Re: Trojan horse Downloader.Generic.ML
From: David W. Hodgins (dhodgin1661_at_nomail.afraid.org)
Date: Fri, 17 Jun 2005 19:08:09 -0400
On Fri, 17 Jun 2005 01:56:18 -0400, Ron Reaugh <firstname.lastname@example.org> wrote:
> Back to my original issue, why would AVG be detecting c:\null at that
> moment. What could have caused AVG resident to detect a file in c:\ at that
> moment EXCEPT watching/checking some file I/O to that file at that moment?
The virus definitions may have been updated.
The date on the file may not reflect it's actual creation date.
Keep in mind that on access scanning, does not normally scan non-executable
files. On demand scanning, only does so, if you specify it in the configuration
As to the question, of when to format/reinstall, it's easier to describe when it
If you know what malware was installed, how it got installed, can be confident that
that's the only malware that was installed, and that malware does not provide
remote access, then it's safe to just clean it using whatever tools are most
Otherwise, you should assume all executables (including macros etc), are compromised.
You could boot from a known clean boot media, and compare every executable, to the
files from the installation sources, but it's usually faster to just reinstall.
In most cases, just using an appropriate anti malware tool, to remove the infection,
will be effective, but you cannot/should not count on it. If the pc is used for
any financial activity (online banking, etc), failing to wipe/reinstall, and change
all passwords, could be expensive. Same with failure to remove a dialler, if you
have a regular modem connected to a phone line. Remote access tools can also get
your account terminated for sending spam etc, or cause reputation loss, if everyone
in your address book gets spammed with malware, from your computer.
Regards, Dave Hodgins
-- Change nomail.afraid.org to rogers.com to reply by email. (nomail.afraid.org has been set up specifically for use in usenet. Feel free to use it yourself.)