pctipp.ch/ds/28400/28470/Multi_AV.exe
>
> http://www.pctipp.ch/downloads/dl/35905.asp
>
> English:
> http://www.raymond.cc/blog/archives/2008/01/09/scan-your-computer-with...ltiple-
>
> To use this utility, perform the following...
> Execute; Multi_AV.exe { Note: You must use the default folder C:\AV-CLS }
> Choose; Unzip
> Choose; Close
>
> Execute; C:\AV-CLS\StartMenu.BAT
> { or Double-click on 'Start Menu' in C:\AV-CLS }
>
> NOTE: You may have to disable your software FireWall or allow WGET.EXE to go through your
> FireWall to allow it to download the needed AV vendor related files.
>
> C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in C:\AV-CLS}
> This will bring up the initial menu of choices and should be executed in Normal Mode.
> This way all the components can be downloaded from each AV vendor's web site.
> The choices are; Sophos, Trend, McAfee, Kaspersky, Exit this menu and Reboot the PC.
>
> You can choose to go to each menu item and just download the needed files or you can
> download the files and perform a scan in Normal Mode. Once you have downloaded the files
> needed for each scanner you want to use, you should reboot the PC into Safe Mode [F8 key
> during boot] and re-run the menu again and choose which scanner you want to run in Safe
> Mode. It is suggested to run the scanners in both Safe Mode and Normal Mode.
>
> When the menu is displayed hitting 'H' or 'h' will bring up a more comprehensive PDF help
> file.
>
> Additional Instructions:
> http://pcdid.com/Multi_AV.htm
>
>
> * * * Please report back your results * * *
>
>
> --
> Dave
> http://www.claymania.com/removal-trojan-adware.html
> Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
>
>
> first of all id like to thank you for your quick response to my problem..i tried sophos run with your help and i then my computer beeps very badly i had to stop it and logged out..i tried to run it again and then it beeped again like the first time but this time i just let it run and found sophos found no virus at all when i ran the yahoo antispy its still there..ca seems to be the only one able to detect this ill try kaspersky later
 >> Stay informed about: SILLYDL DIC 

From: "sephiroth"


>> first of all id like to thank you for your quick response to my problem..i tried sophos
>> run with your help and i then my computer beeps very badly i had to stop it and logged
>> out..i tried to run it again and then it beeped again like the first time but this time i
>> just let it run and found sophos found no virus at all when i ran the yahoo antispy its
>> still there..ca seems to be the only one able to detect this ill try kaspersky later

Hmmm.... I don't know what all the beeping was about.

I checked for cross-reference and saw Sophos recognized this infector. That is why I told
you to use it first.

http://ca.com/us/securityadvisor/virusinfo/virus.aspx?id=66946

Also known as: WORM_DLOADER.RVV (Trend), WORM_Mal/Behav-159 (Sophos),
WORM_TrojanDownloader:Win32/Delf.TN (MS OneCare), Trojan-Downloader.Win32.Delf.cle
(Kaspersky)

Kaspersky and Trend Micro both recognize this as well. Both modules are in my Multi AV
Scanning Tool.

What is/are the Fully Qualified Name(s) and Path(s) of the files that are deemed to be
infected ?

--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
 >> Stay informed about: SILLYDL DIC 

i dont know qualified names..yahoo ca antispy indicate sillydl dic as a file
type located in c:\autorun.inf .. i did an online scan with msonecare as well
as trend micro but it seems that they have not detected it.. i made a full
scan using sophos and and unfortunately it have not been found only the
strange beeping at least 10seconds or so the monitor indicate a cent sign and
c it was blurry here is my sophos log

Sophos Anti-Virus
Version 4.26.0 [Win32/Intel]
Virus data version 4.26E, February 2008
Includes detection for 345761 viruses, trojans and worms
Copyright (c) 1989-2008 Sophos Plc, www.sophos.com

System time 19:54:43, System date 08 February 2008
Command line qualifiers are: -di -remove -f -all -mime -mbr -noc -archive
-opt=ISCabinet --stop-scan

