Can somebody please help me! I have the same trojan, and I cant rid of it. I've tried getting rid of it with Norton, but it dosen't work. It keeps coming back. If anyone knows how to get rid of it, could they PLEASE e-mail me. CherryBl0ss0mX@aol.com

0

Norton can't repair the belt.exe on my WIN98 PC. Can someone provide a fix to get rid of the Trojan virus? Also, if needed, where can I obtain a new belt.exe?

0

hi there My pc is infected with belt.exe, is there anyone who was able to remove it and is able to explaine to me how to also thanks tova123

0

We have the same problem - WindowsXP - again Norton Internet Security 2003 can't delete it or quarantine it. Have tried running in Safe Mode to scan and delete - failed. Also curious what this Belt.exe file is that is infected with the Download Trojan.........anyone know. Please help.

0

I have XP too and can't remove it - someone email me with the removal info please!!

0

I've contracted this nasty one myself. The AVG Healed it but the damage appears to be done. My Internet connection is sluggish at best. Operating System: Windows 2000 Pro Antivius Log: D:\Documents and Settings\Administrator\Local Settings\TEMP\BELT.exe repaired D:\Program Files\INTERN~2\OPTIMIZE.exe repaired D:\WINNT\BELT.exe repaired Viruses Detected: Downloader.Dyfica.H Downloader.Stubby.A Actions Taken: The infected files are no longer there. I ran the latest Adaware and Search and Destroy and cwshredder to remove any offending spyware. My Internet connetion is still affected. Not sure what goobers are still mucking up the system. Any help would be greatly appreciated. Here is a HijackThis scan log: Running processes: D:\WINNT\System32\smss.exe D:\WINNT\system32\winlogon.exe D:\WINNT\system32\services.exe D:\WINNT\system32\lsass.exe D:\WINNT\System32\Ati2evxx.exe D:\WINNT\system32\svchost.exe D:\WINNT\System32\svchost.exe D:\WINNT\system32\spoolsv.exe D:\PROGRA~1\Grisoft\AVG6\avgserv.exe D:\WINNT\system32\CTsvcCDA.exe D:\WINNT\system32\regsvc.exe D:\WINNT\system32\MSTask.exe D:\WINNT\system32\stisvc.exe D:\WINNT\System32\WBEM\WinMgmt.exe D:\WINNT\system32\MsPMSPSv.exe D:\WINNT\system32\svchost.exe D:\WINNT\system32\Ati2evxx.exe D:\WINNT\Explorer.exe D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe D:\Program Files\Ahead\InCD\InCD.exe D:\Program Files\Creative\ShareDLL\CtNotify.exe D:\WINNT\system32\spool\drivers\w32x86\3\hpztsb07.exe D:\Program Files\Winamp3\winampa.exe D:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe D:\Program Files\Creative\SBAudigy\Taskbar\CTLTray.exe D:\Program Files\Creative\ShareDLL\MediaDet.exe D:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe D:\Program Files\WinZip\WZQKPICK.exe D:\Program Files\Internet Explorer\IEXPLORE.exe D:\PROGRA~1\Grisoft\AVG6\AVGCC32.exe D:\HijackThis.exe R3 - URLSearchHook: (no name) - 3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar1.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar1.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINNT\System32\msdxm.ocx O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [ATIPTA] D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [NeroCheck] D:\WINNT\system32\\NeroCheck.exe O4 - HKLM\..\Run: [InCD] D:\Program Files\Ahead\InCD\InCD.exe O4 - HKLM\..\Run: [Disc Detector] D:\Program Files\Creative\ShareDLL\CtNotify.exe O4 - HKLM\..\Run: [UpdReg] D:\WINNT\Updreg.exe O4 - HKLM\..\Run: [CTStartup] D:\Program Files\Creative\Splash Screen\CTEaxSpl.exe /run O4 - HKLM\..\Run: [Jet Detection] D:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] D:\WINNT\system32\spool\drivers\w32x86\3\hpztsb07.exe O4 - HKLM\..\Run: [WinampAgent] "D:\Program Files\Winamp3\winampa.exe" O4 - HKLM\..\Run: [AVG_CC] D:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP O4 - HKLM\..\Run: [FSWebServer] D:\Program Files\Easy File Sharing Web Server\fsws.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe O4 - HKCU\..\Run: [TaskTray] D:\Program Files\Creative\SBAudigy\Taskbar\CTLTray.exe O4 - HKCU\..\Run: [Taskbar] D:\Program Files\Creative\SBAudigy\Taskbar\CTLTask.exe O4 - Global Startup: Adobe Gamma Loader.lnk = D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: InterVideo WinCinema Manager.lnk = D:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office\OSA9.exe O4 - Global Startup: WinZip Quick Pick.lnk = D:\Program Files\WinZip\WZQKPICK.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: &Google Search - res://D:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: Backward &Links - res://D:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cac&hed Snapshot of Page - res://D:\Program Files\Google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: Si&milar Pages - res://D:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate into English - res://D:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM) O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/0fb5e03023def1/housecall.antivirus.com/housecall/xscan53.cab O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

