HTML.Daemonize.Loader .A

[sharksrevenge]

Hey guys -

I can usually depend upon certain progs to find things when one of my systems start acting strangely (the usual Plan A to Plan B thing always seems to cover the bases generally and clean any problems away when it comes to viruses and the like), but...

after ten days of online-hades and a multitude of purchased scanners and then five or six online scanners came up clean at least six times over each and every one of them.  then suddenly today *95 infected files* of the above name and other various names were found by bitdefender *only*.  This is not significant, until I start thinking that for 10 days straight, problems on the pc the whole time, all these other scanners and sites have no mention of the above *at all* -- they all every single one of them, day after day (yes, I sat here for ten straight days on the XP machine not two months old to the right of me scanning day and night straight thinking I had a new variant that sooner or later would show on the big name scans somewhere, while I worked on the pc to my right that was having no probs).  Then suddenly, from all those clean scans for ten days straight, all those big name company scans both purchased and

I can't help at this point but be skeptical here - I find no description but a vague one in google (largely only sitting on bitdefenders site only) about this HTML.Daemonize.Loader .A thing -

Now, being the girly girl I am, I SURE was happy to have something ** anything ** find *something* on my pc which was causing me such grief...

but what the heck is the above ?  And if I can find no description of it - no cross reference on other virus sites including this one about it, how can I sleep tonight with faith that I actually *stopped* something real and that it won't be in here tomorrow morning all over again - is kinda the way I see it.    So if ya'll would, I'd appreciate ya'll tellin me something so I sleep a little more confident tonight


so my question is,

what is HTML.Daemonize.Loader .A    -- that bitdefender found,  why can't I find any cross reference on any other antivirus site about that name (or a cross reference to it related to BitDefenders assignment of that name).  It was not the only thing found in the *95* but it showed up significantly suspicious as having been a part of what I experienced (that took me away from work and the like)...

It feels like if this were a significant 'issue' this HTML.blah thing, that it would be crossreferenced at some other site too not just bitdefender.  But heck, let's face it, I can't know much or I'd not have been infected in the first place is how I see it, so I'm obviously clueless about how to procede.  Is there a name on this site here that I'm just not finding in the search that is your all's version of this 'nuisance' or whatever it is ?  

Tell me, please, what is this - well, virus/trojan/backdoor/worm/whatEVr this thing is - this HTML.Daemonize.Loader .A  - and why don't I find it on more than one site ?  It can't be that new can it ?   Is it such a 'non threat' that perhaps bitdefender is the only one that bothers to reference any variant at all maybe ?   If so, it must have been one of the others that wrecked-havoc on my pc but man when I find out which one it was - "to the mooooooon" with it lol.   Thanks for any insight, I really appreciate it.

I imagine it's obvious I'm a person that just can't stand being in the dark.  It's probably also obvious that if I'm gonna be hanging around pc's all day it's best I get used to night-vision-goggles too )

Wishing you all *peace* and thanks again for any help understanding !

LWS

[Max M.Wachtel III]

Well from what I could glean from google it is some kind of ad-ware/spyware."fatbonuscasino". Run some anti spyware/ad-ware programs.
What scanners have you used? Some of the best ones are free. Some of my favorites:
Ad-Aware
Spybot Search + Destroy 1.3
Spyware Blaster
Spyware Guard
CW Shredder
HijackThis

There are also some online AV scanners from most major companies.Hope you can so;ve your problem
-max

[sharksrevenge]

Hi Max !

Every one you mentioned, I tried, and the online scanners - likely all the ones you can think of.    McAfee AVERT Stinger latest online, Norton (both onboard which after awhile I suspected had been tampered with, and online), Panda online, Trend online,  all over and over round and round just constant scanning and came up clean for ten days.    Coming up clean, I ran Adaware, Swatit Trojan, Spybot, anything I could think of or come up with on Google, came up clean.  I perused WilderSecurity which I've learned to depend on their advice for years as it's worked without fail, and did all that was suggested that I hadn't already been doing.  I even was punching in all the ports I was being probed on (every two minutes for days on end from masked IP's hoping to find any reference at all of a Virus name and when I would, I'd go run the 'removal tool' from different big-name sites, Symantec first then all the others, and all came up with nothing.  Finally, Bitdefender's found *95* files.  I mean, how can they all miss *95*    

I run on startup:  Norton Antivirus 2004 up-to-the-minute-manually-updated-definitions daily I don't even wait for live-update, Spywareblaster, Spywareguard, Spysites, DiamondCS Wormguard, ZoneAlarm, Blackice (newest, with popup-permissions for everything manually setup and a password on it), Sygate Personal Firewall, XP's firewall is enabled as well though we all likely know that's next to wishful thinking to even use that one smiles at ya.  I pathologically check for all of them their software version updates every three to five days, and for definitions every single day at startup.   Brand new machine not two months old now tickin like a clock for two months straight from the box, XP Home and Windows-Updated daily on startup.  There is nothing more I can do to update this thing, it's a textbook example of 'updated'.   I've even got all my lsass abilities disabled because I don't need them myself on this machine, so there's noway even THAT can be exploited lol.   Been runnin like this with the same software for five years straight, 24/7 on a cable modem working, and this is the first time ever anything ever got by all that, so I'm still feeling lucky.  But this thing, this was a real loser to get rid of !  