IDE directory is: c:\AV-CLS\Sophos

Using IDE file zlob-aid.ide
Using IDE file dropp-to.ide
Using IDE file eggdll-a.ide
Using IDE file wpepro-d.ide
Using IDE file vb-dyp.ide
Using IDE file tvido-a.ide
Using IDE file tiny-dc.ide
Using IDE file chir-b.ide
Using IDE file dldr-i.ide
Using IDE file sdbo-djz.ide
Using IDE file autor-bd.ide
Using IDE file cimuz-cv.ide
Using IDE file dloa-bid.ide
Using IDE file bckd-qls.ide
Using IDE file nucle-be.ide
Using IDE file agen-gor.ide
Using IDE file rbot-gwa.ide
Using IDE file autor-be.ide
Using IDE file gampas-q.ide
Using IDE file ircb-aag.ide
Using IDE file bckd-qlr.ide
Using IDE file linea-de.ide
Using IDE file agen-gok.ide
Using IDE file renos-b.ide
Using IDE file zlob-aic.ide
Using IDE file outpos-a.ide
Using IDE file spy-af.ide
Using IDE file mokey-a.ide
Using IDE file agen-goj.ide
Using IDE file smal-ela.ide
Using IDE file batvfu-a.ide
Using IDE file iishac-h.ide
Using IDE file hish-b.ide
Using IDE file sdbo-djx.ide
Using IDE file bckd-qll.ide
Using IDE file sdbo-djy.ide
Using IDE file qhost-j.ide
Using IDE file padodo-b.ide
Using IDE file autor-ba.ide
Using IDE file dropp-tl.ide
Using IDE file dload-az.ide
Using IDE file goldu-ge.ide
Using IDE file agen-gof.ide
Using IDE file autor-ay.ide
Using IDE file fakev-ap.ide
Using IDE file glupzy-b.ide
Using IDE file zlob-aia.ide
Using IDE file zlobdr-f.ide
Using IDE file rootk-bw.ide
Using IDE file autor-ax.ide
Using IDE file dload-ay.ide
Using IDE file jsdown-a.ide
Using IDE file dloa-bfy.ide
Using IDE file dllloa-e.ide
Using IDE file dloa-bhu.ide
Using IDE file killwi-r.ide
Using IDE file click-ep.ide
Using IDE file modul-a.ide
Using IDE file bank-ekl.ide
Using IDE file dref-au.ide
Using IDE file bagle-tn.ide
Using IDE file zlobdr-e.ide
Using IDE file dropp-te.ide
Using IDE file dropp-ti.ide
Using IDE file bytev-ab.ide
Using IDE file bishin-a.ide
Using IDE file dwnl-hah.ide
Using IDE file dwnl-hal.ide
Using IDE file dwnl-ham.ide
Using IDE file bank-ekq.ide
Using IDE file spybo-og.ide
Using IDE file bho-er.ide
Using IDE file xorer-b.ide
Using IDE file small-ab.ide
Using IDE file agen-gns.ide
Using IDE file agen-gnt.ide
Using IDE file bckd-qlb.ide
Using IDE file agen-gnw.ide
Using IDE file agen-gny.ide
Using IDE file agen-gnl.ide
Using IDE file traxg-n.ide
Using IDE file tanto-h.ide
Using IDE file psyme-hi.ide
Using IDE file ircb-aaa.ide
Using IDE file ircb-aac.ide
Using IDE file banlo-ew.ide
Using IDE file autor-at.ide
Using IDE file agen-gnp.ide
Using IDE file ircbo-zy.ide
Using IDE file ircbo-zz.ide
Using IDE file sdbo-djw.ide
Using IDE file ovdoz-b.ide
Using IDE file keylo-jw.ide
Using IDE file autor-au.ide
Using IDE file killmb-n.ide
Using IDE file bagle-tl.ide
Using IDE file rbot-gvz.ide
Using IDE file ovdoz-a.ide
Using IDE file zlob-aht.ide
Using IDE file agen-gln.ide
Using IDE file keybra-a.ide
Using IDE file injec-bx.ide
Using IDE file killjw-a.ide
Using IDE file dorf-at.ide
Using IDE file dropp-sz.ide
Using IDE file nulpro-a.ide
Using IDE file killdi-l.ide
Using IDE file ircbo-zv.ide
Using IDE file dload-b.ide
Using IDE file grayb-ct.ide
Using IDE file psyme-gw.ide
Using IDE file bayrob-b.ide
Using IDE file pushdo-f.ide
Using IDE file pykse-d.ide
Using IDE file qhost-f.ide
Using IDE file bckd-qkx.ide
Using IDE file dorf-ap.ide
Using IDE file autor-an.ide
Using IDE file autoit-f.ide
Using IDE file rictio-a.ide
Using IDE file rootk-bp.ide
Using IDE file dloa-bhh.ide
Using IDE file ryuan-a.ide
Using IDE file dorf-aq.ide
Using IDE file ircbo-zs.ide
Using IDE file fakev-ao.ide
Using IDE file eriv-a.ide
Using IDE file edibar-b.ide
Using IDE file ennumi-a.ide
Using IDE file solow-h.ide
Using IDE file edibar-a.ide
Using IDE file mbroot-a.ide
Using IDE file cimuz-cu.ide
Using IDE file telemo-d.ide
Using IDE file kolabc-a.ide
Using IDE file mdro-bqd.ide
Using IDE file agen-gmu.ide
Using IDE file vb-dym.ide
Using IDE file agen-gmo.ide
Using IDE file vora-a.ide
Using IDE file agen-gml.ide
Using IDE file dorf-as.ide
Using IDE file yasspy-b.ide
Using IDE file yuner-a.ide
Using IDE file dropin-a.ide
Using IDE file dawin-b.ide
Using IDE file agen-gmk.ide
Using IDE file agen-gmc.ide
Using IDE file delf-ezs.ide
Using IDE file kobot-b.ide