0

I'm not familiar with the Hijackthis program Chris mentioned, and Ripper's and Tom41's replies were way over my head. My problems started when someone tried to download "Messenger Plus" into our computer. The installation gave an option to add a program that installs other free software programs for you. The person trying to install the instant messenger program not knowingly, selected this option. 3 times now I have logged onto my computer and we get all kinds of stupid software programs installing into my computer. (Icons showing up all over my screen) And of course I have been having an influx of 3rd party pop up ads. The messenger plus home page tells us we can un-install the program and re-install without the free software program. But I have been to the control panel several times and every time I try to un-install, I get a message that it can not do so at this time and try again later. I have been able to un-install the free software programs (but within a few days they are re-installed!) My nortons virus program detected 2 trojan virus' and deleted one. The other I have to go to the start button, search, search files to find the infected Belt.exe file. It was in a downloaded zip file. I just deleted the whole zip file. So while nortons doesn't detect a virus, I still got the group of free software downloads appear on my screen again last night. With regard to the pop-ups. I found I can stop them if I set my internet options security feature to High, where no 3rd party cookies are allowed. Only problem there is that setting does not allow one to log onto sites that require them (e-bay is an example of that) Any one with suggestions as to how to be done with this for good, please feel free to e-mail me.

0

ok win XP - find the belt.cab file and the setup files associated with it - and delete them all. (type - belt.exe into a search on your computer and it will tell you the folder this is located in. Find all the files, and delete them. It solved my problem 100%

0

I have the same virus, Windows XP, Norton 2003 can't get rid of. I've very little computer fixing knowledge so any help would be greatful SaphyreJC@aol.com

0

I caught belt.exe, using Norton. As others have said, Norton couldn't fix, quarantine, nor delete the infected file. However, Norton did show me part of the directory that belt.exe had hidden itself. I run XP, and it had hidden itself in Desktop and Settings, in a "hidden" folder. Once I chose the "show hidden folders" option, I found the folder belt.exe was in, and deleted it. Norton now says my comp is clean.

0

Norton caught & quarantined it on my system this AM. I then ran spybot to see if I could find it's origin, but Spybot didn't find it. I ran HiJackThis and it was found. It was not in my system registry or running programs as some have advised elsewhere. I did find a BELT zip file and noticed it was downloaded several days ago, so am wondering why I haven't had any problems until today. Not sure where it came from, but am thinking it was attached to another download. Anywho, I did a search for BELT under "find files and folders" and deleted any bearing that name(not associated with other programs). That worked for me. For reference, I am running 98SE. Hope you guys can get rid of it as well.

0

Thanks Demonicus that worked perfect.

0

You have solved the problem for me too Thanks Demonicus !

0

My belt.cab was in Zip format too...which is why Nortons could not repair it. All I did was find the trojan cut paste it in nortons quaratine folder and open the zip file. Once it was unzipped in quarantine Nortons found it and deleted it on the spot! No more virus! IM me if anyone needs help Torn DJ(AIM) Structure619 (yahoo)

0

I have the trojan belt.exe. I followed Nortons method of removal which simply did not work. Any one with any suggestions how to remove it would be greatly appreciated

0

Same as the rest of you...I'm using Windows 98 was doing live update with my Norton Anti-Virus(2000) when the "alert" message came up saying that the Belt.exe file had been infected with Download.Trojan virus. I fooled with it all day and as everyone has said, Norton quarantined and deleted one but I could not do the same with the other. "It" told me it was located at C:\Windows\TEMP\Belt.cab and I would run the scan on that file with the same results so under Find-Files I did the search and then just deleted the file and now the scan shows no virus. MY QUESTION: I'm not very computer literate, especially when it comes to fixing anything so did I delete a file I needed? What did this virus do? Did it steal any of my information? I didn't have any problems with my computer, the only way I knew it was there was the anti virus program. So I'm just worried about what damaged it may have caused that I may not know about, if someone has information from my computer and if I deleted a file that was necessary. Any enlightenment would be appreciated. thanks

