Hello fellow members of the fight against unauthorized (not sure if spelled correctly) shit being installed in our computers....

I've got a problem with a bi.dll file.... Norton 2004 with latest virus database never found anything... spybot never found anything.... the moment I switched norton to NOD32 (due norton being sucking up my resources), in my first scan, NOD32 a month ago came up with this file:

C:\Documents and Settings\Carlos\Configurações locais\Temp\bi.cab »CAB »bi.dll - Win32/TrojanDownloader.Stubby.A trojan

and

C:\Documents and Settings\Carlos\Configurações locais\Temp\bi8.cab »CAB »bi.dll - Win32/Spy.BiSpy.A trojan

I have zonealarm always running, and i'm a safe user (i know about the danger of "free" apps...)

how come i got this file again (one month later)??????

can someone help me? tried to google it, but didn't found how I got this...

thanks

Sounds like a varient of ABetterInternet spyware. Run Spybot S&D and AdAware. Those should easily kill it.

I'm not going to answer you WHY in a specific way, suffice to say that it takes more than a once over with Spybot to clean spyware

Next, I want to make note of the path:
C:\Documents and Settings\Carlos\Configurações locais\Temp\bi.cab »CAB »bi.dll

NOTHING in a temp folder, or temporary Internet files is of value, so delete the entire folder on a regular basis.

"bi.cab" has other components in it, if there is something else, example a .exe that is pointing to it, it will extract out its contents to rehijack your browser etc

The bi.dll is a Browser Helper Object, and is part of your hijacker - Adware.BetterInternet
http://sarc.com/avcenter/venc/data/adware.binet.html

There are only usually 2 things you really need to clean a virus or spyware, 1) the name and 2) where its at. Most of the cleanup is using SHIFT+DELETE

so . . .

download this to save you a lot of time and effort

http://securityresponse.symantec.com/avcenter/FixBinet.exe

This small standalone applet will search your PC for signs of this and delete them, leaving you with much less cleanup if any.

Be sure to clean up ALL temp folders and Temp Internet files

ALSO look here C:\WINDOWS\Downloaded Program Files and delete anything you're not 100% sure of.



For the rest of your spyware . .

Open Spybot and go to Mode > Advanced Mode

Now at the bottom select TOOLS and place checkmarks in Activex, BHO, Browser Pages and IE Tweaks

Activex = delete anything that is not named and not essential to your PC use, such as the TrendMicro HouseCall antivirus ocx.

BHO = delete anything that is not named and not essential to your PC use, such as the Acrobat Internet Explorer plugin

Browser Pages = Select them all, change them to google.com

IE Tweaks - I usually use the first two and place checkmarks - its up to you


EDIT - when I wrote my post, there was no other response, so my first sentence was NOT meant to be any form of contradiction

I think Norton AntiVirus didn't catch it because maybe it is unable to scan inside archives correctly. CAB files are compressed files that contain other files inside them. If you download lets say Virus.rar and it has a compressed exe inside of it. If this rar file is password protected Norton will not prompt you that a virus is found or that the archive is password protected (Norton Antivirus 2003 Professional doesn't). Instead it will say that the rar is free of all viruses. This is a bad thing especially if you download another file from the same place as the Virus.rar. The creators of this Virus.rar make an exe (lets call it Virus.exe) that isn't infected and probably never will be. Once this Virus.exe is launched it unrars the Virus.rar unleashing a virus into your system. But if you never launch Virus.exe or download it your computer remains Virus free. If there is no file that is opening that Virus.rar there is no way that Norton will detect it.

Now that you know Norton's evil plan I will tell you about another antivirus company. Kaspersky claims that it "over 900 types of archived and compressed files". Just by that statement alone I seriously think that Kaspersky is a much better anti-virus solution than Norton. http://www.kaspersky.com/personalpro

I have used Norton System Works Professional 2003. I thought I was protected until i downloaded a virus diliberately. Norton said that this file was not a virus, when I knew that it was. The file was inside a compressed archive that was password protected. Norton didn't tell me it was password protected. My current antivirus (KAV) does alert me about password protected archives. A Norton user may think that a password protected archive is free of viruses and will uncompress it with a supplied password. They will use a program that is potentially a virus and then when they get infected complain that the archive didn't contain a virus so the program must not contain one either.

I am not a professional by any means. I do not know much. I'm just sharing my expierences with you. Please don't take me too seriously.

Thank you guys a lot!

Krell, did as you intructed!

Definately Spybot does not catch this, because I run it once a week... NOD32 was the only software that found that file...

Thanks again!!!