Re: Possible Trojan/Worm

From: David H. Lipman (DLipman~nospam~_at_Verizon.Net)
Date: 04/30/05

Next message: phil: "THANKS"
Previous message: DJ: "Re: Possible Trojan/Worm"
In reply to: DJ: "Re: Possible Trojan/Worm"
Next in thread: David H. Lipman: "Re: Possible Trojan/Worm"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Sat, 30 Apr 2005 08:42:56 -0400

From: "DJ" <doveman007@bigfoot.com>

| Well Sysclean didn't find anything, although there were a few files it
| couldn't access. Here's the log:
| ------------------------------------------------------------------------------------------
|
| /--------------------------------------------------------------\
|> Trend Micro Sysclean Package |
|> Copyright 2002, Trend Micro, Inc. |
|> http://www.trendmicro.com |
| \--------------------------------------------------------------/

< log snipped >

Usually when I see the log and access denied errors I am not worried as usually they are the
Registry files or normal files that have their respective File Handles open.

However....
2005-04-29, 22:20:48, An error occurred while scanning file
"C:\WINDOWS\system32\q6rqlg9516.dll": Access is denied.

I have a concern with the above.

You *must* logon using the 'administrator' account or be using an account that is in the
administartors group and you need to logon in Safe Mode. You also need to make sure that
you shutdown as many running applications as possible.

It would also help for you to read - "How to perform a clean boot in Windows XP"
http://support.microsoft.com/kb/310353

The latest Pattern File is 606 I see you were using 604.

SYSCLEAN_FE automates the download and execution process of the Trend Sysclean Package.
Direct URL -- http://www.ik-cs.com/programs/virtools/Sysclean_FE.exe Yoy may want to use
that instead and delete the D:\Utils\sysclean version. Note the above utility is hardcoded
for c:\sysclean.

-- 
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm

Next message: phil: "THANKS"
Previous message: DJ: "Re: Possible Trojan/Worm"
In reply to: DJ: "Re: Possible Trojan/Worm"
Next in thread: David H. Lipman: "Re: Possible Trojan/Worm"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: SCMan, access is denied
... If I change the account to an Administrator account I no ... TrendMicro's Sysclean is an extensive antivirus tool which has the ... scanning engine and the virus pattern files. ... Create a new folder on your Desktop or the C: ...
(microsoft.public.windowsxp.general)
Re: Sysclean unable to scan files, need help with log.
... > here yesterday and I was advised to use Trend Micro Sysclean. ... Administrative privileges and nothing was found, ... If you then did a scan in Safe Mode from an account with Administrative ...
(microsoft.public.windowsxp.security_admin)