0

This morning while on the internet my Norton AV Detected the following Virus: Source: D:\DOCUME~1\john\LOCALS~1\Temp\Belt.exe Click for more information about this virus : Download.Trojan I just down loaded the latest Virus Definitions from the web site last night. So I think Norton caught it. There appeared to be other file associative with Belt.exe i.e.(belt.cab,, belt.ini, bilt.inf, biini.cab, biini.inf and bi.ini) I was able to delete all of these files. But my question is, should I be worried about my registry? I opened bini.inf [version] signature="$CHICAGO$" AdvancedINF=2.0 [DefaultInstall] CopyFiles=CopySystemFiles,INFFile AddReg=RegistryEntries [CopySystemFiles] bi.ini,,,34 [INFFile] biini.inf,,,34 [DestinationDirs] CopySystemFiles=10 INFFile=17 [RegistryEntries] HKLM,Software\Dbi,"BIT1o2pListSPos",,"8810" [SourceDisksNames] 1="CAB File",,, Should I be worried John

0

The download.trojan,when activated sends info to a url of the author's choice.It enables more trojans and programs to be downloaded. De activate system restore.Remove all references to belt.exe and info files etc from the registry. Make sure you have selected to show hidden files, then do a search for "belt." You will find a 'cab file somewhere (mine was in c:/documents and settings/**user/temp/temporary internet files)and delete or drag and drop to the bin. Restart and run AVG or Norton again.

0

Thankyou to SmartRob and Demonicus. I have followed instructions and appears to have rid the computer of the infected files. Question: I presume it is okay to reactivate the System Restore facility after having run the Norton Antivirus check? Using Windows XP.(See Response No 10) I'm not computer literate enough to be safe working deep in the Registry files, so hopefully my deleting the files after running START / FIND etc is sufficient. Norton couldn't detect any further infection. Ran LiveUpdate and the Virus Definitions list dated 17/11/03 as the latest on that computer. Any further advice would be appreciated if I've missed something. This website is great! Many thanks. (By the way - other than re-resgistering which is what I did - does anyone know where the link is (if there is one) that you can activate if Computing.net keeps saying your password is invalid (ie Forgotten your password) (have re-registered today with the same password to get around the problem - so will see tomorrow if I have the same issue again. Rhona

0

I had this one too! I think I've gotten rid of it though. I've run Ad-aware, Spybot, Norton and Hijackthis as well as doing a file search for anything with Belt in it. It seems to be gone, but I'm having major problems with IE 6.0 kicking me out. Should I be doing anything else?

0

How do I deactive system restore in window 98?

0

here is my new log for hijackthis. please tell me what i should check and fix with the program. thanks Logfile of HijackThis v1.97.6 Scan saved at 7:35:03 AM, on 11/25/03 Platform: Windows 98 Gold (Win9x 4.10.1998) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MSGSRV32.exe C:\WINDOWS\SYSTEM\MPREXE.exe C:\WINDOWS\SYSTEM\mmtask.tsk C:\WINDOWS\SYSTEM\SA3DSRV.exe C:\PROGRAM FILES\GRISOFT\AVG TCP SERVER\AVGTCPSV.exe C:\PROGRAM FILES\GRISOFT\AVG7\AVGAMSVR.exe C:\WINDOWS\SYSTEM\DDHELP.exe C:\WINDOWS\SYSTEM\ZONELABS\VSMON.exe C:\WINDOWS\EXPLORER.exe C:\WINDOWS\TASKMON.exe C:\WINDOWS\SYSTEM\SYSTRAY.exe C:\PROGRAM FILES\ISTSVC\ISTSVC.exe C:\PROGRAM FILES\GRISOFT\AVG7\AVGCC.exe C:\PROGRAM FILES\GRISOFT\AVG7\AVGEMC.exe C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZAPLUS.exe C:\PROGRAM FILES\YAHOO!\MESSENGER\YMSGR_TRAY.exe C:\PROGRAM FILES\GRISOFT\AVG7\AVGWB.DAT C:\PROGRAM FILES\WINZIP\WINZIP32.exe C:\WINDOWS\TEMP\HIJACKTHIS.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.couldnotfind.com/search_page.html?&account_id=132702 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.couldnotfind.com/search_page.html?&account_id=132702 R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.couldnotfind.com/search_page.html?&account_id=132702 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.presario.net/scripts/redirectors/presario/srchredir.dll?c=2c98&s=search&i=enu R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.presario.net/scripts/redirectors/presario/srchredir.dll?c=2c98&s=search&i=enu R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.presario.net/scripts/redirectors/presario/srchredir.dll?c=2c98&s=search&query=%s&i=enu R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) O2 - BHO: (no name) - {F7F808F0-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\NEM214.DLL O2 - BHO: (no name) - {000006B1-19B5-414A-849F-2A3C64AE6939} - (no file) O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe O4 - HKLM\..\Run: [SystemTray] SysTray.exe O4 - HKLM\..\Run: [Aureal A3D Interactive Audio Init] A3dInit.exe O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVG7\AVGCC.exe /STARTUP O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVG7\AVGEMC.exe O4 - HKLM\..\Run: [9510439.exe] c:\windows\System\9510439.exe O4 - HKLM\..\Run: [BELT] C:\WINDOWS\BELT.exe O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\Zone Labs\ZoneAlarm\zaplus.exe O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\RunServices: [Aureal A3D Interactive Audio] sa3dsrv.exe O4 - HKLM\..\RunServices: [avgtcpsv.exe] C:\PROGRA~1\GRISOFT\AVGTCP~1\AVGTCPSV.exe O4 - HKLM\..\RunServices: [avgamsvr.exe] C:\PROGRA~1\GRISOFT\AVG7\AVGAMSVR.exe O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.exe -service O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet O9 - Extra button: Related (HKLM) O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM) O9 - Extra button: Messenger (HKLM) O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM) O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37862.8458564815 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab O16 - DPF: {D9EC0A76-03BF-11D4-A509-0090270F86E3} - http://install.spywarelabs.com/1210030908/BundleOuter1210030908.EXE O16 - DPF: {F5192746-22D6-41BD-9D2D-1E75D14FBD3C} (ddm_download.ddm_control) - http://download.rfwnad.com/cab/crack.CAB O16 - DPF: {2119776A-F1AD-4FCD-9548-F1E1C615350C} - http://www.stop-sign.com/pub/download/scandl_cnry.cab O16 - DPF: {FC87A650-207D-4392-A6A1-82ADBC56FA64} (MultiDist) - http://xbs.climaxbucks.com/internet-optimizer/080703/MultiDist.CAB O16 - DPF: {00000000-CDDC-0704-0B53-2C8830E9FAEC} (IELoaderCtl Class) - http://install.global-netcom.de/ieloader.cab O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab O16 - DPF: {FF0C042C-98E9-4C36-B2EC-E21FDFDCEF75} - http://download.redswoosh.net/Installer/104/rsinstaller.cab O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0309.cab

