After running deep sytem scan, several threats are found. They are listed in the log as System]=]C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\23631764.nls [1480] (memory dump). Delete failed ( file was in an archive). I do not know how to find and delete these files. Are there any instructions for doing that? Thanks.
I tried to attach a copy of the log
/applications/core/interface/file/attachment.php?id=6370" data-fileid="6370" rel="">1274820565_1_02.xml
I've sent you an email with a procedure on how to delete this type of infection.
If the situation persists please post a new scan log.
I ran the utility you sent me. After rerunning a full scan, the same threats are showing up. There are now 17 of them. Attached scan log. Thank you
/applications/core/interface/file/attachment.php?id=6388" data-fileid="6388" rel="">1275166631_2_02.xml
Researchers, please tell us that Why .gif files are considered as virus in the above report.....???
In my opinion, The user seems to be experimenting with "Binders". Or may be they came from other source.
Hello msl741,
Please download this tool: http://www.bitdefender.com/files/KnowledgeBase/file/gmr.zip
Extract the archive in an empty folder, then run the executable. GMER will start and it will make an initial quick scan. When that scan is done, click on the >>> tab. Multiple other tabs will appear. Click on the Files tab, which will show an Explorer-like interface. Please browse to C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ (please note that browsing with GMER is slower, especially in folders with a high number of files, because of multiple additional scans that are made in order to detect hidden files). Select the file 23631764.nls and click Copy. Select an empty folder and save the file (you can also change it's extension to something else). Afterwards, find that copied file and put it in an archive protected with the password infected. Upload the archive on a file sharing server of your choice (such as www.sendspace.com) and send me the download link by PM.
Neo-The DarK: I don't see any gif files reported as infected in the attached log. There are some gif files (and other types) from a backup of Temporary Internet Files, but those are not reported as infected, but as not scanned (because they were password-protetected).
Cris.
@Cris
Oh..........sorry.........i get that. Yup..you are correct........
I have PM'd requested file. Thanks.
Locate again the 23631764.nls file using GMER and select Delete.
Afterward run a new deep scan and post here the results.
Locate again the 23631764.nls file using GMER and select Delete.Afterward run a new deep scan and post here the results.
Also, you should restart your system after the file has been deleted and before you make the scan.
scans are now coming back clean. thank you
You are very welcome
=CASE CLOSED=
