Not being able to find virus file

[Axis]

srcmon.exe was found in my Local_settings/Temp file. The Antivirus said it
was undisinfectable. But worse than that, the file wasn't apparent in the
folder given. This had me confused, because I thought Windows would surely
show me a file that existed in that folder. I deleted all the files I could
find that Windows would allow me to, in that folder. Would that have done
the trick (I'm assuming it was there under an alias)? And why should a file
be undisinfectable?

Another anti-virus scan found icon.acad162_icon.exe, which I assume to be to
do with an AutoCAD download; but once again the scanner said it was
undisinfectable, and again Windows searches didn't find it. I can't make
sense of this; and there is no information about that exe file on the 'net.

What ought I do? BTW is srcmon.exe dangerous if you haven't got a Wndows
password?

WTIA.

 

[1PW]

srcmon.exe was found in my Local_settings/Temp file. The Antivirus said it
was undisinfectable. But worse than that, the file wasn't apparent in the
folder given. This had me confused, because I thought Windows would surely
show me a file that existed in that folder. I deleted all the files I could
find that Windows would allow me to, in that folder. Would that have done
the trick (I'm assuming it was there under an alias)? And why should a file
be undisinfectable?

Another anti-virus scan found icon.acad162_icon.exe, which I assume to be to
do with an AutoCAD download; but once again the scanner said it was
undisinfectable, and again Windows searches didn't find it. I can't make
sense of this; and there is no information about that exe file on the 'net.

What ought I do? BTW is srcmon.exe dangerous if you haven't got a Wndows
password?

WTIA.

Please reply with much more system detail than above. OS ? Antimalware?

What exactly told you that an infection exists?

<http://catb.org/~esr/faqs/smart-questions.html>

<http://support.microsoft.com/kb/555375>

 

[Axis]

Please reply with much more system detail than above. OS ?

Windows XP.

Antimalware?

None that I was regularly using.
Now put on Stopzilla.

What exactly told you that an infection exists?

Trendmicro online scan for the icon.acad162_icon.exe and pandasoftware
active scan for scrcom.exe -- or the other way round.
Anyhow, it's this thing of being 'undisinfectable' that I have never come
across before.

 

[David H. Lipman]

From: "Axis" <[email protected]>



| Windows XP.


| None that I was regularly using.
| Now put on Stopzilla.

| Trendmicro online scan for the icon.acad162_icon.exe and pandasoftware
| active scan for scrcom.exe -- or the other way round.
| Anyhow, it's this thing of being 'undisinfectable' that I have never come
| across before.


It means unlike a file where code is prepended, inserted or appended and said code can be
removed, in this case such an action can not be preformed and thus can't be disinfected.
All you can do is delete the file.

 

[Axis]

From: "Axis" <[email protected]>




| Windows XP.



| None that I was regularly using.
| Now put on Stopzilla.


| Trendmicro online scan for the icon.acad162_icon.exe and pandasoftware
| active scan for scrcom.exe -- or the other way round.
| Anyhow, it's this thing of being 'undisinfectable' that I have never
come
| across before.


It means unlike a file where code is prepended, inserted or appended and
said code can be
removed, in this case such an action can not be preformed and thus can't
be disinfected.
All you can do is delete the file.

I need to find it first, but the search doesn't yield.
I see that icon.acad162_icon.exe is in System volume information, for which
access is denied. How come, incidentally, if this is a virus, there is
nothing about it on the 'net?

Cheers.

 

[David H. Lipman]

From: "Axis" <[email protected]>



| I need to find it first, but the search doesn't yield.
| I see that icon.acad162_icon.exe is in System volume information, for which
| access is denied. How come, incidentally, if this is a virus, there is
| nothing about it on the 'net?

| Cheers.

Who said "icon.acad162_icon.exe" is a virus ?

Please submit a sample to Virus Total --
http://www.virustotal.com/flash/index_en.html
The submission will then be tested against many different AV vendor's scanners.
That will give you an idea what it is and who recognizes it. In addition Virus
Total will provide the sample to all participating vendors.

You can also submit a suspect, one at a time, via the following email URL...
mailto:[email protected]?subject=SCAN

When you get the report, please post back the exact results.

 

[Axis]

Possibly hidden.

By I always have 'Show hidden files and folders' selected.

Hidden files may not 'appear' when navigated to or searched for, but
deleting, copying, moving, renaming, or changing the attributes of them by
using the fully qualified path should work despite not being able to 'see'
them.

How would I do that?

No, if the detecting software found it under that name - then that is the
name it has.


If a program is "all bad" (such as most trojans) then disinfecting is
equivalent to deleting - that is to say there is nothing salvageable.

It seems to be a recent fad in anti-virus software. I would happily delete a
trojan if I could.

Could be a false positive declaration. If you don't need the file - delete
it.

I can't because it's in System Volume Information.

Cheers.

 

[Axis]

It looks, from this thread, like a false positive:
http://discussion.autodesk.com/forums/message.jspa?messageID=5644558

 

[FromTheRafters]

By I always have 'Show hidden files and folders' selected.

Still...there's hidden from you and (filtered) hidden even from
administrative tools. )

How would I do that?

The full path to the subject file might have been logged by the
antivirus application, or if your memory serves you, you can just use it

It seems to be a recent fad in anti-virus software. I would happily
delete a trojan if I could.

Once debated here years ago, the AV purists are against disinfection in
favor of replacing files modified by malware with known good backups.
Still, there will always be a need for undoing what malware has done
because there are not always suitable backups to be had.

I can't because it's in System Volume Information.

You can flush your restore points - orjust wait for it to "fall out" as
newer points are added.