0

Actually, I've tried all of the solutions mentioned and still the bi.ini and biini.inf files are still on my PC...except now I can't delete them because I get the message that I do not have the rights to delete the files or they are in use. I have also noticed that there is this DBi key in my registry that keeps popping back in there with encrypted info every time I delete it. Where is the little hacker b---tard that came up with this?

0

Since the f---ing viruses have caught on to my computer then made system Hang and Explorer couldn't opened once tried but the AVG did the excellent job removing this silly Trojan horse Downloader Stubby.A from the System and would recommend to use Grisoft Anti Virus. Thanks

0

I've spent two days fooling with this... running AVG. I've got the Belt.exe one and one that says it's in C:\_RESTORE\TEMP\A0049693.CPY. Both are stubby. AVG says it's healed the belt.exe and I've removed any trace of it that I can find, but it says it can't remove the A0049693.CPY one. I can't seem to find it manually.... and wow, is the computer ever messed up! CD games won't load, it restarts itself, freezes up... you name it and it's probably wrong. And nothing shows up if I run a search for stubby. Any help is greatly appreciated!

0

it took months 2 figure out but my belt.exe virus is gone...its hidden in the hidden files and folders..type belt.exe and search delete all files that come up belt.exe then that should fix your problem,it did mine

0

I use AVG and the other day AVG showed a virus- downloader.dyfica.h - It said it was healed but I have a popup every so often that says I still have - Virus Trojan Horse downloader.dyfica.h is found in file c:\system volume information\_restore{48F8845B-390E-459D-930E-041FA721FB4F}-\RP266\A0042926.exe all tho more scans by AVG show there is no virus here. I looked for-belt.exe, but my scan shows up nothing. A friend of mine has the same thing and would like to rid myself of this pest. Thanks Jeff

0

which ones are the programms that comes with belt??? i thought they were only 4 of them... are the bi and bini programms also part of belt?? please someone answer me cause i haven't remove those from my computer. if anyone knows please email me..

0

I use AVG and the other day AVG showed a virus- downloader.dyfica.h - It said it was healed but I have a popup every so often that says I still have - Virus Trojan Horse downloader.dyfica.h is found in file c:\system volume information\_restore{48F8845B-390E-459D-930E-041FA721FB4F}-\RP266\A0042926.exe all tho more scans by AVG show there is no virus here. I looked for-belt.exe, but my scan shows up nothing. i also have tried bulletproof software and it dont pick anything up either.. how do i remove this please as i keep getting a popup saying it is on my computer and to scan with avg and it dont pick it up. Help please

0

i have the same downloader.dyfica.h popup, and avg is no help. i dont know what else to do, is there another virus scan or something, or wil i have to reformatt the harddrive?

0