Re: Mystery
- From: "David H. Lipman" <DLipman~nospam~@Verizon.Net>
- Date: Wed, 19 Mar 2008 21:14:04 GMT
From: "Ernie B." <ebaresch_REMOVE_@xxxxxxxxxxxxx>
| I have a minor mystery....
|
| I did a boot-time scan with Avast free on the 17th. No infected files were
| found.
|
| Early this morning I started a complete scan with a-squared and heard the
| Avast siren after a few minutes. The file, C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
| \a2archive\keygen.exe, was moved to the Virus Chest and the a-squared scan
| allowed to complete. It found a few tracking cookies but nothing else.
|
| I do have keygen.exe on my system, scanned it with Avast. No complaints, so I
| suppose that the file is clean.
|
| The file was scanned with Avast from the VC with the following result:
| ==============================================================
| Scanning of selected files
| ------------------------------------------------------------------------------
| ------------
| Program will try to scan 1 selected file(s) in the Chest
|
| Move files to temporary folder: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\_avast4_
| \unp231646429.tmp
| FileID: 0000000035 Original file name: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
| \a2archive\keygen.exe New folder: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\_avast4_
| \unp231646429.tmp\35.exe
|
| Scan files in the temporary folder: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\_avast4
| _\unp231646429.tmp
| C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\_avast4_\unp231646429.tmp\35.exe
| Win32:Keygen-AO [Trj]
| ------------------------------------------------------------------------------
| ------------
| Action was completed successfully!
| ================================================================
|
| The same thing happened on 2/25/08 and again just now when I re-ran the a-
| squared scan. I also note that the 'Last changed' time for one of the files
| in the Avast VC is 3/19/2008 6:31:28 PM, which isn't here yet, and the
| 'Transfer time' to the VC is 3/19/2008 1:31:46 PM, which is correct. The
| other subject file move to the VC early this morning has a similar time
| discrepancy.
|
| Where did this infected file come from? Is it an artifact of a-squared?
|
| What causes the time discrepancy noted above?
|
| I don't belive my computer is infected but it's puzzling, any thoughts would
| be appreciated.
Where did you get A-Squared anti Trojan ?
It looks like you obtained it with with a Keygen which uis considered malware.
Delete ALL files from all TEMP folders amd clear all IE/Browser caches.
Use teh following Multi AV Scanning Tool to re-scan the system.
Download MULTI_AV.EXE from the URL --
http://www.pctipp.ch/ds/28400/28470/Multi_AV.exe
http://www.pctipp.ch/downloads/dl/35905.asp
English:
http://www.raymond.cc/blog/archives/2008/01/09/scan-your-computer-with-multiple-anti-virus-for-free/
To use this utility, perform the following...
Execute; Multi_AV.exe { Note: You must use the default folder C:\AV-CLS }
Choose; Unzip
Choose; Close
Execute; C:\AV-CLS\StartMenu.BAT
{ or Double-click on 'Start Menu' in C:\AV-CLS }
NOTE: You may have to disable your software FireWall or allow WGET.EXE to go through your
FireWall to allow it to download the needed AV vendor related files.
C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in C:\AV-CLS}
This will bring up the initial menu of choices and should be executed in Normal Mode.
This way all the components can be downloaded from each AV vendor's web site.
The choices are; Sophos, Trend, McAfee, Kaspersky, Exit this menu and Reboot the PC.
You can choose to go to each menu item and just download the needed files or you can
download the files and perform a scan in Normal Mode. Once you have downloaded the files
needed for each scanner you want to use, you should reboot the PC into Safe Mode [F8 key
during boot] and re-run the menu again and choose which scanner you want to run in Safe
Mode. It is suggested to run the scanners in both Safe Mode and Normal Mode.
When the menu is displayed hitting 'H' or 'h' will bring up a more comprehensive PDF help
file.
Additional Instructions:
http://pcdid.com/Multi_AV.htm
* * * Please report back your results * * *
--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
.
- Prev by Date: Re: Frenchi
- Next by Date: Re: AVG antivirus sends noname files to contacts
- Previous by thread: AVG antivirus sends noname files to contacts
- Next by thread: Re: Mystery
- Index(es):
Relevant Pages
|
