Backdoor.Downloader: OK7VUWXF\logo[1].gif [SOLVED]

[Footloose]

Hi from Australia,

 

For a couple of weeks now (at least) - IOBit Security 360 has found Backdoor.Downloader in a Temporary Internet File; namely Logo[1].gif or Logo[2].gif

 

This gif image is the "Google Australia" Logo image.

 

No matter how many times I quarantine the "infected" file - it reappears in a scan, after I've surfed the net.

 

No other Security software scans have located ANYTHING, apart from the regular Tracking Cookies.

 

When the Security 360 scan is complete & the "infection report" is there - I can right-click on the infection name & "go to entry". When I right-click on the "infected" file & select "Scan with IOBit Security 360" - the scan finds nothing.

 

No infections have been located in Registry [by any other scanners]

 

Following a scan with IOBit Security 360 & having quarantined the "infected file" - a subsequent scan (performed immediately after quarantining) finds nothing. This indicates - that the "infection" hasn't "jumped off" onto another location after "detection".

 

This persistant "detection" is driving me crazy. Any help would be very much appreciated.

Many Thanks,

Robert

 

P.S. Can someone help explain to me HOW to password protect a zip file please ??

 

LOGFILE [for a Quick Scan] :

 

IObit Security 360

 

OS:Windows XP

Version:1.4.1.11

Define Version:1339

Time Elapsed:00:04:27

Objects Scanned:57194

Threats Found:2

 

|Name|Type|Description|ID|

Tracking Cookies, Cookies, Cookie:footy@f2network.112.2o7.net/, 7-10

Backdoor.Downloader, File, C:\Documents and Settings\Footy\Local Settings\Temporary Internet Files\Content.IE5\OK7VUWXF\logo[1].gif, 9-70140

[wozofoz]

ZIP file

 

Welcome to the forum Footloose :smile:

 

P.S. Can someone help explain to me HOW to password protect a zip file please ??

 

Please see Post# 5 of Guidelines and Requirements for Reporting a False Positive thread in the Usage of IObit Products section :-)

 

All the best, woz of oz

[Footloose]

Reports - Backdoor.Downloader

 

Hi Wozofoz,

 

Thanks for pointing me in the right direction.

I have sent an email to IOBit's "report" email address.

 

I was unable to upload the following URL. The upload window said it was an invalid file.

https://www.virustotal.com/analisis/d72a288c35975bfcc84620e90339eb3b5f000fb6517a5d953a6f1ab7a28f8d78-1244507747:

Invalid File

 

VirusTotal's Analysis says it was 0/40.

 

I'm having trouble getting anywhere with browsing. The links [when clicked on] will not load at times. Today - this problem has been horrendous.

 

The original IS360 Report :

 

LOGFILE [for a Quick Scan] :

 

IObit Security 360

 

OS:Windows XP

Version:1.4.1.11

Define Version:1339

Time Elapsed:00:04:27

Objects Scanned:57194

Threats Found:2

 

|Name|Type|Description|ID|

Tracking Cookies, Cookies, Cookie:footy@f2network.112.2o7.net/, 7-10

Backdoor.Downloader, File, C:\Documents and Settings\Footy\Local Settings\Temporary Internet Files\Content.IE5\OK7VUWXF\logo[1].gif, 9-70140

 

Thanks for any assistance. Hope I've forgotten nothing this time.

Cheers - Rob

IObit Security 360 Report - infection copied to destop.txt

[solbjerg]

Hi Footloose

I haven't seen an answer to your question about zip file password, so here is my two bits about that:

Creating a password for a zipped file:

 

First create the zipped file by right clicking and choose Send to then choose compressed folder.

Then right click this newly compressed folder (zip file) and choose explore

In the window that comes up go to File in menu line and choose add password.

If it is infected files you are sending add the password "infected"

That's it I think :-)

Cheers

solbjerg

 

Hi Wozofoz,

 

Thanks for pointing me in the right direction.

I have sent an email to IOBit's "report" email address.

 

I was unable to upload the following URL. The upload window said it was an invalid file.

https://www.virustotal.com/analisis/d72a288c35975bfcc84620e90339eb3b5f000fb6517a5d953a6f1ab7a28f8d78-1244507747:

Invalid File

 

VirusTotal's Analysis says it was 0/40.

 

I'm having trouble getting anywhere with browsing. The links [when clicked on] will not load at times. Today - this problem has been horrendous.

 

The original IS360 Report :

 

LOGFILE [for a Quick Scan] :

 

IObit Security 360

 

OS:Windows XP

Version:1.4.1.11

Define Version:1339

Time Elapsed:00:04:27

Objects Scanned:57194

Threats Found:2

 

|Name|Type|Description|ID|

Tracking Cookies, Cookies, Cookie:footy@f2network.112.2o7.net/, 7-10

Backdoor.Downloader, File, C:\Documents and Settings\Footy\Local Settings\Temporary Internet Files\Content.IE5\OK7VUWXF\logo[1].gif, 9-70140

 

Thanks for any assistance. Hope I've forgotten nothing this time.

