srcmon.exe was found in my Local_settings/Temp file. The Antivirus said it
was undisinfectable. But worse than that, the file wasn't apparent in the
folder given. This had me confused, because I thought Windows would surely
show me a file that existed in that folder. I deleted all the files I could
find that Windows would allow me to, in that folder. Would that have done
the trick (I'm assuming it was there under an alias)? And why should a file
be undisinfectable?

Another anti-virus scan found icon.acad162_icon.exe, which I assume to be to
do with an AutoCAD download; but once again the scanner said it was
undisinfectable, and again Windows searches didn't find it. I can't make
sense of this; and there is no information about that exe file on the 'net.

What ought I do? BTW is srcmon.exe dangerous if you haven't got a Wndows
password?

WTIA.

Axis wrote:
> srcmon.exe was found in my Local_settings/Temp file. The Antivirus said it
> was undisinfectable. But worse than that, the file wasn't apparent in the
> folder given. This had me confused, because I thought Windows would surely
> show me a file that existed in that folder. I deleted all the files I could
> find that Windows would allow me to, in that folder. Would that have done
> the trick (I'm assuming it was there under an alias)? And why should a file
> be undisinfectable?
>
> Another anti-virus scan found icon.acad162_icon.exe, which I assume to be to
> do with an AutoCAD download; but once again the scanner said it was
> undisinfectable, and again Windows searches didn't find it. I can't make
> sense of this; and there is no information about that exe file on the 'net.
>
> What ought I do? BTW is srcmon.exe dangerous if you haven't got a Wndows
> password?
>
> WTIA.

Please reply with much more system detail than above. OS ? Antimalware?

What exactly told you that an infection exists?

<http://catb.org/~esr/faqs/smart-questions.html>

<http://support.microsoft.com/kb/555375>


--
1PW

"1PW" <(E-Mail Removed)> wrote in message
news:h6mqlv$4rc$(E-Mail Removed)...
> Axis wrote:
>> srcmon.exe was found in my Local_settings/Temp file. The Antivirus said
>> it
>> was undisinfectable. But worse than that, the file wasn't apparent in the
>> folder given. This had me confused, because I thought Windows would
>> surely
>> show me a file that existed in that folder. I deleted all the files I
>> could
>> find that Windows would allow me to, in that folder. Would that have done
>> the trick (I'm assuming it was there under an alias)? And why should a
>> file
>> be undisinfectable?
>>
>> Another anti-virus scan found icon.acad162_icon.exe, which I assume to be
>> to
>> do with an AutoCAD download; but once again the scanner said it was
>> undisinfectable, and again Windows searches didn't find it. I can't make
>> sense of this; and there is no information about that exe file on the
>> 'net.
>>
>> What ought I do? BTW is srcmon.exe dangerous if you haven't got a Wndows
>> password?
>>
>> WTIA.
>
> Please reply with much more system detail than above. OS ?

Windows XP.

> Antimalware?
>

None that I was regularly using.
Now put on Stopzilla.

> What exactly told you that an infection exists?

Trendmicro online scan for the icon.acad162_icon.exe and pandasoftware
active scan for scrcom.exe -- or the other way round.
Anyhow, it's this thing of being 'undisinfectable' that I have never come
across before.

From: "Axis" <(E-Mail Removed)>


| "1PW" <(E-Mail Removed)> wrote in message
| news:h6mqlv$4rc$(E-Mail Removed)...
>> Axis wrote:
>>> srcmon.exe was found in my Local_settings/Temp file. The Antivirus said
>>> it
>>> was undisinfectable. But worse than that, the file wasn't apparent in the
>>> folder given. This had me confused, because I thought Windows would
>>> surely
>>> show me a file that existed in that folder. I deleted all the files I
>>> could
>>> find that Windows would allow me to, in that folder. Would that have done
>>> the trick (I'm assuming it was there under an alias)? And why should a
>>> file
>>> be undisinfectable?

