Author Topic: System (WinMe) Files Corrupted: Worm Suspected!  (Read 10021 times)

0 Members and 1 Guest are viewing this topic.

Offline whocares

  • Super Poster
  • ***
  • Posts: 1698
  • I'm not a llama! :-)
Re: Trojan Apparently Invisible to Explorer...
« Reply #15 on: April 10, 2005, 06:07:10 PM »
tracking down the WinMe32 Trojan file with Explorer.  I tried that the other day, but it was not to be found! 


Of course not !!

AAW: This the temporary folder of Ad-AWare, which it uses for unpacking/scanning of archives
usually exists only during a scan with ad-aware, unless adaware crashes and doesn't clean it up after scanning

so you probably scanned with ad-aware while the avast-shield was enabled (NOT always a good idea, unless you know what you're doing),
so avast picked up the temporary/unpacked file or left-overs in that folder
(don't know why it didn't get the original archive, unless you were usually scanning with avast without archive-scan enabled ?

Are there any NEW findings ?? -> details please

how about that hijackthis-log ?
 ;)
« Last Edit: April 10, 2005, 06:08:44 PM by whocares »

Offline AceFlyer

  • Newbie
  • *
  • Posts: 12
  • Adrift in the Universe...
Re: System (WinMe) Files Corrupted: Worm Suspected!
« Reply #16 on: April 11, 2005, 10:47:04 AM »
For whocares: 
    I always run scans off-line with FW and all other AV/AS programs disabled, which would explain why AdAware has never crashed on me.  If Avast has picked up some remnant files, where would they be stored (that I haven't already searched for)?  Also, I nearly always include archived files in the scans. Regarding the "hijackthis-log" request, I'm a bit unfamiliar with the concept...can you expound a little so this here IT idiot can reply?  I'll be offline for a couple of weeks or so--effective now--but certainly welcome your further input.  Later... :)
Ace out...

Offline whocares

  • Super Poster
  • ***
  • Posts: 1698
  • I'm not a llama! :-)
Re: System (WinMe) Files Corrupted: Worm Suspected!
« Reply #17 on: April 11, 2005, 10:51:00 AM »
Hijackthis is a tool which lists most of the process/startups that run on your PC, so with its LOG we could check if there's a suspicious startup that might be caused by malware ...
or whether your problems are raher due to Windows acting up (which is what I suspect without further info

About this concept, there are tons of info here in the board and everywhere in the net except at walmart ;)

Offline AceFlyer

  • Newbie
  • *
  • Posts: 12
  • Adrift in the Universe...
Re: System (WinMe) Files Corrupted: Worm Suspected!
« Reply #18 on: April 22, 2005, 03:05:57 PM »
For whocares:  The "hijackthis" log, which you requested, is attached.  Keepin' fingers crossed... :)
« Last Edit: April 22, 2005, 03:12:48 PM by AceFlyer »
Ace out...