My Machine.. What I think happened..

[woxnerw]

I'm Back to Report:
I used the Panda Free Scan to locate the Files-of-Issue.. I'm still in the process of locating these files.. However, several of these files are now removed from the folders they were attached to.. This machine is on the come-back..

I was in the Registry and working on re-naming file extensions.. e.g. .exe files ..I re-named them to .ete extensions.. (not removed yet).. sys files .. I renamed to .sts extensions.. (not removed yet)..

Anyway, these files are not interfering and stressing the work-flow of this machine.. Some of the files I removed from their folders are placed them in the AVG Vault.. These files were identified by the Panda Free Scan Utility. So-Far-So-Good..

There is one file I am unable to find.. It's path-and-location is..

c:\windows\downloaded program files\UWAS6_0001_N68M2301NetInstaller.exe

I don't know where to find it.. It's not in the downloaded programs Folder..

I did a windows search on it.. Nothing appears.. What's up??

This may be the Key File that's gonna fix this machine.. Well... Could Be.. Who Knows?

Bill..

[Stormcrow]

Quote:

Originally Posted by woxnerw

I haven't tried this.. Could restoring this build back to say several months, help-and-make this, work? At this point-in-time, I have only restored back to a few days..

The restore feature is all but useless in these situations, its only good if you accidently messed with something or screwed with regedit too much. It doesnt actually remove or delete trojans or other malware.

Quote:

Originally Posted by woxnerw

There is one file I am unable to find.. It's path-and-location is..

c:\windows\downloaded program files\UWAS6_0001_N68M2301NetInstaller.exe

Make sure you can view your hidden files by going to Tools, Folder Options, View, and then checking Show Hidden Files.

[KOMMANDER]

The one thing you should do before doing all the removal your doing is turn off system restore. Many times the reason a virus, trojan, or worm is almost imposible to get rid of is because it hids inside of your system restore file to. Turning off the restore feature wipes the restore file out which means that after you get rid of the infestation and turn restore back on a new clean restore file is made and you can't be reinfected . KOMMANDER

[Stormcrow]

Ah yeah, I had completely forgot about that tidbit, Kommander. I knew there was another reason Restore was useless with viruses, lol

[stinger608]

One other thing that you can check is what malware and adware, there is in the system also. A great utility for this is spybot search and destroy!
It will also get rid of some trojans also.

The home of Spybot-S&D!

[woxnerw]

Hi Gents:
Thank you for your replies to this thread.. I'm still working on this.. The path of this headache is somewhere in the system volume information/restore folder of the C Drive of this machine.. the file is ... A0411508.exe Of course.. a windows search of this file doesn't show this file to be found..

I guess I'm gonna tackle this but one of you guys posted a link to more information on opening this folder. If I could open this folder I think I can locate this..

Just when I think this machine's behaviour is improving, it takes a set-back..

The Panda Software looks pretty interesting.. In fact I'm seriously looking at this stuff.. If I'd get busy and install one of their applications I'd be all-but-done with this.. In fact they have posted a couple of Beta versions of their product.. I'm on a dial-up here.. and.. it took me the better part of yesterday to download the applications.. It amounted to 100 meg. to come through my copper wire..

Question?? Should I be worried as to which version I install? I have three machines on a LAN to protect.. I'm in the music studio business.

There is a firewall version.. and a "Lite" ?? version..

BUT.. I'd like to gain some knowledge and experience in tracking down Trojan-and-Virus files..

What is IT.. Am I attempting to re-invent the wheel??

My knuckles are all bruised from smacking this wall..


Bill..

[qazwsx]

just want to add this in; I had a trojan a while back but macafee cleared it up nicely for me. You might want to try them out. they have a free trial version so you can test their software first aswell

McAfee Security - Evaluation Software

[woxnerw]

Hi qazwsx:
Thanks for your reply.. I've reconfig'd the view system files to show the System Volume Information folder..

Thanks to an earlier post on this thread..

Could I be making some headway on this issue? (Trojan) or.. am I only treating the result of this issue?

I found the path to File A0411508.exe Earlier... As I was replying to this thread I was running the AVG utility I have been using sense April 2002..

This is the utility that identified this file/threat.. after the scan completed it (the AVG Scan) sent the file to the AVG Vault.. When the file is transferred there .. the file is re-named.. to a FIL extension.. or this particular file is renamed to that extension.. AND it's given the file another name.. e.g. a #'d name..

All this effort is for.. I'm trying to preserve this XP Home Build.. It has been working pretty well sense April 2002.. Well, that's what I think..

Bill..

[woxnerw]

Hi Again Gents:
The plot thinkens.. I have Cleaned the registry, so-to-speak and deleted a bunch of "Odd" files and thinned out entries that are not connected to applications and all..

However.. back in the System Volume Information folder you'll see a note pad file that has "Odd Shaped Characters" in the Note Pad image..

Is this normal?


OR... Do I still have some Trojan/Virus that remains that I have to deal with??

Bill..

[qazwsx]

I get a few random characters but not as many as that. But this is quite a fresh install. I think its normal