Computer Hope

Microsoft => Microsoft Windows => Windows XP => Topic started by: ronald_peterson on September 05, 2007, 10:15:13 AM

Title: Threat alerts from a specific folder
Post by: ronald_peterson on September 05, 2007, 10:15:13 AM: hi frnds,

lemme brief abt my computer first. Its AMD 2800 Semptron processor-1.6 ghz, 512 mb DDR2 ram.Win XP Sp2. I use AVg Av and Spyware.

recently i have been gettin threat alerts from a paricular folder.
C:\Documents and Settings\Swagat\Local Settings\Temp

Swagat is the username.

Avg vault details

Object name jP48aYkQ.exe
Object path C:\Documents and Settings\NetworkService\Local Settings\Temp\
Discovery Trojan horse SHeur.AID
Date of detection 9/5/2007 9:13:40 PM
Source computer SWAGAT-V2KFGS8K
Finder Swagat
File size 19 KB (19538 bytes)
Healable No

Source Moved object
Status Infected

Can anybody pls help.

(http://img340.imageshack.us/img340/2851/virusoa1.png)
Title: Re: Threat alerts from a specific folder
Post by: kbm292 on September 05, 2007, 12:22:57 PM: Have you tried running your AVG in safe mode to see if it would remove it that way? First thing I would do is try that and also run your spyware scans in safe mode as well. It seems to me as though it won't delete it because it sees it as a running service. That shouldn't be the case in safe mode.
Title: Re: Threat alerts from a specific folder
Post by: ronald_peterson on September 05, 2007, 01:03:11 PM: Quote from: kbm292 on September 05, 2007, 12:22:57 PM
Have you tried running your AVG in safe mode to see if it would remove it that way? First thing I would do is try that and also run your spyware scans in safe mode as well. It seems to me as though it won't delete it because it sees it as a running service. That shouldn't be the case in safe mode.

thanks will try. once i find a Threat i usualy delete it or move to vault. but y is it reoccuring again and again?

thanks
Title: Re: Threat alerts from a specific folder
Post by: patio on September 05, 2007, 01:11:45 PM: Good suggestions above...
Have you been visiting any Cooking sites ? ?
Swagat is authentic Indian cuisine...
The Trojan threat listed does not come up at any of the Security Forums i belong to...

It may be just a false positive...these things happen. But take the above advice to make sure.
Title: Re: Threat alerts from a specific folder
Post by: ronald_peterson on September 05, 2007, 02:04:43 PM: Quote from: patio on September 05, 2007, 01:11:45 PM
Good suggestions above...
Have you been visiting any Cooking sites ? ?
Swagat is authentic Indian cuisine...
The Trojan threat listed does not come up at any of the Security Forums i belong to...

It may be just a false positive...these things happen. But take the above advice to make sure.

;D not any cookin sites. Swagat is the name of the guy who setup the ocmputer lately.

Still il follow the advice and try seraching in safe mode.

thanks
Title: Re: Threat alerts from a specific folder
Post by: ronald_peterson on September 07, 2007, 12:55:02 AM: Frnds i tried the tricks. Didnt work?

any other suggestion pls
Title: Re: Threat alerts from a specific folder
Post by: kbm292 on September 07, 2007, 05:32:20 AM: You can try this utility here (http://www.pctools.com/spyware-doctor/?ref=google_antispyware&gclid=CMKvy76fsY4CFQlQWAodf2kXgg) and see if maybe that can remove it. It claims to be able to remove most Trojans. I hope that helps you. I'll keep an eye out for any other possible solutions.
Title: Re: Threat alerts from a specific folder
Post by: 2k_dummy on September 07, 2007, 06:42:13 AM: Why not navigate to the folder where it is located and delete the contents.
Title: Re: Threat alerts from a specific folder
Post by: patio on September 08, 2007, 07:52:16 AM: DLoad and run the latest version of Stinger in safemode.
Title: Re: Threat alerts from a specific folder
Post by: ronald_peterson on September 09, 2007, 05:48:16 AM: Quote from: patio on September 08, 2007, 07:52:16 AM
DLoad and run the latest version of Stinger in safemode.

Il try that

Quote from: 2k_dummy on September 07, 2007, 06:42:13 AM
Why not navigate to the folder where it is located and delete the contents.

Well as soon as i get the alert i dlete it. But i get it so many times i get it i feel bored.

Quote from: kbm292 on September 07, 2007, 05:32:20 AM
You can try this utility here (http://www.pctools.com/spyware-doctor/?ref=google_antispyware&gclid=CMKvy76fsY4CFQlQWAodf2kXgg) and see if maybe that can remove it. It claims to be able to remove most Trojans. I hope that helps you. I'll keep an eye out for any other possible solutions.

Hi, iv dowloaded and screwed all the threats but im still gettin it. agagin and again.

PLS help
Title: Re: Threat alerts from a specific folder
Post by: patio on September 09, 2007, 07:37:51 AM: Sounds as if this tech that worked on your machine has built in some job security for himself...

Re-boot into safemode and follow Win2K D's advice from above.
Then DLoad and run HijackThis...save the results to a text file and post it in our Virus and Spyware section.

DO NOT let HijackThis fix anything until you have been advised...
Title: Re: Threat alerts from a specific folder
Post by: ronald_peterson on September 10, 2007, 12:41:23 AM: Quote from: patio on September 09, 2007, 07:37:51 AM
Sounds as if this tech that worked on your machine has built in some job security for himself...

Re-boot into safemode and follow Win2K D's advice from above.
Then DLoad and run HijackThis...save the results to a text file and post it in our Virus and Spyware section.

DO NOT let HijackThis fix anything until you have been advised...

here is the log,
http://rapidshare.com/files/54617398/hijackthis.log.html

Sory i cudnt find any spyware section.
Title: Re: Threat alerts from a specific folder
Post by: patio on September 10, 2007, 06:03:47 AM: http://www.computerhope.com/forum/index.php/board,7.0.html (http://www.computerhope.com/forum/index.php/board,7.0.html)

Click the above...you should save the log as a text file then copy and paste it there...it may take more than one post to get it all.