Threat Remains

warrentaylor
warrentaylor
in Malware talk

anyone seen this before?


Remaining issues:Object Name Threat Name Final Status


C:\Documents and Settings\Owner\Local Settings\Temp\sst_inst.exe=]wise0096=]wise0009 Application.Remoteadmin.GE Delete Failed (file was in an archive)

Comments

  • alexcrist
    alexcrist

    Hello warrentaylor,


    The file cannot be cleaned or removed, because it is in an installation kit (which is a packed format). To remove the infection, you have to delete the hole installer:


    C:\Documents and Settings\Owner\Local Settings\Temp\sst_inst.exe


    That folder is hidden. If you cannot find it, read this: http://forum.bitdefender.com/index.php?showtopic=3573


    Cris.

  • warrentaylor
    warrentaylor
    edited February 2008

    Thanks,


    I deleted it using the instructions in that link. Next deep scan, we'll see.


    this folder is just full of junk. I wonder if any of it is leftover from a malware item I had a few months back.


    thanks again

  • alexcrist
    alexcrist
    edited February 2008
    this folder is just full of junk. I wonder if any of it is leftover from a malware item I had a few months back.


    Not necessarily. The Temp folder is used by Windows and many applications to store temporary files.


    Every user has his personal Temp folder (in C:\Documents and settings\<username>\Local Settings\Temp), and there's also a global Temp folder in C:\Windows\Temp.


    Some files can't be deleted because they are still in use (by the application that created them), but all the other files are useless and can be deleted.


    Cris.

  • warrentaylor
    warrentaylor
    edited February 2008

    I can't get rid of this thing. I delete it and it appears to move somewhere else.


    Now its at :


    Object Name Threat Name Final Status


    C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP1113\A0120657.exe=]wise0096=]wise0009 Application.Remoteadmin.GE Delete Failed (file was in an archive)


    when I try to get to that folder, my system tells me I don't have access in any way....???? here is a screenshot


    what gives??? This is getting scarey!

    post-9906-1203992137_thumb.jpg

  • farbar
    farbar
    what gives??? This is getting scarey!


    Chris would tell you this but since he is not there at the moment I do it if he doesn't mind:


    Empty your system volume information to get rid of recreation of infection by windows recovery. To do that: go to start-control panel- system- system restore- check turn off system restore on all drives. Click apply. By doing this you loose all your (often infected) restore points. Reboot and uncheck “turn off system restore on all drives' to create a clean restore point.


  • alexcrist
    alexcrist

    Read here about how to clean infections in System Volume Information folder: http://forum.bitdefender.com/index.php?showtopic=3575


    Cris.

All Time Leaders

Categories

Defenders of the month