OK , here is my latest scan report with
locationa-squared Anti-Malware - Version 3.0
Last update: 10/14/2007 10:21:58 PM
Scan settings:
Objects: Memory, Traces, Cookies, C:\, D:\
Scan archives: On
Heuristics: On
ADS Scan: On
Scan start: 10/15/2007 1:22:54 AM
C:\Documents and Settings\Administrator\Local Settings\
Temporary Internet Files\Content.IE5\PQ0A2U4N\x[1].exe detected: Trojan-Downloader.Win32.Small.eta
C:\System Volume Information\_restore{88F0CDD3-F86F-465E-A138-4DE6072B8AAA}\RP6\A0019378.dll detected: Trojan-Spy.Win32.FtpSend.a
C:\WINDOWS\~Temp5288.tmp detected: Trojan-Downloader.Win32.Small.eta
Scanned
Files: 32514
Traces: 338752
Cookies: 27
Processes: 34
Found
Files: 3
Traces: 0
Cookies: 0
Processes: 0
Registry keys: 0
Scan end: 10/15/2007 1:45:45 AM
Scan time: 12:22:51 AM
Since this Trojan Downloader is in Temp files , i tried to delete the Temp files in my C:\ files , but it says i cant delete them as they are used by another program.
Broni ,
The a-squared Anti malware seems to be working , it gave a message that Trojan downloader is tryng to connect to internet , it asked me to
allow or
deny it, i clicked on Always deny it, since then im not getting any warnings.
I clicked on the description of Trojan Downloader in a-squared Anti malware console (there was the option to click on the trojan name and find info on it , i also did some search in google), It said that a Trojan downloader is a program which downloads programs into your computer, This Trojan downloads files from the Internet without the knowledge or consent of the user. The Trojan itself is a Windows PE EXE file 3072 bytes in size. It is not packed in any way.
When launched, the Trojan checks whether the victim machine is connected to the Internet. If a connection is detected, the Trojan will download the following files from u***ti.lycos.it/vx9:
Trojan Downloader comes with a download which appers to do nothing , like a game download etc. It sends the information of your Hard Drive to the internet.
So i was thinking that i will scan my comp again and even if my comp is protected now , what about the already infected files......
I also tried to go to
http://www.simplysup.com/tremover/download.html, but i get a warning that this site is dangerous .
Waaaaa what should i do Broni!!!!!!!