I think it's obvious now too, that there is noway in heck I'm gonna continue using Symantec either, it appears whatever it was was able to redirect all the Symantec program events to other than where they were supposed to be going (as in live update errored etc) and perhaps Norton Antivirus wasn't even really *scanning* emails incoming at all anymore.   So um, if something is able to turn it off, then it's not tight enoough for me.  Even if it were the best (which it's not), I'd still be telling myself now that the odds are more in favor of me betting on an antivirus that COULD be tight, than continuing to bet on one that FAILED lol.  So whoosh goes Symantec out the door, and in comes the totally different make of antivirus I purchased yesterday.  

Thanks for replying Max, I really appreciate that !  Wishing you the best of days !

LWS

[whocares]

I run on startup:  ... ZoneAlarm, Blackice .., Sygate Personal Firewall, XP's firewall is enabled as well

you run 4 Firewalls simultaneously ??
maybe this is what kicked NAV over the edge..  
Decide which one you like best, and deinstall the other 3..

as with AV-OnAccess-Scanners, you shouldn't have more than 1 active Firewall !!
more can lead to system instabilities and usually does NOT increase security, quite the contrary..


Info on your Daemon-Loader:
http://vil.nai.com/vil/content/v_100715.htm
Bitdefender found the files all in your Outlook/mail-folder ?

either NortonAV really didn't scan  your mails any more, or Symantec didn't consider this quite as dangerous..

[DavidR]

This is a new trojan/malware varient of the Exploit.HTML.ObjData and as such not recognised by many AVs.

Further information can also be found at http://www.viruslist.com/eng/viruslist.html?id=1625393 which backs up what whocares posted.

There were two security bulletins and patches issued by MS last year, links to these are in both reference links.

When a security bulitin comes out, what happens is that it draws attention to the vulnerability to the virus hackers/script kiddies and they exploit the vulnerability and for most part are very successful because most people don't bother to keep their OS fully patched and up to date.

The moral to this tale, get to windows.update on a regular basis, preventation has to be better than the cure.

[sharksrevenge]

Thanks Who & David !

Yah I've known about the multi firewalls warning for years, and for years I've been online direct cable modem with multiple ip's  24/7 with multi firewalls, the same multi firewalls, and never had a virus/trojan/worm/anything until ten days ago - that's a pretty good run I had goin on there and believe it or not with multiple-firewalls.  

So I've always been more than skeptical about  the warning that 'conflicting firewalls cause firewall failure' , because my experience has been quite the opposite over several operating systems and many many many months of direct full-time use (and I'm sure you can see why I'd be skeptical with four pc's running 24/7 for 4 years straight (all running email clients all that time and variously different hardware but identical multi-firewall security versions - and *not one virus until ten days ago*- I mean, it's pretty hard to insist firewalls always fail when someone's own experience with different hardware but identical multi-firewall software is such as mine has been ya gotta admit-for how can I just be that coincidentally lucky I figure, right?) -  it's of course possible that firewall technology has perhaps evolved toward that end to-date though I'd have to admit that possibility.   And even with my experiences though, I'd be a fool if I totally discounted the warning.   I think with that kind of long-term lab experience though on a first hand basis, you understand why I question it as an overall-rule.   Hard to find others with that kind of experience too, so running multi-firewalls thus far has certainly not hurt my security seemingly (even if that itself is a fluke).  

And yah, bitdefender found them all in my Netmail (never use Outlook) profile (latest Netscape ver).    Ref: Windows Update:  I'm pathological about doing windows update - every day, because I run so many email clients on so many machines, I have this rigid routine, reboot - check for security program software updates >> check for definition updates >> check for Windows Update.  I've always been that careful as a rule because I figure an ounce of pre-vention every single morning at startup of the morning saves lots of woe down the road - and in fact it's worked for four years now because this is the first one I've ever got any form of virus/trojan/worm/whatever thankfully.  

Wow too, David I have to thank you on that answer up there, it's exactly the detail I was looking for about the condition - a *name* to the face that 'played with me' for ten days !  I'm serious, I was freakin out when searching for the name and finding only some obscure reference and a vague blurb only and nothing else anywhere !  It was as if this terrible scourge was a ghost !   OK - so now, even if it comes back, the loser lol, I'll at least *know it's real identity* and won't be so taken aback.   Man I really do not enjoy an unknown foe, I'll sleep much better now (picture Zena now, poised thusly lol)  ~ Thanks so much !  

All you guys rock!   I can only hope to have some useful info down the road myself so that I can pass along the karma in-gratitude.

Very much obliged to all of you,

LWS