>>> Another anti-virus scan found icon.acad162_icon.exe, which I assume to be
>>> to
>>> do with an AutoCAD download; but once again the scanner said it was
>>> undisinfectable, and again Windows searches didn't find it. I can't make
>>> sense of this; and there is no information about that exe file on the
>>> 'net.

>>> What ought I do? BTW is srcmon.exe dangerous if you haven't got a Wndows
>>> password?

>>> WTIA.

>> Please reply with much more system detail than above. OS ?

| Windows XP.

>> Antimalware?


| None that I was regularly using.
| Now put on Stopzilla.

>> What exactly told you that an infection exists?

| Trendmicro online scan for the icon.acad162_icon.exe and pandasoftware
| active scan for scrcom.exe -- or the other way round.
| Anyhow, it's this thing of being 'undisinfectable' that I have never come
| across before.


It means unlike a file where code is prepended, inserted or appended and said code can be
removed, in this case such an action can not be preformed and thus can't be disinfected.
All you can do is delete the file.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp

"David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message
news:(E-Mail Removed)...
> From: "Axis" <(E-Mail Removed)>
>
>
> | "1PW" <(E-Mail Removed)> wrote in message
> | news:h6mqlv$4rc$(E-Mail Removed)...
>>> Axis wrote:
>>>> srcmon.exe was found in my Local_settings/Temp file. The Antivirus said
>>>> it
>>>> was undisinfectable. But worse than that, the file wasn't apparent in
>>>> the
>>>> folder given. This had me confused, because I thought Windows would
>>>> surely
>>>> show me a file that existed in that folder. I deleted all the files I
>>>> could
>>>> find that Windows would allow me to, in that folder. Would that have
>>>> done
>>>> the trick (I'm assuming it was there under an alias)? And why should a
>>>> file
>>>> be undisinfectable?
>
>>>> Another anti-virus scan found icon.acad162_icon.exe, which I assume to
>>>> be
>>>> to
>>>> do with an AutoCAD download; but once again the scanner said it was
>>>> undisinfectable, and again Windows searches didn't find it. I can't
>>>> make
>>>> sense of this; and there is no information about that exe file on the
>>>> 'net.
>
>>>> What ought I do? BTW is srcmon.exe dangerous if you haven't got a
>>>> Wndows
>>>> password?
>
>>>> WTIA.
>
>>> Please reply with much more system detail than above. OS ?
>
> | Windows XP.
>
>>> Antimalware?
>
>
> | None that I was regularly using.
> | Now put on Stopzilla.
>
>>> What exactly told you that an infection exists?
>
> | Trendmicro online scan for the icon.acad162_icon.exe and pandasoftware
> | active scan for scrcom.exe -- or the other way round.
> | Anyhow, it's this thing of being 'undisinfectable' that I have never
> come
> | across before.
>
>
> It means unlike a file where code is prepended, inserted or appended and
> said code can be
> removed, in this case such an action can not be preformed and thus can't
> be disinfected.
> All you can do is delete the file.
>

I need to find it first, but the search doesn't yield.
I see that icon.acad162_icon.exe is in System volume information, for which
access is denied. How come, incidentally, if this is a virus, there is
nothing about it on the 'net?

Cheers.

From: "Axis" <(E-Mail Removed)>



| I need to find it first, but the search doesn't yield.
| I see that icon.acad162_icon.exe is in System volume information, for which
| access is denied. How come, incidentally, if this is a virus, there is
| nothing about it on the 'net?

| Cheers.

Who said "icon.acad162_icon.exe" is a virus ?

Please submit a sample to Virus Total --
http://www.virustotal.com/flash/index_en.html
The submission will then be tested against many different AV vendor's scanners.
That will give you an idea what it is and who recognizes it. In addition Virus
Total will provide the sample to all participating vendors.

You can also submit a suspect, one at a time, via the following email URL...
private.php?do=newpm&u=?subject=SCAN

When you get the report, please post back the exact results.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp

"FromTheRafters" <(E-Mail Removed)> wrote in message
news:h6n9p2$oj8$(E-Mail Removed)...
> "Axis" <(E-Mail Removed)> wrote in message
> news:1uBjm.296300$(E-Mail Removed)2...
>> srcmon.exe was found in my Local_settings/Temp file. The Antivirus said
>> it was undisinfectable. But worse than that, the file wasn't apparent in
>> the folder given.
>
> Possibly hidden.

