Not being able to find virus file

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View


srcmon.exe was found in my Local_settings/Temp file. The Antivirus said it
was undisinfectable. But worse than that, the file wasn't apparent in the
folder given. This had me confused, because I thought Windows would surely
show me a file that existed in that folder. I deleted all the files I could
find that Windows would allow me to, in that folder. Would that have done
the trick (I'm assuming it was there under an alias)? And why should a file
be undisinfectable?

Another anti-virus scan found icon.acad162_icon.exe, which I assume to be to
do with an AutoCAD download; but once again the scanner said it was
undisinfectable, and again Windows searches didn't find it. I can't make
sense of this; and there is no information about that exe file on the 'net.

What ought I do? BTW is srcmon.exe dangerous if you haven't got a Wndows
password?

WTIA.



Re: Not being able to find virus file



Axis wrote:
Quoted text here. Click to load it

Please reply with much more system detail than above.  OS ?  Antimalware?

What exactly told you that an infection exists?

   <http://catb.org/~esr/faqs/smart-questions.html

   <http://support.microsoft.com/kb/555375>


--
1PW

Re: Not being able to find virus file




Quoted text here. Click to load it

Windows XP.


None that I was regularly using.
Now put on Stopzilla.

Quoted text here. Click to load it

Trendmicro online scan for the icon.acad162_icon.exe and pandasoftware
active scan for scrcom.exe -- or the other way round.
Anyhow, it's this thing of being 'undisinfectable' that I have never come
across before.



Re: Not being able to find virus file





Quoted text here. Click to load it





| Windows XP.

Quoted text here. Click to load it


| None that I was regularly using.
| Now put on Stopzilla.

Quoted text here. Click to load it

| Trendmicro online scan for the icon.acad162_icon.exe and pandasoftware
| active scan for scrcom.exe -- or the other way round.
| Anyhow, it's this thing of being 'undisinfectable' that I have never come
| across before.


It means unlike a file where code is prepended, inserted or appended and said
code can be
removed, in this case such an action can not be preformed and thus can't be
disinfected.
All you can do is delete the file.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp



Re: Not being able to find virus file




Quoted text here. Click to load it

I need to find it first, but the search doesn't yield.
I see that icon.acad162_icon.exe is in System volume information, for which
access is denied. How come, incidentally, if this is a virus, there is
nothing about it on the 'net?

Cheers.



Re: Not being able to find virus file






| I need to find it first, but the search doesn't yield.
| I see that icon.acad162_icon.exe is in System volume information, for which
| access is denied. How come, incidentally, if this is a virus, there is
| nothing about it on the 'net?

| Cheers.

Who said "icon.acad162_icon.exe" is a virus ?

Please submit a sample to Virus Total --
http://www.virustotal.com/flash/index_en.html
The submission will then be tested against many different AV vendor's scanners.
That will give you an idea what it is and who recognizes it.  In addition Virus
Total will provide the sample to all participating vendors.

You can also submit a suspect, one at a time, via the following email URL...
mailto:scan@virustotal.com?subject=SCAN

When you get the report, please post back the exact results.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp



Re: Not being able to find virus file



It looks, from this thread, like a false positive:
http://discussion.autodesk.com/forums/message.jspa?messageID=5644558



Re: Not being able to find virus file



Quoted text here. Click to load it

Possibly hidden.

Hidden files may not 'appear' when navigated to or searched for, but
deleting, copying, moving, renaming, or changing the attributes of them
by using the fully qualified path should work despite not being able to
'see' them.

Quoted text here. Click to load it

No, if the detecting software found it under that name - then that is
the name it has.

Quoted text here. Click to load it

If a program is "all bad" (such as most trojans) then disinfecting is
equivalent to deleting - that is to say there is nothing salvageable.

Quoted text here. Click to load it

Could be a false positive declaration. If you don't need the file -
delete it.

Quoted text here. Click to load it

There is no conclusive way to determine if a file is dangerous by the
filename alone. To find more information you will have to locate the
file in question and submit it to further scrutiny.



Re: Not being able to find virus file




Quoted text here. Click to load it

By I always have 'Show hidden files and folders' selected.

Quoted text here. Click to load it

How would I do that?

Quoted text here. Click to load it

It seems to be a recent fad in anti-virus software. I would happily delete a
trojan if I could.

Quoted text here. Click to load it

I can't because it's in System Volume Information.

Cheers.



Re: Not being able to find virus file



Quoted text here. Click to load it

Still...there's hidden from you and (filtered) hidden even from
administrative tools.  :o)

Quoted text here. Click to load it

The full path to the subject file might have been logged by the
antivirus application, or if your memory serves you, you can just use it
to enter "del <the full path to the file> into the command line prompt.

Quoted text here. Click to load it

Once debated here years ago, the AV purists are against disinfection in
favor of replacing files modified by malware with known good backups.
Still, there will always be a need for undoing what malware has done
because there are not always suitable backups to be had.

Quoted text here. Click to load it

You can flush your restore points - orjust wait for it to "fall out" as
newer points are added.



Site Timeline