Win32.Novarg.A@mm in dbx files

Old problem, no solution. My only concern at the moment is whether any of these are for breakins? Otherwise this is NOT pressing.

Bitdefender continues to come up with the same infected files in my dbx inbox files for Outlook Express. I haven't yet been able to get rid of these files and I wondered if the find files program would help or if there is some dbx translation software, that might put the dbx files into a form to where I could find the contaminated files. Searches inside of Outlook Express and inside of Win Explorer don't work, including system searches, searches of words within texts, date searches, any searches I've been able to think of. I'm out of ideas, except perhaps to change to a different e-mail client. If it's not possible for me to clean these files out, can someone recommend a better e-mail client? That would also work, except that I would like to keep my Outlook Express files of the last years.

I'm running XPhomeSp2, P-IV, 1.8 Ghz. My computer is running well. I will read up on Novarg to see what it does. Since I don't have computer problems that I can notice, I wondered if these things Bitdefender is finding might be in attachments and not loose and active?

Sorry, to keep coming back with the same things. I'll post my logs, but will tell you in advance, I ran them CC, AdAware, & Spybot yesterday, Windows Defender 2 days ago, then Bitdefender & Panda last night and then runkeys and then show-new and then CC again and then Hijack This. If I don't have to do them over again in the right order, I would be grateful. I didn't run windows Malicious, but will. I can also try running Trend Micro or Kaspersky online if this would help. My computer's been coming up pretty clean except for these repeat offenders. There must be a way to clean up these dbx files or maybe just get another client.

Thanks so much.
abri

 

the other two

 

I went to a Bitdefender site and downloaded Antinovarg-de.exe and will try running that.
abri

 

oh, and one last question: why doesn't avg pick up on this one if it's a mydoom variant?
abri

 

I have this in my registry so I think it must be running.

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32

thanks for help.
abri

 

Okay, I did a Kaspersky online scan and it gave the following log which identifies the same viruses, but can't remove them because they're locked.
Thanks for reading this thread. If the viruses are active, I'd like to get them out of there.
abri

 

Hi Chas,
Drive M is where I store all my current OE dbx files. They're not old files and they're not from a different user name. I can't delete the things BitDefender finds, because I can't find them. As I mentioned with an earlier thread, I've actually searched the entire computer for the words and dates that BitDefender indicates, not just the dbx files. That's why I was wondering if there is a way to translate dbx files into something that I can open and look at. I don't have any numbers attached to the dbx files. I don't even know what the numbers refer to.
From within OE, no search (I've tried every search I can think of) comes up with any of the information I'm getting from BitDefender, but I'm more worried at what Kaspersky came up with. I don't know how to tell if the files are active. I do have a change in the registry as indicated in my 5th post which looks like the virus is at least in the registry. When Kaspersky writes that it can't fix the viruses because it is blocked, what is it referring to? I don't like having icky stuff on my computer without knowing if it's doing icky stuff or just sitting there.
Thanks so much.
abri

 

Oh, what I was trying to tell you about the 5th post is that I went to a website to read about Novarg and one of the things it said was if this ComDlg32 was in the registry either under the HKCU path or the HKLM path, then it was an indication the virus was there. I was looking for information that would help me figure out the viruses are active or not. Your comment about this being a legit file is why I don't like just hunting around the internet for information.

Word Pad is not an option in my list of opening devises (??wondering why ... maybe I don't have WordPad at the moment), but I opened it in Editor and as a text it looks like this (as an example):

wDpps/gr0231C0vIfNt5d6SfP8AaI6+dxOG9mfRYPE/YJo5PMPmx/3P9ZUkcfmJ
J0euM9QI/OkXzfk/dv8AJRHHL/qo/wDlp9/y6mYIP+viL+PZ5dJH5Un7qSX/AFf/AJEqgGxyfJ9l
+d0/g/jqKSOXZ5Ucu87/APlpQA2T7/m/fNNuI5f+B/8APSOpgDG+XIUSKSJH8z/lpUL/ALz/AFkT
7/8AnpH/AMtKk0HZ/wCenzvUcsnmJ5UnT7lHxkaDZI​

I didn't understand in my Kaspersky log why it says "object is locked". It said this for everything it found. Could that mean that it was locked by a previous antivirus program? Or do you think it might be locked by the virus itself? Or, possibly by Outlook Express? In the last year I've used Nortons, Kaspersky 6 and AVG free, and so it surprises me the viruses are still showing up in the scans. In the Kaspersky log file, it lists 13 infected objects. One is:

C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft\Crypto\DSS\MachineKeys\92c65e2e2ccb44dd6aef001d65c0e1ab_ca37b8bb-ea16-4c0c-b2f7-5dba26e15d13 Object is locked skipped

I don't know what the MachineKeys in the above pathway refers to. It sounds important. Dokumente und Einstellungen is Documents and Settings. Anwendungsdaten is maybe Applications or ApplicationsData in English. I'll check that when I'm on an English computer.

I've been thinking about this problem for some months, and the problem about my changing to another e-mail client is that I would need to import my working files from Outlook Express. I imagine as soon as I import anything, I would simply take the viruses with me.

There's a tool called AntiMyDoom-DE.exe that I can try running, but I don't recognize any of the websites that are recommending it. I found the Engllish version called AntiMyDoom-EN.exe at this site: http://www.pro-support.de/antivirus.shtml
One of the tools at the German site is called Antisober-DE.exe which is in a simple listing of removal tools at http://sicherheit.altmuehlnet.de/sw/removals.htm

Generally, I can only run the -DE versions of programs. (I wonder who had the bright idea of coming up with a German-language microsoft computer, German referring to something in the programs itself, not just the interface.)

Should I try running this?
Sorry, I'm running out of ideas.
abri

 

Thanks Chas! That was a very long post and I appreciate all the details!
I know this has been simmering quite awhile on the back burner while I was away. My son suggested I switch to Thunderbird, which I would like to do. I foresee the obvious problem, that if I import the e-mails from Outlook Express, the viruses will still be there. Is there any chance that I will have better luck locating them in Thunderbird than I had in Outlook Express, since I wasn't able to translate the dbx files in Outlook Express? Will that be the same problem in Thunderbird?
Thanks!
abri

 

oh..