By I always have 'Show hidden files and folders' selected.

>
> Hidden files may not 'appear' when navigated to or searched for, but
> deleting, copying, moving, renaming, or changing the attributes of them by
> using the fully qualified path should work despite not being able to 'see'
> them.

How would I do that?

>> This had me confused, because I thought Windows would surely show me a
>> file that existed in that folder. I deleted all the files I could find
>> that Windows would allow me to, in that folder. Would that have done the
>> trick (I'm assuming it was there under an alias)?
>
> No, if the detecting software found it under that name - then that is the
> name it has.
>
>> And why should a file be undisinfectable?
>
> If a program is "all bad" (such as most trojans) then disinfecting is
> equivalent to deleting - that is to say there is nothing salvageable.
>

It seems to be a recent fad in anti-virus software. I would happily delete a
trojan if I could.

>> Another anti-virus scan found icon.acad162_icon.exe, which I assume to be
>> to do with an AutoCAD download; but once again the scanner said it was
>> undisinfectable, and again Windows searches didn't find it. I can't make
>> sense of this; and there is no information about that exe file on the
>> 'net.
>
> Could be a false positive declaration. If you don't need the file - delete
> it.
>

I can't because it's in System Volume Information.

Cheers.

It looks, from this thread, like a false positive:
http://discussion.autodesk.com/forum...sageID=5644558

"Axis" <(E-Mail Removed)> wrote in message
news:mKGjm.211958$(E-Mail Removed)2...
>
> "FromTheRafters" <(E-Mail Removed)> wrote in message
> news:h6n9p2$oj8$(E-Mail Removed)...
>> "Axis" <(E-Mail Removed)> wrote in message
>> news:1uBjm.296300$(E-Mail Removed)2...
>>> srcmon.exe was found in my Local_settings/Temp file. The Antivirus
>>> said it was undisinfectable. But worse than that, the file wasn't
>>> apparent in the folder given.
>>
>> Possibly hidden.
>
> By I always have 'Show hidden files and folders' selected.

Still...there's hidden from you and (filtered) hidden even from
administrative tools. )

>> Hidden files may not 'appear' when navigated to or searched for, but
>> deleting, copying, moving, renaming, or changing the attributes of
>> them by using the fully qualified path should work despite not being
>> able to 'see' them.
>
> How would I do that?

The full path to the subject file might have been logged by the
antivirus application, or if your memory serves you, you can just use it
to enter "del <the full path to the file> into the command line prompt.

>>> This had me confused, because I thought Windows would surely show me
>>> a file that existed in that folder. I deleted all the files I could
>>> find that Windows would allow me to, in that folder. Would that have
>>> done the trick (I'm assuming it was there under an alias)?
>>
>> No, if the detecting software found it under that name - then that is
>> the name it has.
>>
>>> And why should a file be undisinfectable?
>>
>> If a program is "all bad" (such as most trojans) then disinfecting is
>> equivalent to deleting - that is to say there is nothing salvageable.
>>
>
> It seems to be a recent fad in anti-virus software. I would happily
> delete a trojan if I could.

Once debated here years ago, the AV purists are against disinfection in
favor of replacing files modified by malware with known good backups.
Still, there will always be a need for undoing what malware has done
because there are not always suitable backups to be had.

>>> Another anti-virus scan found icon.acad162_icon.exe, which I assume
>>> to be to do with an AutoCAD download; but once again the scanner
>>> said it was undisinfectable, and again Windows searches didn't find
>>> it. I can't make sense of this; and there is no information about
>>> that exe file on the 'net.
>>
>> Could be a false positive declaration. If you don't need the file -
>> delete it.
>>
>
> I can't because it's in System Volume Information.

You can flush your restore points - orjust wait for it to "fall out" as
newer points are added.