something D/L'ed to my computer

being that i dont have it set to automatically download files, i saw the download box (and click don't download of course )

the filename was README[1].TXT demo.exe and its from beech-info.com

and id say its most likely a virus/trojan

id recommend you get your virus scanner into gear ASAP

sincerely, Michael

Don't come to the conclusion that it's a virus yet.

If your computer starts playing up then start to come to that conclusion most probably it's harmless

Considering the circumstances, I'd say ditto to ihateangle. Nothing bad can happen from being a little paranoid. But just imagine what could happen if you did nothing...

Whenever I download anything I always do a full virus scan just in case!

Quote: Originally posted by The Webmistress
Whenever I download anything I always do a full virus scan just in case!

lol and here i am not using one at all! lol

I tried the link but got nothing
download spybot (better than adaware) and run that as well as virus scan

Quote: Originally posted by Busy
I tried the link but got nothing
download spybot (better than adaware) and run that as well as virus scan

One of my personal favorites is Spybot Search & Destroy. It does a good job of cleaning up things like trojans and spyware.

The fact that the file was named readme.txt.exe indicates that it is very suspicious. A lot a viruses are sent out this way because if you have the option to 'hide file extensions of known file types' turned on, the file looks like readme.txt so you click on it and activate the payload

Thanks for the info. I did a scan and nothing was detected. Downloading Spybot-S&D now. I am really considering contacting these people and letting them know what I think about their sneeky underhanded tricks. BAH!!

Will the spybot get rid of whatever this is from my computer?

What setting do I use to prevent the automatic download? Would it be
Tools >> Internet Options >> Advanced >> Enable Install On Demand (uncheck this?)

Quote: Originally posted by disaster-master

Will the spybot get rid of whatever this is from my computer?

What setting do I use to prevent the automatic download? Would it be
Tools >> Internet Options >> Advanced >> Enable Install On Demand (uncheck this?)

Spybot will get what a virus scanner won't.

Definitely uncheck the Install on Demand. There are two, one for IE and the other for Other. If you uncheck IE, Windows Update won't work but definitely uncheck Other.

*downloads spybot*

I've been using Adaware 6. I'll check this out too.

Thanks mairv, I will definately uncheck those.

I ran the spybot and it detected a bunch of stuff. I got sorta nervous about the ones that had something to do with the registry and didn't check those to be fixed. I try to steer clear of that part of my computer. Should I have let it fix everything?

I was unable to find anything on this file, README[1].TXT demo.exe or demo.exe, when I did a search for files or folders by this name before I installed the spybot. I didn't see in the list when I ran spybot either. How do I know for sure it is gone?

I have never had a problem with it deleting anything in the registry. If it is a running process, it will require a reboot so that it can load before the program delete it. Mostly what it picks up on mine is cookies. I have used to get rid of Gator, Bonzai Buddy, Tool Buddy, Comet Cursor, Xupiter and their ilk.

You should be safe if neither found anything. To be safe, you can try an online virus scan and/or dump your browser cache.

mairvings spybot is the same one as I mentioned.

disaster-master when you run spybot it will display a list of results, some checked, some unchecked, the unchecked ones are usually ok but you can remove them if you wish, if you remove something and wish you didnt click on "restore" (icon under search and destory) and you can restore them. if you have no bad stuff it will say at the very top "congrats no spy stuff found" or something

I've been using this for a while and havent had anything to clean in months, I use "cookiewall" as well (which asks me what cookies to accept or deny) so I never get any bad cookies. also use "startupmoniter" which asks me what files can add itself to the registry, so nothing installs itself without me knowing.

Now if only this thing would make coffee ....

busy, you explained exactly what I saw when I ran the program.

I never did find the "README.TXT demo.exe" file but I did a file files or folders search where you can use the date option and got the most recent which was the exact time that I accessed the site.

There were three files that were there with one copy each in:
C:\WINNT\System32 has two .dll files
C:\Documents and Settings\Sonia\Local Settings\Temp has two .dll files and two .exe files

I also called the people at trinity communications. They said that they had no knowledge of this and would get back with me when they found out what was going on. The guy honestly sounded like he didn't have a clue.

I know you guys think I may be overly cautious with this but I am stumped and don't want this to happen again.

It just seems to me that what ever this download is at trinitycommunications is not coming from their site per se but somehow the beech-info.com is making it do this. Reckon that could be possible?

Sorry for the long post. I am in detective mode.

Do they have adds? Some ads load more than an image. And perhaps there was a malicous ad.

No, doesn't look like they do. I even checked their code.

The man emailed me back and said that he didn't see it. I am gonna send him this screenshot.

Oh and it still downloads even though I have unchecked enable install on demand.

disaster-master are you using IE6 ?
if so update your patch/s if not don't worry about this

and as they say, better to be safe than sorry

Well crap! Yes, I am using IE6. I didn't think to check other browsers but Opera or Mozilla doesn't download anything. IE6 does.

What this does is it really makes me want to go to IE6 and hit the uninstall button intead of getting another freaking update.

Thanks busy. I will try that.

You were right busy. The patch fixed it. I can't belive that I spent hours on end yesterday trying to figure this out and that is all it was.

I still don't understand why/how the file was downloading from one site while I was on another. That one has me stumped.

Thanks for all the help.

The joys of Microsoft