c:\recycler\S-1-5-21-129_ ... Dc775.zip
in [Anti-Virus]
|
Prev: Rootkit ?
Next: A Steganography sample malware
From: Adam Piggott on 8 Jun 2006 09:44 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Noel Paton wrote: > There are two places that AV's are not allowed to tough - > 1) the System Restore archive > 2) the Recycle bin > Simple as that NOD32 is allowed to touch the recycle bin, there's no reason an AV shouldn't, it's just a hidden directory. If AV were to be excluded from here it would be an easy and hidden way for malware to hide, whereas the System Volume Information folder is only accessible by SYSTEM by default, which reduces the chances of malware being able to write there. Adam Piggott, Proprietor, Proactive Services (Computing). http://www.proactiveservices.co.uk/ Please replace dot invalid with dot uk to email me. Apply personally for PGP public key. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (MingW32) iD8DBQFEiCnJ7uRVdtPsXDkRAoeYAJ9S4OMRUyBJuJO5Hmfla7e81suboACffyjg VLYBBx2o5aN+wKvdz3bcYA0= =RYXR -----END PGP SIGNATURE-----
From: Adam Piggott on 8 Jun 2006 14:36 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Noel Paton wrote: > Sorry - you are right in that (I was in a hurry at the time) - but..... > In NT-based systems the AV may not (probably does not) have sufficient > rights to access the recycle bins for other users, and therefore you > will get this 'error' report. I did think to myself "...or is it just because I've altered something?" :-) The message should be: "If you run as a non-administrator the computer is less prone to collapse and hence your other half might not find you're surfing naughties." -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (MingW32) iD8DBQFEiG487uRVdtPsXDkRAvO6AJwMINmXczuguyvgX0IExp8Awb3IDQCdG0B8 gqJxSMkxINrVrjud3UxM54g= =NUR3 -----END PGP SIGNATURE-----
From: David H. Lipman on 8 Jun 2006 16:49 From: "Adam Piggott" <usenet(a)proactiveservices.co.invalid> | | NOD32 is allowed to touch the recycle bin, there's no reason an AV | shouldn't, it's just a hidden directory. If AV were to be excluded from | here it would be an easy and hidden way for malware to hide, whereas the | System Volume Information folder is only accessible by SYSTEM by default, | which reduces the chances of malware being able to write there. | So does McAfee. -- Dave http://www.claymania.com/removal-trojan-adware.html http://www.ik-cs.com/got-a-virus.htm
From: joboils on 29 Jun 2006 15:19
On Wed, 7 Jun 2006 08:59:10 -0500, "Vanguard" <vanguard.news(a)yahooNIX.com> wrote: ><joboils(a)spam_less_hotmail.com> wrote in message >news:6qbd82di7ahjmlaa364jurkumo5pv8t8gh(a)4ax.com... >> "Noel Paton" wrote: >> >>><joboils(a)spam_less_hotmail.com> wrote ... >>>> My AV software (CA's EZ-Trust) tells me I have - >>>> c:\recycler\S-1-5-21-129_...and_a_huge_string_of_numbers...\Dc775.zip<ref >>>> 7119606.exe> >>>> The software doen't delete it, although that is the setting, and I >>>> can't find the file. >>>> >>>> Can someone help me get rid of this, please? >>> >>>Empty the recycle bin for that account - better still, empty the >>>recycle bin >>>in ALL accounts. >> It's not in the Recycle Bin. As I said, I can't find it. > >You can't see the folder and files under <d:>\Recycler because Explorer >handles "special" folders differently (usually by hiding them although >sometimes the view is altered). You'll need to use a DOS shell with cd >and dir commands with the appropriate command-line switches (like "dir >/ad" to see directories and "dir /ah" to see hidden files). The "Empty >Recycle Bin" property when you right-click on the Recycle Bin desktop >icon may not completely empty the <d:>\Recycler folder(s). In your >case, probably the easiest way to empty the Recycle Bin is to use >CCleaner (aka CrapCleaner). It adds a context menu item for it so you >can easy run it (besides the Start menu group that gets added). > After getting another one, I suddenly thought me of - nswp.com So I ran cmd and used nswp All went well, but it *does* take time to recall the commands. Quite enjoyed it really - took me all the way back to my CP/M days... |