Cheers - Rob

[Footloose]

Hi Solbjerg,

 

Thank you for your response. Very much appreciated.

Wozofoz did respond; pointing me to a "sticky note".

I have Winzip 12 - which has a different "File menu", which I eventually had success with.

 

I'm looking forward to hearing that my problem is a False-Positive <sigh>

 

Cheers for now - Robert

[hxin]

Hi Wozofoz,

 

Thanks for pointing me in the right direction.

I have sent an email to IOBit's "report" email address.

 

I was unable to upload the following URL. The upload window said it was an invalid file.

https://www.virustotal.com/analisis/d72a288c35975bfcc84620e90339eb3b5f000fb6517a5d953a6f1ab7a28f8d78-1244507747:

Invalid File

 

VirusTotal's Analysis says it was 0/40.

 

I'm having trouble getting anywhere with browsing. The links [when clicked on] will not load at times. Today - this problem has been horrendous.

 

The original IS360 Report :

 

LOGFILE [for a Quick Scan] :

 

IObit Security 360

 

OS:Windows XP

Version:1.4.1.11

Define Version:1339

Time Elapsed:00:04:27

Objects Scanned:57194

Threats Found:2

 

|Name|Type|Description|ID|

Tracking Cookies, Cookies, Cookie:footy@f2network.112.2o7.net/, 7-10

Backdoor.Downloader, File, C:\Documents and Settings\Footy\Local Settings\Temporary Internet Files\Content.IE5\OK7VUWXF\logo[1].gif, 9-70140

 

Thanks for any assistance. Hope I've forgotten nothing this time.

Cheers - Rob

 

Hi Footloose

I'm sorry I came late.

You can upload to http://www.wikisend.com or send us your suspicious file(logo[3].gif), give me the link and then we can further investigate it.

Thanks for your feedback.

We are looking forward to your reply.

[Footloose]

Hi Hxin,

 

Thanks for your response & suggestion. I have uploaded the password protected zip file to wikisend : http://wikisend.com/download/443272/logo[3].zip

I hope this is what I was supposed to do.

Thanks for your help.

Cheers - Robert

[hxin]

Hi Hxin,

 

Thanks for your response & suggestion. I have uploaded the password protected zip file to wikisend : http://wikisend.com/download/443272/logo[3].zip

I hope this is what I was supposed to do.

Thanks for your help.

Cheers - Robert

 

Dear Footloose

After investigation, we have assured that it's a false positive. Sorry for the trouble we have caused to you.

 

We will solve this issue in our later update definition 1401.

 

Thanks for your support.

[Footloose]

Many many thanks Hxin,

 

I look forward to d'loading that update. Keep up the good work. Your products (including IS360) are all a valuable aid in computer maintenance & safety. I appreciate the efforts of IObit & all Forum Members. Cheers for now,

Robert

[hxin]

Many many thanks Hxin,

 

I look forward to d'loading that update. Keep up the good work. Your products (including IS360) are all a valuable aid in computer maintenance & safety. I appreciate the efforts of IObit & all Forum Members. Cheers for now,

Robert

 

Dear

 

Thank you for your affirmation of our products and my work. We will try to do better and more perfect.

cheers!

[Footloose]

Hi Hxin,

 

I'm afraid that I have some "bad news". Definitions Version 1401 didn't rectify the problem. The "Google Australia" logo GIF image is still being recognized as Backdoor.Downloader

 

Back to the drawing board ???? <grin>

 

Cheers - Robert

[hxin]

Hi all

 

I'm very sorry we made a mistake about "Google Australia" that can't be solved in our version 1401.

We will solve this issue in our later update definition 1402.

[Footloose]

Hi Hxin and All -

 

It appears that Definitions Update #1402 didn't rectify the problem on my PC. I am starting to wonder whether or not this problem is peculiar to my machine.

 

Does anyone else experience IS360 detecting the "Google Australia" logo GIF as Backdoor.Downloader ???

 

Thanks for any help.

Cheers - Robert

[Footloose]

A Win

 

G'day All,

 

It seems that Definitions #1404 has done the trick. An IS360 scan is no longer finding Backdoor.Downloader in the "Google Australia" logo GIF.

 

However - Today, I also fought to find a solution to another problem my PC was having : not loading web-pages. Following several on-line scans (each company finding different infections in different locations) - I changed from AVG9 FREE to AVIRA Personal, as my A/V software. I allowed AVIRA to quarantine EVERYTHING it found (mostly variants of Trojan.Agent)

 

Following this monumental alteration/cleansing - I am now able to surf the net PROPERLY.

 

I am, of course, going to give IObit the benefit of the doubt - and permit them the applause for having overcome the "Google Australia" problem. Thanks IObit !!!!!!

 

Exhausted - I'm now going to bed; and shall sleep soundly.

Cheers for now - Robert :grin:

[wozofoz]

Good one

 

Great news cobber :-D

 

I think you will be very happy with Avira.

By the way, do you know about the AVG cleanup tool ?

Have a look @

http://www.avg.com/us-en/download-tools

 

All the best, woz of oz