I had the following nasty incident last night:
After getting a bizarre message indicating that my firewall’s driver was tampered with which crashed my Win98 pc, I rebooted and ran Adaware. As the latter was running, avast flashed a warning that a virus was found. The info given in the popup window was as follows:
File name: C:\WINDOWS\TEMP\AAWTMP\C1824652\324041\PSKILL.EXE
Malware name: Win32:Pskill-E [Tool]
Malware type: Other potentially dangerous program
VPS version: 0638-1, 09/22/2006
Opting to put the virus in the chest (and later to delete the virus) produced the message
Cannot process “C:\WINDOWS\TEMP.…\PSKILL.EXE” file
Thus I was left with no other option but click “No action.” At the same time, attempting to run a boot time scan proved impossible as the respective option was greyed out in the relevant avast window. Is this something that the virus caused or is the boot time scan option unavailable for Win98?
Meanwhile, attempting to navigate to the purported location of the infected file got me only as far as C:\WINDOWS\TEMP\AAWTMP since the AAWTMP folder looks empty despite the fact that under Folder Options > View the “Show All Files” option is ticked.
Googling for PSKILL.EXE produced a lot of entries referring to a tool by Sysinternals whose executable is also named “PSKILL.EXE” and a single entry entry from McAfee recognizing my problem as a trojan (interestingly coded as ‘Egghead’) but offering no removal tool except for paying customers. Further googling unearthed an offer by auditmypc.com to right out all wrongs automatically, which proved to be a real dud. By then it was time to go to bed and entrust matters to the combined hands of this forum first thing in the morning, which I am just doing.
Any leads ?