windows prefetch

  • Thread starter Thread starter paul
  • Start date Start date
P

paul

please can anyone tell me if it is safe to delete out of
the prefetch folder. The reason I ask is because I am
having problems with Webdav.exe and tftp2616 errors,
thanks,

paul.
 
Yes,

It is safe to delete the files in prefetch. They are used
by Windows to improve loading of programs. You can delete
all files in prefetch and XP will create them again when
a program is loaded.
 
many thanks Dave.
-----Original Message-----
Yes,

It is safe to delete the files in prefetch. They are used
by Windows to improve loading of programs. You can delete
all files in prefetch and XP will create them again when
a program is loaded.

.
Click to expand...
 
http://www.lurhq.com/webdav.html

if Webdav.exe is in your startup folder you have quite possibly been
infected with a new backdoor trojen. See the posted link for more
details. I personally had to delete webdav.exe from my startup folder
as well as deleting msconfig32.exe from my system32 folder. This
proved a little tricky because webdav.exe appears to infect your PC
with an old trojen that disables your access to regedit.exe and the
task list..

I think this is a new backdoor/trojan. I could not find any other
info besides that page listed above and none of my virus scanning
products (even symantec's online scan) detected the virus.
 
paul said:
please can anyone tell me if it is safe to delete out of
the prefetch folder. The reason I ask is because I am
having problems with Webdav.exe and tftp2616 errors,
thanks,
Click to expand...

Paul,
It sounds like you may have been infected by an IRC DDoS zombie
that is circulating using the Microsoft RPC exploit. It uploads
a trojan to your startup folder as webdav.exe, and may install a
tftp server to serve itself back out to other vulnerable hosts.

You need to make sure you are up-to-date on all your Windows
Update patches, and run a virus scanner with current virus
definitions on your system. You can also manually remove the
trojan; here is what one user told me he did to delete it from
his system:

--------------------------------------------------------------------------
.... I then did the following during a restart, in Windows XP's safe mode:

Deleted WEBDAV.EXE from my windows xp start menu under Startup

Unchecked MSCONFIG32.EXE from my msconfig startup panel

Took the MSCONFIG32.EXE key out of the
HKLM/Software/Microsoft/Windows/Current Version/Run registry entry

Took the MSCONFIG32.EXE key out of the
HKCU/Software/Microsoft/Windows/Current Version/RunOnce registry entry

Then I restarted again into Windows XP Normal mode, so that I could open
regedit, msconfig, and task manager without them disappearing.
---------------------------------------------------------------------------

If your version of the trojan doesn't use the name msconfig32.exe,
open up C:\WINDOWS\system32 in a Windows Explorer session and sort
the files by date. Look for any .exe files in that directory that
are newer than July 27; that is probably your trojan. Send any
suspicious files you find to your AV vendor.

-Joe

Joe Stewart, GCIH
Senior Security Researcher
LURHQ Corporation
http://www.lurhq.com/
 
Back
Top