Re: Alwayup Trojan-Repair,Quarantine, Delete Failed--Access Denied?
From: Eli (meagain_at_outthere.invalid)
Date: 05/19/05
- Next message: David H. Lipman: "Re: Alwayup Trojan-Repair,Quarantine, Delete Failed--Access Denied?"
- Previous message: Richard Mueller: "Re: AIM Virus"
- In reply to: David H. Lipman: "Re: Alwayup Trojan-Repair,Quarantine, Delete Failed--Access Denied?"
- Next in thread: David H. Lipman: "Re: Alwayup Trojan-Repair,Quarantine, Delete Failed--Access Denied?"
- Reply: David H. Lipman: "Re: Alwayup Trojan-Repair,Quarantine, Delete Failed--Access Denied?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 18 May 2005 19:10:06 -0400
David wrote:
<<<
Dump the contents of the IE Temporary Internet Folder cache (TIF)
Start --> Settings --> Control Panel --> Internet Options --> Delete Files
>>>>
************************
I have a subfolder under the folder "Temporary Internet Files" titled:
"Content..IE5". The folders and files in that subfolder are not delted when
I do the "Delete Files" operation you recommend above. I can however delete
those subfolders under "Content.IE5" manually if I choose to. Is the data in
that subfolder diposable? Can I safley delete them?
Incidentally, I did manually delete the TIF file which NAV initially claimed
was infected. I disabled " System Restore" and ran a full NAV scan and no
infections or threats were found.
In other words I followed Symantec's own recommendations for the
Alwayup.Trojan. I came out clean.
-Eli
******************************
"David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message
news:eev4YP6WFHA.3760@TK2MSFTNGP15.phx.gbl...
| From: "Eli" <meagain@outthere.invalid>
|
| | Hello:
| |
| | I use Norton AntiVirus.
| |
| | Was notifiied of an infection by Alwayup Trojan:
| |
| | <<
| | Source: C:\WINDOWS\Temporary Internet
| | Files\Content.IE5\0Z4RMI0I\aun_0036[1].exe
| | Click for more information about this threat : Trojan.Alwayup
| >>>>>>>
| | NAV log reports that Repair Failed, Quarantine failed, delete failed.
Access
| | denied.
| |
| | Does "Access Denied" mean it was refused access to other files? In other
| | words that the Trojan failed to access other files?
| |
| | I used Windows Explorer to locate that file within the TIF folder. It
showed
| | a size of 0 bytes. and that it was created at about the same time that
the
| | AntiVirus alerts came on my monitor. I simply deleted it, with no
problem.
| | Wondering if that zero byte size implies that the antivirus somehow
stripped
| | it ....
| |
| | I ran a completeVirus Scan with Norton Antivirus and it came out clean.
| |
| | 1) Does "Access Denied" mean it was refused access to other files? In
other
| | words that the Trojan failed to access other files?
| |
| | 2) Is there anything elase I should do to make sure I'm truly rid of
this
| | Alwayup Trojan?
| |
| | 3) Can I safely delete all the contents of 0Z4RMI0I\ subfolder within
my
| | Temp Inernet Files w/o losing important data and/or programs?
| |
| | Thanks in advance:
| |
| | -eli
| |
|
| Dump the contents of the IE Temporary Internet Folder cache (TIF)
| Start --> Settings --> Control Panel --> Internet Options --> Delete Files
|
| Dump the contents of the Mozilla FireFox Cache { if you use FireFox }
| Tools --> Options --> Privacy --> Cache --> Clear
|
|
| Download CLEAN.EXE from the URL --
| http://www.ik-cs.com/programs/virtools/clean.exe
|
| It is a self-extracting ZIP file that contains the Kixtart Script
Interpreter
| { http://kixtart.org Kixtart is CareWare } three batch files, two Kixtart
scripts, two Link
| (.lnk) files and a PDF instruction file.
|
| GETFILES.BAT -- For downloading (FTP) the files needed to run the McAfee
Command Line
| Scanner. If you are using Windows XP, you may have to disable the Windows
XP FireWall to
| allow the FTP utility to download the needed files
|
| CLEAN.BAT -- For running within Windows after running
c:\mcafee\GetFiles.BAT. If you choose
| to scan again at a future date, run this batch file. It will
automatically check the date
| of the McAfee DAT files and if it is a couple of days old, it will
download (FTP) the latest
| signature files and install them before performing the scan.
|
| DOSCLEAN.BAT -- For use on a Win9x/ME PC or on a Win2K/WinXP PC that is
using FAT32 after
| you have booted from an Emergency Boot Disk or DOS disk and have already
executed;
| c:\mcafee\GetFiles.BAT from within Windows. DOS disk boot images can be
obtained from;
| http://www.bootdisk.com/bootdisk.htm
|
| I need you to perform the following...
|
| Execute; CLEAN.EXE
| Choose; Unzip
| Choose; Close
|
| Execute; c:\mcafee\GetFiles.BAT
| { or Double-click on 'GetFiles Link' in c:\mcafee }
|
| Reboot the PC into Safe Mode [F8 key during boot]
|
| Shutdown as many applications as possible !
| It would also help for you to read - "How to perform a clean boot in
Windows XP"
| http://support.microsoft.com/kb/310353
|
| Execute; c:\mcafee\CLEAN.BAT
| { or Double-click on 'Clean Link' in c:\mcafee }
|
| A final report in HTML format called C:\mcafee\ScanReport.HTML will be
generated. At the
| end of the scan, it will be displayed in your browser (Opera, FireFox or
Internet Explorer).
| It is suggested that you move the report out of c:\mcafee before
performing another scan.
| It would be a good idea to scan in Safe Mode and in Normal Mode and save a
copy of the HTML
| report for each session.
|
|
| * * * Please report back your results * * *
|
|
| --
| Dave
| http://www.claymania.com/removal-trojan-adware.html
| http://www.ik-cs.com/got-a-virus.htm
|
|
- Next message: David H. Lipman: "Re: Alwayup Trojan-Repair,Quarantine, Delete Failed--Access Denied?"
- Previous message: Richard Mueller: "Re: AIM Virus"
- In reply to: David H. Lipman: "Re: Alwayup Trojan-Repair,Quarantine, Delete Failed--Access Denied?"
- Next in thread: David H. Lipman: "Re: Alwayup Trojan-Repair,Quarantine, Delete Failed--Access Denied?"
- Reply: David H. Lipman: "Re: Alwayup Trojan-Repair,Quarantine, Delete Failed--Access Denied?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
