Re: OT: virus

From: Andy Mrozek (AndyMrozek@yahoo.com)
Date: Wed Dec 29 2004 - 21:07:18 GMT-3

• Next message: Andy Mrozek: "Re: I E lab 13 - dhcp-server vs ip helper"
• Previous message: joshua lauer: "Re: Linux Routing and Vlan"
• Maybe in reply to: ccie2be: "OT: virus"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Tim,

~ this simple is common in Microsoft paths for well known paths as such
you depict here , so that is not trojan / virii like , but what is the
thing you want to look at is is make sure you can see that file , but
dont use the short hand way it is giving you could try something like
this ... But remember if you were on linux you would NEVER have these
worries of emule / donkey spread malware ... LONG live the penguin :)

dir /S /TC c:\ | find "12/29/2004" | find "winb.tmp"

then this to find the path to it now this is a very manual way of
finding these little shits , and there are freeware tools from vendors
that do this but as you know a windows install is great for about 3
applications so given that dont do it or you risk slowness / bsod etc
etc etc ;)

dir /S /B c:\ | find "WINB.TMP"

This will give the real path not the explorer hidden stuff ... Then
download the strings.exe utility (freeware) and doesnt make many
registry hooks so you most likely wont crash .. Just pray first ;) and
run something like this

strings -n 5 -a c:\<pathfromabovecommand\WINB.TMP" | more

This will let you know contents of it and if it is bad..... Also try
deleteing from cli as some malware stuff ..... uses the ntfs streaming
feature to hide there files from windows itself.........

HTH...

ccie2be wrote:

>Hi guys,
>
>When I run my virus scan - McAfee - I get alerts showing me where it found the
>virus.
>
>For example,
>
>C:\DOCUME~1\Owner\LOCALS~1\Temp\winB.tmp\WINB.TMP
>
>Then, when I try to delete the file, it tells me I can't - check the file
>access rights.
>
>I tried to go to the above directory, but can't find it.
>
>What does the "~" character mean?
>
>And, does anybody have any suggestions on how to get rid of this file?
>
>TIA,Tim
>
>_______________________________________________________________________
>Subscription information may be found at:
>http://www.groupstudy.com/list/CCIELab.html

• Next message: Andy Mrozek: "Re: I E lab 13 - dhcp-server vs ip helper"
• Previous message: joshua lauer: "Re: Linux Routing and Vlan"
• Maybe in reply to: ccie2be: "OT: virus"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Mon Jan 03 2005 - 10:31:32 GMT-3