Files are scanned that I can't see

[jeffc]

I'm using Stinger to do a disc scan. It is scanning through thousands of
files in c:\Documents and Settings\Jeff\Local Settings\Temporary Internet
Files. I've deleted all files from that directory. (Yes, I've turned on
the option for seeing hidden and system files.) Any idea what's going on
here? thanks

 

[David H. Lipman]

Jeff:

If you email me, I can send you information on another Command Line Scanner, with
instructions.
I can't post the information in public due to licensing issues.

Dave




| I'm using Stinger to do a disc scan. It is scanning through thousands of
| files in c:\Documents and Settings\Jeff\Local Settings\Temporary Internet
| Files. I've deleted all files from that directory. (Yes, I've turned on
| the option for seeing hidden and system files.) Any idea what's going on
| here? thanks
|
|

 

[B.C.]

I had the same problem. Never could find a virus, but discovered the
Trojan: BackdoorHackarmy.BN. My virus scanning software kept giving
me positives in a directory that wasn't showing: c:\Documents and
Settings\******\Local Settings\Temporary Internet\IE Explorer.
Somehow the directory was being masked. After letting the virus
scanner do it's work. I used Eraser to erase the "Temporary Internet"
directory. When I used Eraser, it prompted me to erase 5 directories
and 907 files that weren't showing up! I'm still not sure what was
masking the directories. Please post any information you might find
back to this group (the email address is phony). This was a really
nasty SOB.

You might want to download TDS-3 to check for Trojans. TDS-3 is the
most comprehensive trojan detector out there. You can download the
program here: http://tds.diamondcs.com.au/ You can also download
PortExplorer, from the same website, to see if you have any
compromised ports. If you are being hacked, PortExplorer lets you spy
on the information the hacker is obtaining. You can get PortExplore
here: http://www.diamondcs.com.au/portexplorer/

 

[jeffc]

I had the same problem. Never could find a virus, but discovered the
Trojan: BackdoorHackarmy.BN. My virus scanning software kept giving
me positives in a directory that wasn't showing: c:\Documents and
Settings\******\Local Settings\Temporary Internet\IE Explorer.
Somehow the directory was being masked. After letting the virus
scanner do it's work. I used Eraser to erase the "Temporary Internet"
directory.

Can you tell me where to find Eraser? thanks

 

[jeffc]

I had the same problem. Never could find a virus, but discovered the
Trojan: BackdoorHackarmy.BN. My virus scanning software kept giving
me positives in a directory that wasn't showing: c:\Documents and
Settings\******\Local Settings\Temporary Internet\IE Explorer.
Somehow the directory was being masked. After letting the virus
scanner do it's work. I used Eraser to erase the "Temporary Internet"
directory. When I used Eraser, it prompted me to erase 5 directories
and 907 files that weren't showing up! I'm still not sure what was
masking the directories. Please post any information you might find
back to this group (the email address is phony).

I found an Eraser program (hopefully the same one you were using.) It does
seem to be accessing and erasing all these hidden files. It does not tell
me how many files it's working on, but there are a lot. It's been running
for about 12 hours and it's about 50% done. Everything on my computer seems
to be running at full speed, so it doesn't appear to be a virus slowing
things down. It seems to do a 35-pass erase and rewrite on the file data,
and takes about 2-3 seconds average per file. (This is not really the
function I needed, but it's working.) If this is correct, then my virus
checker was not in an infinite loop after all, but just going through too
many files, many with the same or very similar names in multiple
directories. Maybe by later tonight I can run the virus checker again.

 

[jeffc]

I used Eraser to erase the "Temporary Internet"
directory. When I used Eraser, it prompted me to erase 5 directories
and 907 files that weren't showing up! I'm still not sure what was
masking the directories. Please post any information you might find
back to this group (the email address is phony). This was a really
nasty SOB.

Eraser finally finished after about 30 hours. It erased about 2 G of
"hidden" files.

 

[David H. Lipman]

I said they were hidden. Now set the IE cache to ONLY 10MB. No one needs an IE cache to be
2GB ! It defeats the purpose of using a cache and it just wastes space.

Now you can run Sysclean. However, update both SYSCLEAN.COM and the Pattern Files first.

Dave





|
| | > I used Eraser to erase the "Temporary Internet"
| > directory. When I used Eraser, it prompted me to erase 5 directories
| > and 907 files that weren't showing up! I'm still not sure what was
| > masking the directories. Please post any information you might find
| > back to this group (the email address is phony). This was a really
| > nasty SOB.
|
| Eraser finally finished after about 30 hours. It erased about 2 G of
| "hidden" files.
|
|

 

[jeffc]

I said they were hidden. Now set the IE cache to ONLY 10MB. No one needs an IE cache to be
2GB ! It defeats the purpose of using a cache and it just wastes space.

That's not really the point, because I manually clear it every week. The
files are being generated there automatically by something, into "hidden"
space.

 

[David H. Lipman]

There being generated there by IE and it is an important point.

Dave



|
| | > I said they were hidden. Now set the IE cache to ONLY 10MB. No one needs
| an IE cache to be
| > 2GB ! It defeats the purpose of using a cache and it just wastes space.
|
| That's not really the point, because I manually clear it every week. The
| files are being generated there automatically by something, into "hidden"
| space.
|
|