BTW: Adaware SE Definitions are up to: SE1R16 28.10.2004
Are you up-to-date ?
Dave
| Error 94 indicates open file handles. Not a problem. It just means nothing was found by
| Trend Sysclean.
|
| Did you try any of the online scanners I proposed ?
|
| Did you perform BOTH scans in Safe Mode ?
|
| I can supply you with the McAfee Command Line Scanner instructions, however due to
| licensing, I can't post it publicly and you would have to email me for them. Just remove
| ~nospam~.
|
| Dave
|
|
|
|
|
| | | Hello Dave
| |
| | Thanks for the suggestion - no luck so far I'm afraid. I already regularly
| | sweep with Ad Aware so I wasn't surprised that this ddn't get it (although SE
| | did pick up Adware that my older version did not) and I have downloaded the
| | Trend Sysclean package etc and run it - The first time took over 4 hrs and
| | came up with nothing. I noticed that one of the black script boxes that was
| | running (titled C:\Cleaner(my folder name)\VSCANTM.BIN) had <<ERROR <-94>>>
| | after every line. When I checked the log at the end of the scan it said that
| | an error occurred while reading.... doesn't sound like it worked??
| |
| | Just to be sure I downloaded the files again and re ran them - same result.
| |
| | The System process is still appearing in my Task Manager - strangley if I
| | try to End Process from here it will not end??
| |
| | Can you (or anyone) confirm that this process (system.exe) is a trojan? The
| | web site that says it is is ProcessLibrary.com
| |
| | I am now going to work through the list of online scanners that you gave.
| | My last resort will be the DOS scan that McAfee have suggested.
| |
| | Regards BB
| |
| | "David H. Lipman" wrote:
| |
| | >
| | > 1) Download the following three items...
| | >
| | > Trend Sysclean Package
| | >
http://www.trendmicro.com/download/dcs.asp
| | >
| | > Latest Trend signature files.
| | >
http://www.trendmicro.com/download/pattern.asp
| | >
| | > Adaware SE (personal free version)
| | >
http://www.lavasoftusa.com/
| | >
| | > Create a directory.
| | > On drive "C:\"
| | > (e.g., "c:\New Folder")
| | > or the desktop
| | > (e.g., "C:\Documents and Settings\lipman\Desktop\New Folder")
| | >
| | > Download sysclean.com and place it in that directory.
| | > Dowload the signature files (pattern files) by obtaining the ZIP file.
| | > For example; lpt202.zip
| | >
| | > Extract the contents of the ZIP file and place the contents in the same directory as
| | > sysclean.com.
| | >
| | > 2) Update Adware with the latest definitions.
| | > 3) If you are using WinME or WinXP, disable System Restore
| | >
http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm
| | > 4) Reboot your PC into Safe Mode
| | > 5) Using both the Trend Sysclean utility and Adaware, perform a Full Scan of your
| | > platform and clean/delete any infectors/parasites found.
| | > (a few cycles may be needed)
| | > 6) Restart your PC and perform a "final" Full Scan of your platform using both the
| | > Trend Sysclean utility and Adaware
| | > 7) If you are using WinME or WinXP,Re-enable System Restore and re-apply any
| | > System Restore preferences, (e.g. HD space to use suggested 400 ~ 600MB),
| | > 8) Reboot your PC.
| | > 9) If you are using WinME or WinXP, create a new Restore point
| | >
| | > You can also try some of the below online scanners.
| | >
| | > Trend:
| | >
http://housecall.antivirus.com
| | >
http://housecall.trendmicro.com
| | >
| | > F-Secure:
| | >
http://support.f-secure.com/enu/home/ols.shtml
| | >
| | > McAfee:
| | >
http://www.mcafee.com/myapps/mfs/default.asp
| | >
| | > Panda:
| | >
http://www.pandasoftware.com/activescan/
| | >
| | > Kaspersky:
| | >
http://www.kaspersky.com/de/scanforvirus
| | >
| | > Symantec:
| | >
http://security.symantec.com/
| | >
| | > BitDefender
| | >
http://www.bitdefender.com/scan/license.php
| | >
| | > Freedom Online scanner
| | >
http://www.freedom.net/viruscenter/index.html
| | >
| | >
| | > * * * Please report your results ! * * *
| | >
| | > Dave
| | >
| | >
| | >
| | >
| | >
| | >
| | > | | > | My PC shows an active process called 'System'. A search on the web tells me
| | > | that this is a process file - system.exe and is registered as a Net
| | > | Controller 1.08 Trojan. Viruscan 8 is not picking it up and a file search
| | > | from Explorer is not finding either. It is there and is running as it is
| | > | shown in my Task Manager. Consultation with McAfee has not found the location
| | > | of the file (we have checked the registry and the configuration utility) so
| | > | they have advised me to run a scan in DOS. This worries me as this scan will
| | > | delete any infected system files without prompting and i guess that this
| | > | could render my OS inoperable. To make matters worse the Windows Backup
| | > | utility does not work on my PC.
| | > |
| | > | Does anyone have any experience of this process? Can anyone confirm it is a
| | > | trohjan and should be deleted? Can anyone suggest an less drastic measure?
| | > | Does anyone know wher eit may reside?
| | >
| | >
| | >
|
|