Full Scanning

Could not check C:\Program
Files\ScanSoft\OmniPageSE4.0\OpproGer.chm\/#TOPICS (virus scan failed)
Could not check C:\Program
Files\ScanSoft\OmniPageSE4.0\OpproGer.chm\/#URLSTR (virus scan failed)

1 master boot record swept.
316 files swept in 1 minute and 0 seconds.
2 errors were encountered.
No viruses were discovered.
Ending Sophos Anti-Virus.
 >> Stay informed about: SILLYDL DIC 

From: "sephiroth"

|
| i dont know qualified names..yahoo ca antispy indicate sillydl dic as a file
| type located in c:\autorun.inf .. i did an online scan with msonecare as well
| as trend micro but it seems that they have not detected it.. i made a full
| scan using sophos and and unfortunately it have not been found only the
| strange beeping at least 10seconds or so the monitor indicate a cent sign and
| c it was blurry here is my sophos log
|


svchost.exe -- is a file name
c:\windows\ system32\svchots.exe -- is a fully qualified file name and path.
c:\autorun.inf -- is a fully qualified file name and path.

Right-Click on c:\autorun.inf
Choose "Open"

Select all of the text and copy it to the clipboard.

Paste the contents of c:\autorun.inf in your reply.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
 >> Stay informed about: SILLYDL DIC 

From: "sephiroth"

< snip >

| 1 master boot record swept.
| 316 files swept in 1 minute and 0 seconds.
| 2 errors were encountered.
| No viruses were discovered.
| Ending Sophos Anti-Virus.

I just nothiced, you didn't scan the ENTIRE hard disk ?

You should !


--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
 >> Stay informed about: SILLYDL DIC 

i now have this (imgINSOY) when i right clicked my hard drives..i did run a
full scan on sophos.. i guess i will have to run it again with the beeps
 >> Stay informed about: SILLYDL DIC 

Hi. I also have a problem with the "sillyDl DIC" trojan virus. I've
tried what was posted but everytime I use CA antispy to check, the virus
persists. Also, when I try to remove the virus with the CA antispy, a
message is displayed stating that administrative rights are required. I
am using vista not xp and I've done thorough scans with trend but it
wont go away. Please help!


--
bondoh
------------------------------------------------------------------------
bondoh's Profile: http://forums.techarena.in/members/bondoh.htm
View this thread: http://forums.techarena.in/windows-security/910267.htm

http://forums.techarena.in
 >> Stay informed about: SILLYDL DIC 

On 01/24/2009 02:36 PM, bondoh sent:
> Hi. I also have a problem with the "sillyDl DIC" trojan virus. I've
> tried what was posted but everytime I use CA antispy to check, the virus
> persists. Also, when I try to remove the virus with the CA antispy, a
> message is displayed stating that administrative rights are required. I
> am using vista not xp and I've done thorough scans with trend but it
> wont go away. Please help!

Hello bondoh:

Since your other posts were seemingly to other newsgroups, we don't know
what you've done other than what you've stated above.

Please note - you have posted your Vista trouble on an XP newsgroup.

Please download, update and run MBAM from:

<http://www.malwarebytes.org/mbam.php>

*and*

SUPERAntiSpyware Free Edition from:

<http://www.superantispyware.com/download.html>

Both are freeware.

Might as well let us know your progress here.

Pete
--
1PW @?6A62?FEH9:DE=6o2@=]4@> [r4o7t]
 >> Stay informed about: SILLYDL DIC