Re: Protected folders
From: David H. Lipman (DLipman~nospam~_at_Verizon.Net)
Date: 08/30/05
- Previous message: Roger Fink: "Re: Protected folders"
- In reply to: Roger Fink: "Re: Protected folders"
- Next in thread: Roger Fink: "Re: Protected folders"
- Reply: Roger Fink: "Re: Protected folders"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 29 Aug 2005 23:44:10 -0400
From: "Roger Fink" <fink@*****.net>
|
| David - you're here too - what a shocker!
|
| OK, I'm probably not going to describe this 100% accurately, but here's my
| best shot. I recently was infected with VBS:REDLOF. The infected file that
| was picked up on the virus scan was unfortunately sysclean.exezz, which was
| created when sysclean.exe was launched earlier, I believe in response to
| something else. The file had been on the hard drive for awhile . The several
| other files that normally are created in the same folder when SysClean is
| launched all had zz added to their extensions, such as .logzz and .dllzz,
| although they didn't scan "positive". The pattern file to all appearances
| remained unchanged.
|
| What prompted the question is that I wanted to save myself a 3.5mb download
| by keeping the file on the computer. (I realize this part of the program
| does get modified from time to time and would need to check that). It's
| downloaded as an executable but I've currently got it stored as a zip, if
| that makes any difference. And yes, I agree in advance of your suggesting it
| that it's not the end of the world to download it only on an as-needed
| basis.
|
| I've done my reading and my housekeeping, and I think my system is free and
| clear at the moment.
|
| BTW, Trend Micro describes VBS:REDLOF and its variants as highly
| destructive. It's more than an annoyance.
|
It shouldn't be a surprise you'd find me here. I monitor many virus and security related
News Groups. I'm out to learn as much as I can and assist the affected/infected as much a I
can.
Well for one Avast falsely declares SYSCLEAN.COM [ Sysclean is a Trend Micro utility ] as
having the VBS/Redlof. Do you have Avast ? This is an old problem and one would think this
False Positive declaration would have been corrected by now. SYSCLEAN.COM is a
self-extracting executable and when it is executed the actual AV scanner engine is
extracted.
Getting back to your original question, a virus or Trojan can be written to change the
attributes of a file or folder such that it goes from Read-Only to Read-Write..
-- Dave http://www.claymania.com/removal-trojan-adware.html http://www.ik-cs.com/got-a-virus.htm
- Previous message: Roger Fink: "Re: Protected folders"
- In reply to: Roger Fink: "Re: Protected folders"
- Next in thread: Roger Fink: "Re: Protected folders"
- Reply: Roger Fink: "Re: Protected folders"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
